Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21410 | 1 Oracle | 1 Database | 2022-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-21404 | 1 Oracle | 1 Helidon | 2022-04-27 | 6.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Helidon. Successful attacks of this vulnerability can result in takeover of Helidon. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-7491 | 1 Schneider-electric | 14 Tricon Tcm 4351, Tricon Tcm 4351 Firmware, Tricon Tcm 4351a and 11 more | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4. | |||||
| CVE-2019-0132 | 1 Intel | 1 Unite | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access. | |||||
| CVE-2019-12528 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. | |||||
| CVE-2020-15867 | 1 Gogs | 1 Gogs | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue. | |||||
| CVE-2020-27671 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2022-04-26 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | |||||
| CVE-2020-17526 | 1 Apache | 1 Airflow | 2022-04-26 | 3.5 LOW | 7.7 HIGH |
| Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config. | |||||
| CVE-2021-25653 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. | |||||
| CVE-2022-26903 | 1 Microsoft | 16 Excel, Excel Mobile, Powerpoint and 13 more | 2022-04-26 | 9.3 HIGH | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability. | |||||
| CVE-2022-26901 | 1 Microsoft | 6 365 Apps, Excel, Excel Rt and 3 more | 2022-04-26 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473. | |||||
| CVE-2022-26898 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability. | |||||
| CVE-2022-26831 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| Windows LDAP Denial of Service Vulnerability. | |||||
| CVE-2021-29493 | 1 Kennnyshiwa-cogs Project | 1 Kennnyshiwa-cogs | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable. | |||||
| CVE-2022-26830 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2022-04-25 | 5.1 MEDIUM | 7.5 HIGH |
| DiskUsage.exe Remote Code Execution Vulnerability. | |||||
| CVE-2022-26810 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827. | |||||
| CVE-2022-26924 | 1 Microsoft | 1 Yet Another Reverse Proxy | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| YARP Denial of Service Vulnerability. | |||||
| CVE-2022-26921 | 1 Microsoft | 1 Visual Studio Code | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability. | |||||
| CVE-2022-26919 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 9.3 HIGH | 8.1 HIGH |
| Windows LDAP Remote Code Execution Vulnerability. | |||||
| CVE-2022-26918 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917. | |||||
| CVE-2022-26917 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918. | |||||
| CVE-2022-26916 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918. | |||||
| CVE-2022-26915 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability. | |||||
| CVE-2022-20681 | 1 Cisco | 1 Ios Xe | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device. | |||||
| CVE-2021-1288 | 1 Cisco | 1 Ios Xr | 2022-04-25 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-26788 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| PowerShell Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24549 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Package Manager Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24547 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24546 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24544 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486. | |||||
| CVE-2022-24543 | 1 Microsoft | 1 Windows Upgrade Assistant | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Upgrade Assistant Remote Code Execution Vulnerability. | |||||
| CVE-2022-24542 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474. | |||||
| CVE-2022-24541 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 9.3 HIGH | 8.8 HIGH |
| Windows Server Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-24534 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.5 HIGH |
| Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. | |||||
| CVE-2022-21926 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. | |||||
| CVE-2017-0371 | 1 Mediawiki | 1 Mediawiki | 2022-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. | |||||
| CVE-2022-25255 | 3 Linux, Opengroup, Qt | 3 Linux Kernel, Unix, Qt | 2022-02-28 | 7.2 HIGH | 7.8 HIGH |
| In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | |||||
| CVE-2021-41599 | 1 Github | 1 Enterprise Server | 2022-02-25 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-46062 | 1 Mingsoft | 1 Mcms | 2022-02-25 | 5.8 MEDIUM | 7.1 HIGH |
| MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | |||||
| CVE-2021-46037 | 1 Mingsoft | 1 Mcms | 2022-02-25 | 5.5 MEDIUM | 8.1 HIGH |
| MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | |||||
| CVE-2021-46364 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | |||||
| CVE-2022-21986 | 1 Microsoft | 3 .net, Visual Studio 2019, Visual Studio 2022 | 2022-02-25 | 4.3 MEDIUM | 7.5 HIGH |
| .NET Denial of Service Vulnerability. | |||||
| CVE-2021-39034 | 2 Ibm, Oracle | 2 Mq, Solaris | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964. | |||||
| CVE-2021-23217 | 3 Linux, Microsoft, Nvidia | 65 Linux Kernel, Windows, Geforce Gt 605 and 62 more | 2022-02-24 | 6.9 MEDIUM | 7.5 HIGH |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components. | |||||
| CVE-2021-23201 | 3 Linux, Microsoft, Nvidia | 37 Linux Kernel, Windows, Geforce Gtx 950 and 34 more | 2022-02-24 | 6.9 MEDIUM | 7.5 HIGH |
| NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components. | |||||
| CVE-2022-21991 | 1 Microsoft | 1 Visual Studio Code | 2022-02-24 | 6.8 MEDIUM | 8.1 HIGH |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. | |||||
| CVE-2020-5953 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 6.9 MEDIUM | 7.5 HIGH |
| A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). | |||||
| CVE-2021-43323 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-42113 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 4.6 MEDIUM | 8.2 HIGH |
| An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2022-24069 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||