Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | |||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | |||||
| CVE-2014-3991 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. | |||||
| CVE-2012-1226 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. | |||||
| CVE-2012-1225 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. | |||||
| CVE-2022-3966 | 1 Ultimatemember | 1 Ultimate Member | 2022-11-17 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability. | |||||
| CVE-2022-45195 | 1 Simplex | 2 Simplex Chat, Simplexmq | 2022-11-17 | N/A | 5.3 MEDIUM |
| SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. | |||||
| CVE-2022-39395 | 1 Go-vela | 3 Server, Ui, Worker | 2022-11-17 | N/A | 9.9 CRITICAL |
| Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker's `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed. | |||||
| CVE-2022-45188 | 1 Netatalk Project | 1 Netatalk | 2022-11-17 | N/A | 7.8 HIGH |
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | |||||
| CVE-2022-39393 | 1 Bytecodealliance | 1 Wasmtime | 2022-11-17 | N/A | 8.6 HIGH |
| Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. | |||||
| CVE-2022-26024 | 1 Intel | 22 Nuc7i3dnbe, Nuc7i3dnbe Firmware, Nuc7i3dnhe and 19 more | 2022-11-17 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21794 | 1 Intel | 10 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Business Nuc8i7hnkqc Firmware, Nuc 8 Enthusiast Nuc8i7hvkva and 7 more | 2022-11-17 | N/A | 6.7 MEDIUM |
| Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-30464 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | |||||
| CVE-2022-30459 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | |||||
| CVE-2021-26251 | 1 Intel | 1 Openvino | 2022-11-17 | N/A | 6.5 MEDIUM |
| Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-29893 | 1 Intel | 1 Active Management Technology | 2022-11-17 | N/A | 8.8 HIGH |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-29515 | 1 Intel | 1 Server Platform Services Firmware | 2022-11-17 | N/A | 5.5 MEDIUM |
| Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-29486 | 1 Intel | 1 Hyperscan | 2022-11-17 | N/A | 9.8 CRITICAL |
| Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-26508 | 1 Intel | 1 Server Debug And Provisioning Tool | 2022-11-17 | N/A | 7.5 HIGH |
| Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2022-26124 | 1 Intel | 8 Nuc 8 Rugged Board Nuc8cchbn, Nuc 8 Rugged Board Nuc8cchbn Firmware, Nuc 8 Rugged Kit Nuc8cchkr and 5 more | 2022-11-17 | N/A | 7.8 HIGH |
| Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||