Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40694 | 1 Storeapps | 1 News Announcement Scroll | 2022-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. | |||||
| CVE-2022-40200 | 1 Gvectors | 1 Wpforo Forum | 2022-11-21 | N/A | 8.8 HIGH |
| Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | |||||
| CVE-2022-40192 | 1 Gvectors | 1 Wpforo Forum | 2022-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | |||||
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2022-11-21 | N/A | 6.1 MEDIUM |
| Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
| CVE-2022-42533 | 1 Google | 1 Android | 2022-11-21 | N/A | 7.8 HIGH |
| In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A | |||||
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2022-11-21 | N/A | 8.8 HIGH |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |||||
| CVE-2022-41315 | 1 Ezoic | 1 Ezoic | 2022-11-21 | N/A | 4.8 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
| CVE-2022-43096 | 1 M5t | 2 Mediatrix 4102s, Mediatrix 4102s Firmware | 2022-11-21 | N/A | 6.8 MEDIUM |
| Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. | |||||
| CVE-2022-40735 | 1 Diffie-hellman Key Exchange Project | 1 Diffie-hellman Key Exchange | 2022-11-21 | N/A | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together. | |||||
| CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2022-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||||
| CVE-2022-44204 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2022-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | |||||
| CVE-2022-45471 | 1 Jetbrains | 1 Hub | 2022-11-21 | N/A | 7.5 HIGH |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | |||||
| CVE-2022-43171 | 1 Lief-project | 1 Lief | 2022-11-21 | N/A | 6.5 MEDIUM |
| A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | |||||
| CVE-2019-20798 | 1 Cherokee-project | 1 Cherokee | 2022-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. | |||||
| CVE-2022-44167 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2022-11-21 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. | |||||
| CVE-2020-0971 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974. | |||||
| CVE-2022-44168 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2022-11-21 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. | |||||
| CVE-2020-17506 | 1 Articatech | 1 Web Proxy | 2022-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | |||||
| CVE-2022-44169 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2022-11-21 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. | |||||
| CVE-2022-45012 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | |||||