Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4314 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2022-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | |||||
| CVE-2022-35278 | 2 Apache, Netapp | 3 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation | 2022-12-12 | N/A | 6.1 MEDIUM |
| In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | |||||
| CVE-2022-28958 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. NOTE: this has been disputed by a third party. | |||||
| CVE-2022-1650 | 2 Debian, Eventsource | 2 Debian Linux, Eventsource | 2022-12-12 | 5.8 MEDIUM | 9.3 CRITICAL |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2. | |||||
| CVE-2021-20299 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3478 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. | |||||
| CVE-2021-20296 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | |||||
| CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | |||||
| CVE-2022-34840 | 1 Buffalo | 18 Hw-450hp-zwe, Hw-450hp-zwe Firmware, Wzr-300hp and 15 more | 2022-12-12 | N/A | 6.5 MEDIUM |
| Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier. | |||||
| CVE-2022-45292 | 1 Funkwhale | 1 Funkwhale | 2022-12-12 | N/A | 5.3 MEDIUM |
| User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | |||||
| CVE-2022-34297 | 1 Yiiframework | 1 Gii | 2022-12-12 | N/A | 5.4 MEDIUM |
| Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | |||||
| CVE-2022-23485 | 1 Sentry | 1 Sentry | 2022-12-12 | N/A | 3.7 LOW |
| Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). | |||||
| CVE-2022-4398 | 1 Radare | 1 Radare2 | 2022-12-12 | N/A | 7.8 HIGH |
| Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. | |||||
| CVE-2022-3931 | 2022-12-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-0925 | 2022-12-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2016-0371 | 6 Apple, Hp, Ibm and 3 more | 7 Mac Os X, Hp-ux, Aix and 4 more | 2022-12-12 | 1.9 LOW | 5.5 MEDIUM |
| The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. | |||||
| CVE-2022-37888 | 2 Arubanetworks, Siemens | 56 Ap-103, Ap-114, Ap-115 and 53 more | 2022-12-12 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | |||||
| CVE-2022-28111 | 1 Pagehelper Project | 1 Pagehelper | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | |||||
| CVE-2021-42550 | 4 Netapp, Qos, Redhat and 1 more | 6 Cloud Manager, Service Level Manager, Snap Creator Framework and 3 more | 2022-12-12 | 8.5 HIGH | 6.6 MEDIUM |
| In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | |||||