Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2787 | 1 Debian | 2 Debian Linux, Schroot | 2022-11-16 | N/A | 4.3 MEDIUM |
| Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | |||||
| CVE-2021-35937 | 3 Fedoraproject, Redhat, Rpm | 3 Fedora, Enterprise Linux, Rpm | 2022-11-16 | N/A | 6.4 MEDIUM |
| A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-31676 | 6 Debian, Fedoraproject, Linux and 3 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2022-11-16 | N/A | 7.8 HIGH |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | |||||
| CVE-2022-34000 | 1 Libjxl Project | 1 Libjxl | 2022-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2022-11-16 | N/A | 6.5 MEDIUM |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | |||||
| CVE-2022-35737 | 2 Netapp, Sqlite | 2 Ontap Select Deploy Administration Utility, Sqlite | 2022-11-16 | N/A | 7.5 HIGH |
| SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | |||||
| CVE-2022-31001 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2022-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. | |||||
| CVE-2022-31002 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2022-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. | |||||
| CVE-2022-1928 | 1 Gitea | 1 Gitea | 2022-11-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | |||||
| CVE-2022-24883 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2022-11-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. | |||||
| CVE-2022-24882 | 2 Fedoraproject, Freerdp | 3 Extra Packages For Enterprise Linux, Fedora, Freerdp | 2022-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. | |||||
| CVE-2022-44390 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | |||||
| CVE-2022-1210 | 2 Libtiff, Netapp | 2 Libtiff, Ontap Select Deploy Administration Utility | 2022-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-42001 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | |||||
| CVE-2022-3958 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. | |||||
| CVE-2022-3895 | 1 Hallowelt | 2 Bluespice, Common User Interface | 2022-11-16 | N/A | 6.1 MEDIUM |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | |||||
| CVE-2022-3893 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | |||||
| CVE-2022-42000 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | |||||
| CVE-2022-41814 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | |||||
| CVE-2022-41789 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. | |||||