Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2022-11-17 | N/A | 8.8 HIGH |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | |||||
| CVE-2022-42245 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2022-11-17 | N/A | 9.8 CRITICAL |
| Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | |||||
| CVE-2021-38819 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2022-11-17 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. | |||||
| CVE-2022-20854 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2022-11-17 | N/A | 7.5 HIGH |
| A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. | |||||
| CVE-2022-42187 | 1 Hustoj Project | 1 Hustoj | 2022-11-17 | N/A | 6.1 MEDIUM |
| Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. | |||||
| CVE-2022-27895 | 1 Palantir | 1 Foundry Build2 | 2022-11-17 | N/A | 7.5 HIGH |
| Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. | |||||
| CVE-2022-45387 | 1 Jenkins | 1 Bart | 2022-11-17 | N/A | 5.4 MEDIUM |
| Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-0324 | 1 Linuxfoundation | 1 Software For Open Networking In The Cloud | 2022-11-17 | N/A | 7.5 HIGH |
| There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. | |||||
| CVE-2022-45136 | 1 Apache | 1 Jena Sdb | 2022-11-17 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2. | |||||
| CVE-2022-26341 | 1 Intel | 3 Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander | 2022-11-17 | N/A | 8.8 HIGH |
| Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-3992 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-17 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571. | |||||
| CVE-2022-42985 | 1 Scratch-wiki | 1 Scratch Login | 2022-11-17 | N/A | 4.8 MEDIUM |
| The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). | |||||
| CVE-2022-26086 | 1 Intel | 1 Gametechdev Presentmon | 2022-11-17 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26028 | 1 Intel | 1 Vtune Profiler | 2022-11-17 | N/A | 7.3 HIGH |
| Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-44561 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-17 | N/A | 7.5 HIGH |
| The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. | |||||
| CVE-2022-33985 | 1 Insyde | 1 Kernel | 2022-11-17 | N/A | 7.0 HIGH |
| DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055 | |||||
| CVE-2022-24937 | 1 Silabs | 1 Emberznet | 2022-11-17 | N/A | 9.8 CRITICAL |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. | |||||
| CVE-2022-3993 | 1 Kavitareader | 1 Kavita | 2022-11-17 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. | |||||
| CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2022-11-17 | N/A | 7.5 HIGH |
| Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | |||||
| CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2022-11-17 | N/A | 3.3 LOW |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | |||||