Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41611 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. | |||||
| CVE-2022-43263 | 1 Guitar-pro | 1 Guitar Pro | 2022-11-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. | |||||
| CVE-2022-43262 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-11-16 | N/A | 9.8 CRITICAL |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | |||||
| CVE-2022-43256 | 1 Seacms | 1 Seacms | 2022-11-16 | N/A | 9.8 CRITICAL |
| SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | |||||
| CVE-2022-44071 | 1 Tribalsystems | 1 Zenario | 2022-11-16 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | |||||
| CVE-2021-28278 | 1 Jhead Project | 1 Jhead | 2022-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. | |||||
| CVE-2022-44073 | 1 Tribalsystems | 1 Zenario | 2022-11-16 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | |||||
| CVE-2022-44070 | 1 Tribalsystems | 1 Zenario | 2022-11-16 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | |||||
| CVE-2021-28277 | 1 Jhead Project | 1 Jhead | 2022-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. | |||||
| CVE-2022-44069 | 1 Tribalsystems | 1 Zenario | 2022-11-16 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | |||||
| CVE-2021-28276 | 1 Jhead Project | 1 Jhead | 2022-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | |||||
| CVE-2021-28275 | 1 Jhead Project | 1 Jhead | 2022-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | |||||
| CVE-2022-0396 | 4 Fedoraproject, Isc, Netapp and 1 more | 19 Fedora, Bind, Baseboard Management Controller H300e and 16 more | 2022-11-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. | |||||
| CVE-2021-45848 | 2 Fedoraproject, Nicotine-plus | 2 Fedora, Nicotine\+ | 2022-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | |||||
| CVE-2022-24754 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. | |||||
| CVE-2022-34320 | 1 Ibm | 1 Cics Tx | 2022-11-16 | N/A | 7.5 HIGH |
| IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. | |||||
| CVE-2022-0924 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2022-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. | |||||
| CVE-2020-36457 | 1 Lever Project | 1 Lever | 2022-11-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T. | |||||
| CVE-2022-34317 | 1 Ibm | 1 Cics Tx | 2022-11-16 | N/A | 5.4 MEDIUM |
| IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459. | |||||
| CVE-2022-3631 | 1 Digitialpixies | 1 Oauth Client | 2022-11-16 | N/A | 4.8 MEDIUM |
| The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||