Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42978 | 1 Atlassian | 1 Confluence Data Center | 2022-11-16 | N/A | 7.5 HIGH |
| In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | |||||
| CVE-2022-35613 | 1 Konker | 1 Konker Platform | 2022-11-16 | N/A | 8.8 HIGH |
| Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-43695 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 4.8 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-3480 | 1 Phoenixcontact | 62 Fl Mguard Centerport, Fl Mguard Centerport Firmware, Fl Mguard Centerport Vpn-1000 and 59 more | 2022-11-16 | N/A | 7.5 HIGH |
| A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. | |||||
| CVE-2022-43688 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 4.8 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43689 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 5.3 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | |||||
| CVE-2022-40309 | 1 Apache | 1 Archiva | 2022-11-16 | N/A | 4.3 MEDIUM |
| Users with write permissions to a repository can delete arbitrary directories. | |||||
| CVE-2022-40308 | 1 Apache | 1 Archiva | 2022-11-16 | N/A | 7.5 HIGH |
| If anonymous read enabled, it's possible to read the database file directly without logging in. | |||||
| CVE-2022-40405 | 1 Wowonder | 1 Wowonder | 2022-11-16 | N/A | 7.5 HIGH |
| WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. | |||||
| CVE-2022-42977 | 1 Atlassian | 1 Confluence Data Center | 2022-11-16 | N/A | 7.5 HIGH |
| The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. | |||||
| CVE-2022-42984 | 1 Wowonder | 1 Wowonder | 2022-11-16 | N/A | 9.8 CRITICAL |
| WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | |||||
| CVE-2022-27673 | 1 Amd | 1 Amd Link | 2022-11-16 | N/A | 7.5 HIGH |
| Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | |||||
| CVE-2022-38650 | 1 Vmware | 1 Hyperic Server | 2022-11-16 | N/A | 10.0 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-38652 | 1 Vmware | 1 Hyperic Agent | 2022-11-16 | N/A | 9.9 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-38651 | 1 Vmware | 1 Hyperic Server | 2022-11-16 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-43692 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43672 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-11-16 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | |||||
| CVE-2022-43694 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. | |||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||