Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45550 | 1 Ayacms Project | 1 Ayacms | 2022-12-08 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2022-44393 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-08 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | |||||
| CVE-2022-43508 | 1 Omron | 1 Cx-programmer | 2022-12-08 | N/A | 7.8 HIGH |
| Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-43509 | 1 Omron | 1 Cx-programmer | 2022-12-08 | N/A | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-44361 | 1 Zzcms | 1 Zzcms | 2022-12-08 | N/A | 5.4 MEDIUM |
| An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. | |||||
| CVE-2022-46742 | 1 Paddlepaddle | 1 Paddlepaddle | 2022-12-08 | N/A | 9.8 CRITICAL |
| Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | |||||
| CVE-2022-45217 | 1 Book Store Management System Project | 1 Book Store Management System | 2022-12-08 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. | |||||
| CVE-2022-46741 | 1 Paddlepaddle | 1 Paddlepaddle | 2022-12-08 | N/A | 9.1 CRITICAL |
| Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. | |||||
| CVE-2022-4322 | 1 Maku | 1 Maku-boot | 2022-12-08 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | |||||
| CVE-2022-44608 | 1 Cybozu | 1 Cybozu Remote Service | 2022-12-08 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | |||||
| CVE-2019-18265 | 1 Digitalalertsystems | 10 Dasdec I, Dasdec I Firmware, Dasdec Ii and 7 more | 2022-12-08 | N/A | 5.4 MEDIUM |
| Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application. | |||||
| CVE-2022-40204 | 1 Digitalalertsystems | 10 Dasdec I, Dasdec I Firmware, Dasdec Ii and 7 more | 2022-12-08 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login. | |||||
| CVE-2022-35258 | 2 Ivanti, Pulsesecure | 5 Connect Secure, Neurons For Zero-trust Access, Policy Secure and 2 more | 2022-12-08 | N/A | 7.5 HIGH |
| An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | |||||
| CVE-2022-43557 | 1 Bd | 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more | 2022-12-08 | N/A | 5.3 MEDIUM |
| The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | |||||
| CVE-2022-43468 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2022-12-08 | N/A | 7.5 HIGH |
| External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input. | |||||
| CVE-2022-42799 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2022-12-08 | N/A | 6.1 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2022-12-08 | N/A | 6.1 MEDIUM |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-42791 | 1 Apple | 2 Iphone Os, Macos | 2022-12-08 | N/A | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-41211 | 1 Sap | 2 3d Visual Enterprise Author, 3d Visual Enterprise Viewer | 2022-12-08 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured. | |||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2022-12-08 | N/A | 6.1 MEDIUM |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | |||||