Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36884 | 1 Microsoft | 14 Office, Windows 10 1507, Windows 10 1607 and 11 more | 2023-08-08 | N/A | 7.5 HIGH |
| Windows Search Remote Code Execution Vulnerability | |||||
| CVE-2023-38949 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | |||||
| CVE-2023-36135 | 1 Phpjabbers | 1 Class Scheduling System | 2023-08-08 | N/A | 7.5 HIGH |
| User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-32764 | 2 Fabasoft, Microsoft | 4 Cloud, Cloud Enterprise Client, Folio \/ Egov-suite and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. | |||||
| CVE-2023-37498 | 1 Hcltech | 1 Unica | 2023-08-08 | N/A | 8.8 HIGH |
| A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | |||||
| CVE-2022-29849 | 1 Progress | 1 Openedge | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. | |||||
| CVE-2022-22783 | 1 Zoom | 2 Zoom On-premise Meeting Connector Controller, Zoom On-premise Meeting Connector Mmr | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. | |||||
| CVE-2021-40051 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. | |||||
| CVE-2021-40012 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-43888 | 1 Microsoft | 1 Defender For Iot | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Defender for IoT Information Disclosure Vulnerability | |||||
| CVE-2021-39088 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-08-08 | N/A | 7.8 HIGH |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111. | |||||
| CVE-2022-26654 | 1 Pexip | 1 Pexip Infinity | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. | |||||
| CVE-2022-24474 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2022-36120 | 1 Ssctech | 1 Blue Prism Enterprise | 2023-08-08 | N/A | 8.1 HIGH |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. | |||||
| CVE-2022-24475 | 1 Microsoft | 1 Edge Chromium | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-24460 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-08-08 | 7.6 HIGH | 7.0 HIGH |
| Tablet Windows User Interface Application Elevation of Privilege Vulnerability | |||||
| CVE-2022-23284 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-08 | 9.0 HIGH | 7.2 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-26267 | 1 Cpanel | 1 Cpanel | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579). | |||||
| CVE-2021-32415 | 1 Msi | 1 Wrapper | 2023-08-08 | N/A | 7.8 HIGH |
| EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. | |||||
| CVE-2022-26895 | 1 Microsoft | 1 Edge Chromium | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2023-08-08 | N/A | 8.1 HIGH |
| A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | |||||
| CVE-2022-28940 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2023-08-08 | 7.1 HIGH | 7.5 HIGH |
| In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. | |||||
| CVE-2022-27812 | 1 Stormshield | 1 Network Security | 2023-08-08 | N/A | 7.5 HIGH |
| Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | |||||
| CVE-2022-0354 | 1 Lenovo | 1 System Update | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. | |||||
| CVE-2022-24455 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows CD-ROM Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-34296 | 1 Zalando | 1 Skipper | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. | |||||
| CVE-2022-23671 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-35488 | 1 Zammad | 1 Zammad | 2023-08-08 | N/A | 7.5 HIGH |
| In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | |||||
| CVE-2022-22039 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-08-08 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-30226 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 3.6 LOW | 7.1 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-27257 | 1 Hubzilla | 1 Hubzilla | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
| CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||
| CVE-2022-23705 | 1 Hpe | 1 Nimbleos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-33939 | 1 Yokogawa | 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more | 2023-08-08 | N/A | 7.5 HIGH |
| CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. | |||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | |||||
| CVE-2022-36115 | 1 Ssctech | 1 Blue Prism | 2023-08-08 | N/A | 7.1 HIGH |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment. | |||||
| CVE-2022-31672 | 1 Vmware | 1 Vrealize Operations | 2023-08-08 | N/A | 7.2 HIGH |
| VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | |||||
| CVE-2021-26095 | 1 Fortinet | 1 Fortimail | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. | |||||
| CVE-2022-35838 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2023-08-08 | N/A | 7.5 HIGH |
| HTTP V3 Denial of Service Vulnerability | |||||
| CVE-2022-31661 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2021-37133 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-30616 | 1 Ibm | 1 Robotic Process Automation | 2023-08-08 | N/A | 7.2 HIGH |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. | |||||
| CVE-2021-39969 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-39947 | 1 Gitlab | 1 Gitlab Runner | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs | |||||
| CVE-2022-3080 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2023-08-08 | N/A | 7.5 HIGH |
| By sending specific queries to the resolver, an attacker can cause named to crash. | |||||
| CVE-2022-29935 | 1 Usu | 1 Oracle Optimization | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. | |||||
| CVE-2022-25584 | 1 Flexwatch | 2 Fw3170-ps-e, Fw3170-ps-e Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. | |||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-27333 | 1 Idccms Project | 1 Idccms | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. | |||||
| CVE-2022-39182 | 1 Mingham-smith | 1 Tardis 2000 | 2023-08-08 | N/A | 8.8 HIGH |
| H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | |||||