NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-39397 - aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.
Published: November 22, 2022; 4:15:10 PM -0500

V3.1: 4.3 MEDIUM
CVE-2022-38724 - Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
Published: November 22, 2022; 7:15:10 PM -0500

V3.1: 5.4 MEDIUM
CVE-2022-40303 - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offs... read CVE-2022-40303
Published: November 22, 2022; 7:15:11 PM -0500

V3.1: 7.5 HIGH
CVE-2022-4135 - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: November 24, 2022; 8:15:09 PM -0500

V3.1: 9.6 CRITICAL
CVE-2022-41937 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched... read CVE-2022-41937
Published: November 21, 2022; 8:15:36 PM -0500

V3.1: 8.1 HIGH
CVE-2022-41936 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized ... read CVE-2022-41936
Published: November 21, 2022; 8:15:34 PM -0500

V3.1: 7.5 HIGH
CVE-2022-36180 - Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug... read CVE-2022-36180
Published: November 21, 2022; 8:15:31 PM -0500

V3.1: 9.6 CRITICAL
CVE-2022-36227 - In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 rem... read CVE-2022-36227
Published: November 21, 2022; 9:15:11 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-36179 - Fusiondirectory 1.3 suffers from Improper Session Handling.
Published: November 21, 2022; 8:15:30 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-41945 - super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.
Published: November 21, 2022; 6:15:10 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44180 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.
Published: November 21, 2022; 1:15:24 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44178 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.
Published: November 21, 2022; 1:15:23 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44177 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.
Published: November 21, 2022; 1:15:23 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44176 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.
Published: November 21, 2022; 1:15:23 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44175 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.
Published: November 21, 2022; 1:15:22 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44174 - Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.
Published: November 21, 2022; 1:15:22 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44172 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.
Published: November 21, 2022; 1:15:22 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-44171 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.
Published: November 21, 2022; 1:15:22 PM -0500

V3.1: 9.8 CRITICAL
CVE-2022-4066 - A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of re... read CVE-2022-4066
Published: November 19, 2022; 2:15:10 PM -0500

V3.1: 8.2 HIGH
CVE-2022-44183 - Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
Published: November 21, 2022; 1:15:24 PM -0500

V3.1: 9.8 CRITICAL

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database