U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-39397 - aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.
    Published: November 22, 2022; 4:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-38724 - Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
    Published: November 22, 2022; 7:15:10 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2022-40303 - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offs... read CVE-2022-40303
    Published: November 22, 2022; 7:15:11 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-4135 - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: November 24, 2022; 8:15:09 PM -0500

    V3.1: 9.6 CRITICAL

  • CVE-2022-41937 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched... read CVE-2022-41937
    Published: November 21, 2022; 8:15:36 PM -0500

    V3.1: 8.1 HIGH

  • CVE-2022-41936 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized ... read CVE-2022-41936
    Published: November 21, 2022; 8:15:34 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-36180 - Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug... read CVE-2022-36180
    Published: November 21, 2022; 8:15:31 PM -0500

    V3.1: 9.6 CRITICAL

  • CVE-2022-36227 - In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 rem... read CVE-2022-36227
    Published: November 21, 2022; 9:15:11 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-36179 - Fusiondirectory 1.3 suffers from Improper Session Handling.
    Published: November 21, 2022; 8:15:30 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-41945 - super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.
    Published: November 21, 2022; 6:15:10 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44180 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.
    Published: November 21, 2022; 1:15:24 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44178 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.
    Published: November 21, 2022; 1:15:23 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44177 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.
    Published: November 21, 2022; 1:15:23 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44176 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.
    Published: November 21, 2022; 1:15:23 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44175 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.
    Published: November 21, 2022; 1:15:22 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44174 - Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.
    Published: November 21, 2022; 1:15:22 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44172 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.
    Published: November 21, 2022; 1:15:22 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44171 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.
    Published: November 21, 2022; 1:15:22 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-4066 - A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of re... read CVE-2022-4066
    Published: November 19, 2022; 2:15:10 PM -0500

    V3.1: 8.2 HIGH

  • CVE-2022-44183 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
    Published: November 21, 2022; 1:15:24 PM -0500

    V3.1: 9.8 CRITICAL