Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | N/A | 5.5 MEDIUM |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2022-4968 | 1 Canonical | 1 Netplan | 2024-11-21 | N/A | 6.5 MEDIUM |
| netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | |||||
| CVE-2022-4927 | 1 Ualberta | 1 Neosdiscovery | 2024-11-21 | 6.5 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287. | |||||
| CVE-2022-4879 | 1 Forged Alliance Forever Project | 1 Forged Alliance Forever | 2024-11-21 | 4.1 MEDIUM | 4.6 MEDIUM |
| A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555. | |||||
| CVE-2022-4808 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4711 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. | |||||
| CVE-2022-4709 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library. | |||||
| CVE-2022-4708 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed. | |||||
| CVE-2022-4705 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. | |||||
| CVE-2022-4704 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings. | |||||
| CVE-2022-4703 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data. | |||||
| CVE-2022-4702 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues. | |||||
| CVE-2022-4701 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site. | |||||
| CVE-2022-4700 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme. | |||||
| CVE-2022-4613 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275. | |||||
| CVE-2022-4452 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4390 | 1 Netgear | 2 Ax2400, Ax2400 Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. | |||||
| CVE-2022-4170 | 2 Fedoraproject, Rxvt-unicode Project | 3 Extra Packages For Enterprise Linux, Fedora, Rxvt-unicode | 2024-11-21 | N/A | 9.8 CRITICAL |
| The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | |||||
| CVE-2022-4136 | 1 Leadshop | 1 Leadshop | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. | |||||
| CVE-2022-48820 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() This error path needs to decrement "usbphyc->n_pll_cons.counter" before returning. | |||||