Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | |||||
| CVE-2022-37060 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2022-12-12 | N/A | 7.5 HIGH |
| FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. | |||||
| CVE-2022-2996 | 2 Debian, Python-scciclient Project | 2 Debian Linux, Python-scciclient | 2022-12-12 | N/A | 7.4 HIGH |
| A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | |||||
| CVE-2022-34742 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-46741 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity. | |||||
| CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2022-12-12 | N/A | 5.3 MEDIUM |
| PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | |||||
| CVE-2022-33745 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 8.8 HIGH |
| insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. | |||||
| CVE-2021-40012 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2015-4004 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2022-12-12 | 8.5 HIGH | N/A |
| The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. | |||||
| CVE-2022-31799 | 3 Bottlepy, Debian, Fedoraproject | 3 Bottle, Debian Linux, Fedora | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Bottle before 0.12.20 mishandles errors during early request binding. | |||||
| CVE-2022-30168 | 1 Microsoft | 1 Photos | 2022-12-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Photos App Remote Code Execution Vulnerability. | |||||
| CVE-2022-42316 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 6.5 MEDIUM |
| Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction | |||||
| CVE-2022-42315 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 6.5 MEDIUM |
| Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction | |||||
| CVE-2022-42313 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 6.5 MEDIUM |
| Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction | |||||
| CVE-2022-4413 | 1 Nuxt | 1 Framework | 2022-12-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | |||||
| CVE-2022-42312 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 6.5 MEDIUM |
| Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction | |||||
| CVE-2022-33748 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 5.6 MEDIUM |
| lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. | |||||
| CVE-2022-45756 | 1 Sens Project | 1 Sens | 2022-12-12 | N/A | 6.1 MEDIUM |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-45759 | 1 Sens Project | 1 Sens | 2022-12-12 | N/A | 8.8 HIGH |
| SENS v1.0 has a file upload vulnerability. | |||||
| CVE-2022-4147 | 1 Quarkus | 1 Quarkus | 2022-12-12 | N/A | 7.5 HIGH |
| Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request. | |||||