Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2022-11-14 | N/A | 4.2 MEDIUM |
| The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | |||||
| CVE-2022-31691 | 1 Vmware | 5 Bosh Editor, Cloudfoundry Manifest Yml Support, Concourse Ci Pipeline Editor and 2 more | 2022-11-14 | N/A | 9.8 CRITICAL |
| Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. | |||||
| CVE-2021-24144 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-14 | 6.8 MEDIUM | 7.8 HIGH |
| Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | |||||
| CVE-2021-36886 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | |||||
| CVE-2021-36885 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). | |||||
| CVE-2022-37973 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2022-11-14 | N/A | 7.7 HIGH |
| Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998. | |||||
| CVE-2018-6891 | 1 Booking-wp-plugin | 1 Bookly | 2022-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | |||||
| CVE-2021-24930 | 1 Booking-wp-plugin | 1 Bookly | 2022-11-14 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-38034 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-11-14 | N/A | 8.8 HIGH |
| Windows Workstation Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-38022 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-11-14 | N/A | 3.3 LOW |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | |||||
| CVE-2022-37975 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-11-14 | N/A | 8.8 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability. | |||||
| CVE-2022-41035 | 1 Microsoft | 1 Edge Chromium | 2022-11-14 | N/A | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability. | |||||
| CVE-2022-35837 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-11-14 | N/A | 6.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006. | |||||
| CVE-2022-39891 | 1 Samsung | 1 Editor Lite | 2022-11-14 | N/A | 7.5 HIGH |
| Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. | |||||
| CVE-2021-40348 | 2 Spacewalk Project, Uyuni-project | 2 Spacewalk, Uyuni | 2022-11-14 | 9.3 HIGH | 8.8 HIGH |
| Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. | |||||
| CVE-2020-14330 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2022-11-10 | 2.1 LOW | 5.5 MEDIUM |
| An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-30952 | 1 Jenkins | 1 Blue Ocean | 2022-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | |||||
| CVE-2019-11139 | 3 Debian, Intel, Opensuse | 116 Debian Linux, Xeon 3104, Xeon 3104 Firmware and 113 more | 2022-11-10 | 2.1 LOW | 6.0 MEDIUM |
| Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2018-12207 | 8 Canonical, Debian, F5 and 5 more | 1533 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1530 more | 2022-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | |||||
| CVE-2022-41104 | 1 Microsoft | 3 365 Apps, Excel, Office | 2022-11-10 | N/A | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability. | |||||