Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37936 | 1 Elastic | 1 Kibana | 2022-11-22 | N/A | 5.4 MEDIUM |
| It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | |||||
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2022-11-22 | N/A | 5.3 MEDIUM |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | |||||
| CVE-2022-24038 | 1 Karmasis | 1 Infraskope Security Event Manager | 2022-11-22 | N/A | 7.5 HIGH |
| Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed. | |||||
| CVE-2022-24037 | 1 Karmasis | 1 Infraskope Security Event Manager | 2022-11-22 | N/A | 7.5 HIGH |
| Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information. | |||||
| CVE-2022-3090 | 1 Redlion | 1 Crimson | 2022-11-22 | N/A | 5.3 MEDIUM |
| Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. | |||||
| CVE-2022-29277 | 2 Amd, Intel | 78 Genoa, Genoa Firmware, Hygon 1 and 75 more | 2022-11-22 | N/A | 8.8 HIGH |
| Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 | |||||
| CVE-2022-41897 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41896 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-1365 | 1 Cross-fetch Project | 1 Cross-fetch | 2022-11-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | |||||
| CVE-2022-41920 | 1 Lancet Project | 1 Lancet | 2022-11-22 | N/A | 8.8 HIGH |
| Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-32774 | 1 Foxit | 1 Pdf Reader | 2022-11-22 | N/A | 7.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2022-38097 | 1 Foxit | 1 Pdf Reader | 2022-11-22 | N/A | 7.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2022-37332 | 1 Foxit | 1 Pdf Reader | 2022-11-22 | N/A | 7.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2022-36784 | 1 Elsight | 2 Halo, Halo Firmware | 2022-11-22 | N/A | 9.8 CRITICAL |
| Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. | |||||
| CVE-2022-43192 | 1 Dedecms | 1 Dedecms | 2022-11-22 | N/A | 6.7 MEDIUM |
| An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | |||||
| CVE-2022-42903 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-11-22 | N/A | 3.3 LOW |
| Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | |||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2022-11-22 | N/A | 7.8 HIGH |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | |||||
| CVE-2022-40903 | 1 Aiphone | 8 Gt-db-vn, Gt-db-vn Firmware, Gt-dmb and 5 more | 2022-11-22 | N/A | 6.5 MEDIUM |
| Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. | |||||
| CVE-2022-28768 | 1 Zoom | 1 Meetings | 2022-11-22 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. | |||||
| CVE-2022-36786 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2022-11-22 | N/A | 9.9 CRITICAL |
| DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | |||||