Security Vulnerabilities - CVEs Published In 2022
Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.009
Published
2022-12-13
Windows Graphics Component Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.009
Published
2022-12-13
PowerShell Remote Code Execution Vulnerability
CVSS Score
8.5
EPSS Score
0.354
Published
2022-12-13
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-12-13
A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-13
A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-12-13
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-13
A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-13
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
4.5
EPSS Score
0.001
Published
2022-12-13
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-13