Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46051 | 1 Aerocms Project | 1 Aerocms | 2022-12-15 | N/A | 7.2 HIGH |
| The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | |||||
| CVE-2022-43517 | 1 Siemens | 1 Star-ccm\+ | 2022-12-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. | |||||
| CVE-2022-44575 | 1 Siemens | 1 Plm Help Server | 2022-12-15 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. | |||||
| CVE-2021-41943 | 1 Logrhythm | 1 Logrhythm | 2022-12-15 | N/A | 6.1 MEDIUM |
| Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field. | |||||
| CVE-2022-45269 | 1 Gmaolinx | 1 Linx Sphere | 2022-12-15 | N/A | 7.5 HIGH |
| A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. | |||||
| CVE-2022-42446 | 1 Hcltech | 1 Sametime | 2022-12-15 | N/A | 6.5 MEDIUM |
| Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. | |||||
| CVE-2022-3605 | 1 Wp Csv Exporter Project | 1 Wp Csv Exporter | 2022-12-15 | N/A | 7.8 HIGH |
| The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. | |||||
| CVE-2022-3882 | 1 Wp-memory Project | 1 Wp-memory | 2022-12-15 | N/A | 6.5 MEDIUM |
| The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-3996 | 1 Openssl | 1 Openssl | 2022-12-15 | N/A | 7.5 HIGH |
| If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions. | |||||
| CVE-2022-31699 | 1 Vmware | 2 Cloud Foundation, Esxi | 2022-12-15 | N/A | 3.3 LOW |
| VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | |||||
| CVE-2022-3879 | 1 Car Dealer Project | 1 Car Dealer | 2022-12-15 | N/A | 6.5 MEDIUM |
| The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
| CVE-2022-31698 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-12-15 | N/A | 5.3 MEDIUM |
| The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | |||||
| CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-12-15 | N/A | 5.5 MEDIUM |
| The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | |||||
| CVE-2022-27581 | 1 Sick | 24 Rfu610-10600, Rfu610-10600 Firmware, Rfu610-10601 and 21 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-33238 | 1 Qualcomm | 568 Apq8009, Apq8009 Firmware, Apq8017 and 565 more | 2022-12-15 | N/A | 7.5 HIGH |
| Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-33268 | 1 Qualcomm | 190 Apq8009, Apq8009 Firmware, Apq8017 and 187 more | 2022-12-15 | N/A | 8.1 HIGH |
| Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-33235 | 1 Qualcomm | 492 Apq8009, Apq8009 Firmware, Apq8096au and 489 more | 2022-12-15 | N/A | 7.5 HIGH |
| Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-41079 | 1 Microsoft | 1 Exchange Server | 2022-12-15 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078. | |||||
| CVE-2022-41078 | 1 Microsoft | 1 Exchange Server | 2022-12-15 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079. | |||||
| CVE-2022-38042 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-12-15 | N/A | 7.1 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability. | |||||