Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2022-12-05 | N/A | 9.8 CRITICAL |
| D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | |||||
| CVE-2022-41968 | 1 Nextcloud | 1 Nextcloud Server | 2022-12-05 | N/A | 5.3 MEDIUM |
| Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available. | |||||
| CVE-2022-44930 | 1 D-link | 2 Dhp-w310av, Dhp-w310av Firmware | 2022-12-05 | N/A | 9.8 CRITICAL |
| D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | |||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2022-12-05 | N/A | 9.8 CRITICAL |
| Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. | |||||
| CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2022-12-05 | N/A | 2.7 LOW |
| Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | |||||
| CVE-2022-4270 | 1 M-files | 1 M-files Server | 2022-12-05 | N/A | 2.6 LOW |
| Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | |||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-05 | N/A | 8.8 HIGH |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-05 | N/A | 7.2 HIGH |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-45215 | 1 Book Store Management System Project | 1 Book Store Management System | 2022-12-05 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | |||||
| CVE-2022-45640 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-12-05 | N/A | 7.5 HIGH |
| Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | |||||
| CVE-2022-46159 | 1 Discourse | 1 Discourse | 2022-12-05 | N/A | 4.3 MEDIUM |
| Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. | |||||
| CVE-2022-3226 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-05 | N/A | 7.2 HIGH |
| An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-4257 | 1 Cdatatec | 1 C-data Web Management System | 2022-12-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631. | |||||
| CVE-2022-45480 | 1 Beappsmobile | 1 Pc Keyboard Wifi \& Bluetooth | 2022-12-05 | N/A | 5.9 MEDIUM |
| PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2022-12-05 | N/A | 9.8 CRITICAL |
| Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||
| CVE-2022-37017 | 1 Broadcom | 1 Symantec Endpoint Protection | 2022-12-05 | N/A | 7.5 HIGH |
| Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | |||||
| CVE-2022-45483 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2022-12-05 | N/A | 5.9 MEDIUM |
| Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2022-12-05 | N/A | 9.8 CRITICAL |
| Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2022-4271 | 1 Enhancesoft | 1 Osticket | 2022-12-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. | |||||
| CVE-2022-30528 | 1 Isic.lk Project | 1 Isic.lk | 2022-12-05 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | |||||