Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42989 | 1 Sankhya | 1 Sankhya Om | 2022-11-23 | N/A | 9.0 CRITICAL |
| ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. | |||||
| CVE-2022-44184 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. | |||||
| CVE-2022-44200 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. | |||||
| CVE-2022-44199 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | |||||
| CVE-2022-44198 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. | |||||
| CVE-2020-23582 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2022-11-23 | N/A | 6.5 MEDIUM |
| A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | |||||
| CVE-2022-4105 | 1 Kiwitcms | 1 Kiwi Tcms | 2022-11-23 | N/A | 5.4 MEDIUM |
| A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. | |||||
| CVE-2022-43673 | 1 Wire | 1 Wire | 2022-11-23 | N/A | 4.7 MEDIUM |
| Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. | |||||
| CVE-2022-41883 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-43308 | 1 Intelbras | 4 Sg 2404 Mr, Sg 2404 Mr Firmware, Sg 2404 Poe and 1 more | 2022-11-23 | N/A | 7.8 HIGH |
| INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. | |||||
| CVE-2022-41634 | 1 Maxfoundry | 1 Media Library Folders | 2022-11-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | |||||
| CVE-2022-38462 | 1 Silverstripe | 1 Framework | 2022-11-23 | N/A | 6.1 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | |||||
| CVE-2022-38755 | 1 Microfocus | 1 Filr | 2022-11-23 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. | |||||
| CVE-2022-3618 | 1 Clevelandwebdeveloper | 1 Spacer | 2022-11-23 | N/A | 4.8 MEDIUM |
| The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-41643 | 1 Accessibility Project | 1 Accessibility | 2022-11-23 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. | |||||
| CVE-2022-41655 | 1 Algolplus | 1 Phone Orders For Woocommerce | 2022-11-23 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. | |||||
| CVE-2022-41885 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-1579 | 1 Gunkastudios | 1 Login Block Ips | 2022-11-23 | N/A | 7.5 HIGH |
| The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. | |||||
| CVE-2022-29279 | 1 Insyde | 1 Kernel | 2022-11-23 | N/A | 8.2 HIGH |
| Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 | |||||
| CVE-2022-30772 | 1 Insyde | 1 Kernel | 2022-11-23 | N/A | 8.2 HIGH |
| Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 | |||||