Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3821 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2022-12-02 | N/A | 5.5 MEDIUM |
| An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | |||||
| CVE-2022-42801 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-12-02 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-45063 | 2 Fedoraproject, Invisible-island | 2 Fedora, Xterm | 2022-12-02 | N/A | 9.8 CRITICAL |
| xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. | |||||
| CVE-2021-25745 | 1 Kubernetes | 1 Ingress-nginx | 2022-12-02 | 5.5 MEDIUM | 8.1 HIGH |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | |||||
| CVE-2021-24957 | 1 Advanced Page Visit Counter Project | 1 Advanced Page Visit Counter | 2022-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2022-29548 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2022-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | |||||
| CVE-2021-44519 | 1 Citrix | 1 Xenmobile Server | 2022-12-02 | 6.0 MEDIUM | 8.8 HIGH |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | |||||
| CVE-2022-29281 | 1 Notable | 1 Notable | 2022-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | |||||
| CVE-2022-26151 | 1 Citrix | 1 Xenmobile Server | 2022-12-02 | 9.0 HIGH | 7.2 HIGH |
| Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. | |||||
| CVE-2019-4481 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. | |||||
| CVE-2019-4460 | 1 Ibm | 1 Api Connect | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681. | |||||
| CVE-2019-4433 | 1 Ibm | 2 Infosphere Global Name Management, Infosphere Identity Insight | 2022-12-02 | 6.4 MEDIUM | 8.2 HIGH |
| IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890. | |||||
| CVE-2019-4425 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-12-02 | 3.5 LOW | 5.7 MEDIUM |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. | |||||
| CVE-2019-5444 | 1 Serve-here.js Project | 1 Serve-here.js | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. | |||||
| CVE-2019-4357 | 1 Ibm | 1 Spectrum Protect Plus | 2022-12-02 | 7.2 HIGH | 6.7 MEDIUM |
| When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, | |||||
| CVE-2019-4403 | 1 Ibm | 1 Connections | 2022-12-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264. | |||||
| CVE-2019-4424 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-12-02 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. | |||||
| CVE-2019-4340 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2022-12-02 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. | |||||
| CVE-2019-5457 | 1 Min-http-server Project | 1 Min-http-server | 2022-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | |||||
| CVE-2019-4338 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. | |||||