Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12861 | 3 Canonical, Opensuse, Sane-project | 3 Ubuntu Linux, Leap, Sane Backends | 2022-11-21 | 7.9 HIGH | 8.8 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | |||||
| CVE-2020-25596 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2022-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability. | |||||
| CVE-2020-13948 | 1 Apache | 1 Superset | 2022-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. | |||||
| CVE-2020-24609 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2022-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. | |||||
| CVE-2020-12460 | 3 Debian, Fedoraproject, Trusteddomain | 3 Debian Linux, Fedora, Opendmarc | 2022-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. | |||||
| CVE-2022-4070 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 9.8 CRITICAL |
| Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-4069 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-4067 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2022-11-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
| CVE-2022-3562 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-3561 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-3525 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-3516 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-43183 | 1 Xuxueli | 1 Xxl-job | 2022-11-20 | N/A | 8.8 HIGH |
| XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | |||||
| CVE-2022-44378 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-20 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | |||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2022-11-20 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-43463 | 1 Yikesinc | 1 Custom Product Tabs For Woocommerce | 2022-11-20 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. | |||||
| CVE-2022-40686 | 1 Constantcontact | 1 Creative Mail | 2022-11-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | |||||
| CVE-2022-44379 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-20 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-41609 | 1 Wordplus | 1 Better Messages | 2022-11-20 | N/A | 8.8 HIGH |
| Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. | |||||