Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2022-11-17 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||
| CVE-2022-29466 | 1 Intel | 1 Server Platform Services Firmware | 2022-11-17 | N/A | 5.5 MEDIUM |
| Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-28667 | 1 Intel | 28 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 25 more | 2022-11-17 | N/A | 6.5 MEDIUM |
| Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-43687 | 1 Concretecms | 1 Concrete Cms | 2022-11-17 | N/A | 5.4 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-27638 | 1 Intel | 1 Advanced Link Analyzer | 2022-11-17 | N/A | 7.8 HIGH |
| Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-43691 | 1 Concretecms | 1 Concrete Cms | 2022-11-17 | N/A | 5.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. | |||||
| CVE-2022-37603 | 1 Webpack.js | 1 Loader-utils | 2022-11-17 | N/A | 7.5 HIGH |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | |||||
| CVE-2021-33164 | 1 Intel | 8 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 5 more | 2022-11-17 | N/A | 6.7 MEDIUM |
| Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27499 | 1 Intel | 1 Sgx Sdk | 2022-11-17 | N/A | 4.4 MEDIUM |
| Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-26845 | 1 Intel | 1 Active Management Technology | 2022-11-17 | N/A | 9.8 CRITICAL |
| Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-27497 | 1 Intel | 1 Active Management Technology | 2022-11-17 | N/A | 7.5 HIGH |
| Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-3240 | 1 Follow Me Plugin Project | 1 Follow Me Plugin | 2022-11-16 | N/A | 8.8 HIGH |
| The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-30769 | 1 Zoneminder | 1 Zoneminder | 2022-11-16 | N/A | 4.6 MEDIUM |
| Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. | |||||
| CVE-2020-12507 | 1 Badgermeter | 1 Moni\ | 2022-11-16 | N/A | 8.8 HIGH |
| In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. | |||||
| CVE-2022-43690 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 6.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43295 | 1 Xpdfreader | 1 Xpdf | 2022-11-16 | N/A | 5.5 MEDIUM |
| XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. | |||||
| CVE-2020-12508 | 1 Badgermeter | 1 Moni\ | 2022-11-16 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. | |||||
| CVE-2022-2166 | 1 Joinmastodon | 1 Mastodon | 2022-11-16 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | |||||
| CVE-2022-43265 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-16 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2022-11-16 | N/A | 7.2 HIGH |
| LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | |||||