Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4059 | 1 Coturn Project | 1 Coturn | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server. | |||||
| CVE-2018-4056 | 2 Coturn Project, Debian | 2 Coturn, Debian Linux | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. | |||||
| CVE-2018-4014 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | |||||
| CVE-2022-24422 | 1 Dell | 1 Idrac9 | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. | |||||
| CVE-2020-6061 | 4 Canonical, Coturn Project, Debian and 1 more | 4 Ubuntu Linux, Coturn, Debian Linux and 1 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | |||||
| CVE-2020-6058 | 1 Minisnmpd Project | 1 Minisnmpd | 2022-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. | |||||
| CVE-2018-4031 | 1 Getcujo | 1 Smart Firewall | 2022-06-07 | 10.0 HIGH | 10.0 CRITICAL |
| An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. | |||||
| CVE-2018-4029 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution. | |||||
| CVE-2018-4023 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. | |||||
| CVE-2018-4018 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. | |||||
| CVE-2022-29223 | 1 Microsoft | 1 Azure Rtos Usbx | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10. | |||||
| CVE-2021-32935 | 1 Cognex | 1 In-sight Opc Server | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | |||||
| CVE-2022-21831 | 1 Rubyonrails | 1 Active Storage | 2022-06-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | |||||
| CVE-2021-32941 | 1 Annke | 2 N48pbb, N48pbb Firmware | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). | |||||
| CVE-2022-31267 | 1 Gitblit | 1 Gitblit | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value. | |||||
| CVE-2020-4926 | 2 Ibm, Linux | 3 Elastic Storage System, Spectrum Scale, Linux Kernel | 2022-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600. | |||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2022-06-07 | 8.5 HIGH | 9.9 CRITICAL |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | |||||
| CVE-2022-1360 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. | |||||
| CVE-2022-1357 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. | |||||
| CVE-2020-12501 | 2 Korenix, Pepperl-fuchs | 52 Jetnet4510, Jetnet4510 Firmware, Jetnet4706 and 49 more | 2022-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | |||||
| CVE-2015-5211 | 2 Debian, Vmware | 2 Debian Linux, Spring Framework | 2022-06-05 | 9.3 HIGH | 9.6 CRITICAL |
| Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. | |||||
| CVE-2016-1453 | 1 Cisco | 1 Nx-os | 2022-06-05 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. | |||||
| CVE-2022-24754 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-05 | 7.5 HIGH | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. | |||||
| CVE-2022-21722 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. | |||||
| CVE-2021-43299 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-05 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||||
| CVE-2021-22160 | 1 Apache | 1 Pulsar | 2022-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). | |||||
| CVE-2021-25149 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2017-2869 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2868 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2867 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2853 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2019-19919 | 2 Handlebars.js Project, Tenable | 2 Handlebars.js, Tenable.sc | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. | |||||
| CVE-2020-14871 | 1 Oracle | 1 Solaris | 2022-06-03 | 10.0 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-4992 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations. | |||||
| CVE-2020-6072 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. | |||||
| CVE-2022-30525 | 1 Zyxel | 32 Atp100, Atp100 Firmware, Atp100w and 29 more | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | |||||
| CVE-2021-46422 | 1 Telesquare | 2 Sdt-cs3b1, Sdt-cs3b1 Firmware | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | |||||
| CVE-2021-42654 | 1 Sscms | 1 Siteserver Cms | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | |||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2022-06-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | |||||
| CVE-2011-4372 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. | |||||
| CVE-2020-17530 | 2 Apache, Oracle | 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. | |||||
| CVE-2011-4373 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. | |||||
| CVE-2022-29599 | 1 Apache | 1 Maven Shared Utils | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | |||||
| CVE-2022-28862 | 1 Archibus | 1 Web Central | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. | |||||
| CVE-2022-30595 | 1 Python | 1 Pillow | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | |||||
| CVE-2019-17124 | 1 Kramerav | 1 Viaware | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | |||||
| CVE-2022-29379 | 1 F5 | 1 Njs | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release. | |||||
| CVE-2022-26694 | 1 Apple | 1 Macos | 2022-06-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. | |||||
| CVE-2022-26693 | 1 Apple | 1 Macos | 2022-06-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. | |||||
| CVE-2021-43303 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied | |||||