Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3262 | 1 Redhat | 1 Openshift | 2022-12-12 | N/A | 8.1 HIGH |
| A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. | |||||
| CVE-2022-41802 | 1 Openharmony | 1 Openharmony | 2022-12-12 | N/A | 3.3 LOW |
| Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | |||||
| CVE-2022-44455 | 1 Openharmony | 1 Openharmony | 2022-12-12 | N/A | 7.8 HIGH |
| The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. | |||||
| CVE-2022-4122 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2022-12-12 | N/A | 5.3 MEDIUM |
| A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | |||||
| CVE-2022-4123 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2022-12-12 | N/A | 3.3 LOW |
| A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | |||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2022-12-12 | N/A | 5.4 MEDIUM |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | |||||
| CVE-2022-4366 | 1 Daloradius | 1 Daloradius | 2022-12-12 | N/A | 7.5 HIGH |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch. | |||||
| CVE-2022-23475 | 1 Daloradius | 1 Daloradius | 2022-12-12 | N/A | 8.8 HIGH |
| daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy. | |||||
| CVE-2022-41800 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-12-12 | N/A | 8.7 HIGH |
| In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-45910 | 1 Apache | 1 Manifoldcf | 2022-12-12 | N/A | 5.3 MEDIUM |
| Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | |||||
| CVE-2022-45122 | 1 Sixapart | 1 Movable Type | 2022-12-12 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2020-36565 | 2 Labstack, Microsoft | 2 Echo, Windows | 2022-12-12 | N/A | 5.3 MEDIUM |
| Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | |||||
| CVE-2022-45113 | 1 Sixapart | 1 Movable Type | 2022-12-12 | N/A | 6.5 MEDIUM |
| Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | |||||
| CVE-2022-43668 | 1 Typora | 1 Typora | 2022-12-12 | N/A | 6.1 MEDIUM |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | |||||
| CVE-2022-41720 | 2 Golang, Microsoft | 2 Go, Windows | 2022-12-12 | N/A | 7.5 HIGH |
| On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. | |||||
| CVE-2022-44373 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2022-12-12 | N/A | 8.8 HIGH |
| A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. | |||||
| CVE-2022-4341 | 1 Coder-chain Gdut Project | 1 Coder-chain Gdut | 2022-12-12 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095. | |||||
| CVE-2022-23471 | 1 Linuxfoundation | 1 Containerd | 2022-12-12 | N/A | 6.5 MEDIUM |
| containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. | |||||
| CVE-2022-43660 | 1 Sixapart | 1 Movable Type | 2022-12-12 | N/A | 7.2 HIGH |
| Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | |||||
| CVE-2022-42486 | 1 Basercms | 1 Basercms | 2022-12-12 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||