Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33743 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2022-07-27 | 4.6 MEDIUM | 7.8 HIGH |
| network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. | |||||
| CVE-2022-21562 | 1 Oracle | 1 Soa Suite | 2022-07-26 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Fabric Layer). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2022-21566 | 1 Oracle | 1 Applications Framework | 2022-07-26 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.9-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-21567 | 1 Oracle | 1 Workflow | 2022-07-26 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-21570 | 1 Oracle | 1 Coherence | 2022-07-26 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2022-07-26 | N/A | 8.8 HIGH |
| Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | |||||
| CVE-2022-33903 | 1 Torproject | 1 Tor | 2022-07-25 | N/A | 7.5 HIGH |
| Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | |||||
| CVE-2021-44954 | 1 Qvis | 4 Dvr, Dvr Firmware, Nvr and 1 more | 2022-07-25 | N/A | 7.8 HIGH |
| In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. | |||||
| CVE-2022-21558 | 1 Oracle | 1 Crystal Ball | 2022-07-25 | N/A | 7.8 HIGH |
| Vulnerability in the Oracle Crystal Ball product of Oracle Construction and Engineering (component: Installation). Supported versions that are affected are 11.1.2.0.000-11.1.2.4.900. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Crystal Ball executes to compromise Oracle Crystal Ball. While the vulnerability is in Oracle Crystal Ball, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Crystal Ball. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21571 | 1 Oracle | 1 Vm Virtualbox | 2022-07-25 | N/A | 8.2 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.36. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21544 | 1 Oracle | 1 Flexcube Universal Banking | 2022-07-25 | N/A | 7.1 HIGH |
| Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1-12.4, 14.0-14.3 and 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-21552 | 1 Oracle | 1 Webcenter Content | 2022-07-25 | N/A | 7.2 HIGH |
| Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Search). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). | |||||
| CVE-2022-29885 | 1 Apache | 1 Tomcat | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. | |||||
| CVE-2021-43396 | 1 Gnu | 1 Glibc | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug." | |||||
| CVE-2020-29396 | 2 Odoo, Python | 2 Odoo, Python | 2022-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. | |||||
| CVE-2021-22048 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | |||||
| CVE-2022-36127 | 1 Apache | 1 Skywalking | 2022-07-25 | N/A | 7.5 HIGH |
| A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. | |||||
| CVE-2022-34031 | 1 F5 | 1 Njs | 2022-07-25 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. | |||||
| CVE-2022-34030 | 1 F5 | 1 Njs | 2022-07-25 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. | |||||
| CVE-2022-34032 | 1 F5 | 1 Njs | 2022-07-25 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | |||||
| CVE-2022-34028 | 1 F5 | 1 Njs | 2022-07-25 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. | |||||
| CVE-2022-34027 | 1 F5 | 1 Njs | 2022-07-25 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | |||||
| CVE-2022-31208 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-25 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. | |||||
| CVE-2022-32387 | 1 Kentico | 1 Kentico | 2022-07-25 | N/A | 7.5 HIGH |
| In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler. | |||||
| CVE-2022-21514 | 1 Oracle | 1 Solaris | 2022-07-23 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-21516 | 1 Oracle | 1 Enterprise Manager Base Platform | 2022-07-23 | N/A | 7.3 HIGH |
| Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2022-21524 | 1 Oracle | 1 Solaris | 2022-07-23 | N/A | 7.6 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris as well as unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). | |||||
| CVE-2022-21513 | 1 Oracle | 1 Zfs Storage Appliance Kit | 2022-07-23 | N/A | 8.2 HIGH |
| Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. While the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21429 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-07-23 | N/A | 8.1 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-21542 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2022-07-23 | N/A | 7.4 HIGH |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). | |||||
| CVE-2022-21536 | 1 Oracle | 1 Enterprise Manager Base Platform | 2022-07-23 | N/A | 8.1 HIGH |
| Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-25891 | 1 Containrrr | 1 Shoutrrr | 2022-07-21 | N/A | 7.5 HIGH |
| The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages. | |||||
| CVE-2021-1074 | 1 Nvidia | 1 Gpu Display Driver | 2022-07-21 | 6.9 MEDIUM | 7.3 HIGH |
| NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure. | |||||
| CVE-2022-28876 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Cloud Protection For Salesforce and 5 more | 2022-07-21 | N/A | 7.5 HIGH |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2020-6919 | 1 Hp | 1 Support Assistant | 2022-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2020-6918 | 1 Hp | 1 Support Assistant | 2022-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2020-6917 | 1 Hp | 1 Support Assistant | 2022-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2020-6922 | 1 Hp | 1 Support Assistant | 2022-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2020-6921 | 1 Hp | 1 Support Assistant | 2022-07-20 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2022-33633 | 1 Microsoft | 2 Lync Server, Skype For Business | 2022-07-20 | 6.5 MEDIUM | 7.2 HIGH |
| Skype for Business and Lync Remote Code Execution Vulnerability. | |||||
| CVE-2022-30202 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22037, CVE-2022-30224. | |||||
| CVE-2022-30203 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 4.6 MEDIUM | 7.4 HIGH |
| Windows Boot Manager Security Feature Bypass Vulnerability. | |||||
| CVE-2022-30206 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 7.2 HIGH | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226. | |||||
| CVE-2022-30209 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 5.8 MEDIUM | 7.4 HIGH |
| Windows IIS Server Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30211 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. | |||||
| CVE-2022-30215 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-07-20 | 8.5 HIGH | 7.5 HIGH |
| Active Directory Federation Services Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30222 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-07-20 | 4.6 MEDIUM | 8.4 HIGH |
| Windows Shell Remote Code Execution Vulnerability. | |||||
| CVE-2022-30221 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-07-20 | 5.1 MEDIUM | 8.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability. | |||||
| CVE-2022-30220 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. | |||||
| CVE-2022-22460 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-07-20 | N/A | 7.5 HIGH |
| IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013. | |||||