Total
1438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39913 | 1 Google | 1 Android | 2022-12-12 | N/A | 3.3 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. | |||||
| CVE-2022-39903 | 1 Google | 1 Android | 2022-12-12 | N/A | 3.3 LOW |
| Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. | |||||
| CVE-2022-3024 | 1 Simple Bitcoin Faucets Project | 1 Simple Bitcoin Faucets | 2022-12-09 | N/A | 5.4 MEDIUM |
| The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-25097 | 1 Creativityjuice | 1 Labtools | 2022-12-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | |||||
| CVE-2021-38503 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 7.5 HIGH | 10.0 CRITICAL |
| The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2020-14321 | 1 Moodle | 1 Moodle | 2022-12-08 | N/A | 8.8 HIGH |
| In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | |||||
| CVE-2022-44039 | 1 Franklinfueling | 1 Colibri Firmware | 2022-12-07 | N/A | 9.8 CRITICAL |
| Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ΒΆΒΆ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password. | |||||
| CVE-2022-41970 | 1 Nextcloud | 1 Nextcloud Server | 2022-12-06 | N/A | 5.3 MEDIUM |
| Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available. | |||||
| CVE-2022-29218 | 1 Rubygems | 1 Rubygems.org | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue. | |||||
| CVE-2020-35501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-12-02 | 3.6 LOW | 3.4 LOW |
| A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | |||||
| CVE-2022-24189 | 1 Sz-fujia | 1 Ourphoto | 2022-12-01 | N/A | 6.5 MEDIUM |
| The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users. | |||||
| CVE-2019-7304 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2022-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. | |||||
| CVE-2017-2599 | 1 Jenkins | 1 Jenkins | 2022-11-30 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321). | |||||
| CVE-2022-1365 | 1 Cross-fetch Project | 1 Cross-fetch | 2022-11-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | |||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2022-11-21 | 9.0 HIGH | 8.8 HIGH |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2021-36778 | 1 Suse | 1 Rancher | 2022-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | |||||
| CVE-2022-39385 | 1 Discourse | 1 Discourse | 2022-11-17 | N/A | 6.5 MEDIUM |
| Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed. | |||||
| CVE-2022-42978 | 1 Atlassian | 1 Confluence Data Center | 2022-11-17 | N/A | 7.5 HIGH |
| In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | |||||
| CVE-2022-39388 | 1 Istio | 1 Istio | 2022-11-15 | N/A | 3.5 LOW |
| Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2022-24714 | 1 Icinga | 1 Icinga Web 2 | 2022-11-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. | |||||