Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27333 | 1 Idccms Project | 1 Idccms | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. | |||||
| CVE-2022-24125 | 1 Fromsoftware | 1 Dark Souls Iii | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client. | |||||
| CVE-2022-26267 | 1 Piwigo | 1 Piwigo | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | |||||
| CVE-2022-22653 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. | |||||
| CVE-2022-22618 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | |||||
| CVE-2022-22612 | 1 Apple | 6 Ipados, Iphone Os, Itunes and 3 more | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. | |||||
| CVE-2022-22579 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | |||||
| CVE-2022-25364 | 1 Gradle | 1 Enterprise | 2023-08-08 | 9.3 HIGH | 8.1 HIGH |
| In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) | |||||
| CVE-2021-39693 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370 | |||||
| CVE-2021-0957 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550 | |||||
| CVE-2021-30713 | 1 Apple | 2 Mac Os X, Macos | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-38703 | 1 Kpn | 2 Experia Wifi, Experia Wifi Firmware | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090. | |||||
| CVE-2021-33582 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | |||||
| CVE-2021-30966 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. | |||||
| CVE-2021-25263 | 1 Yandex | 1 Yandex Browser | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process. | |||||
| CVE-2021-36792 | 1 Dated News Project | 1 Dated News | 2023-08-08 | 6.4 MEDIUM | 7.2 HIGH |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. | |||||
| CVE-2021-38567 | 2 Foxit, Foxitsoftware | 2 Pdf Reader, Pdf Editor | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204. | |||||
| CVE-2021-32066 | 2 Oracle, Ruby-lang | 2 Jd Edwards Enterpriseone Tools, Ruby | 2023-08-08 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | |||||
| CVE-2021-2351 | 1 Oracle | 110 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 107 more | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2021-26095 | 1 Fortinet | 1 Fortimail | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. | |||||
| CVE-2022-24460 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-08-08 | 7.6 HIGH | 7.0 HIGH |
| Tablet Windows User Interface Application Elevation of Privilege Vulnerability | |||||
| CVE-2022-24459 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Fax and Scan Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-24455 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows CD-ROM Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-24454 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability | |||||
| CVE-2022-23299 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows PDEV Elevation of Privilege Vulnerability | |||||
| CVE-2022-23298 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Windows NT OS Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-23293 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-23291 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-23290 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Inking COM Elevation of Privilege Vulnerability | |||||
| CVE-2022-23288 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2019 | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-23287 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Windows ALPC Elevation of Privilege Vulnerability | |||||
| CVE-2022-23286 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-23284 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-08 | 9.0 HIGH | 7.2 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-22351 | 1 Ibm | 2 Aix, Vios | 2023-08-08 | 7.8 HIGH | 8.6 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 | |||||
| CVE-2022-24921 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Astra Trident | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | |||||
| CVE-2022-25623 | 1 Symantec | 1 Management Agent | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | |||||
| CVE-2022-24986 | 1 Kde | 1 Kcron | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | |||||
| CVE-2022-22308 | 1 Ibm | 1 Planning Analytics | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. | |||||
| CVE-2022-25366 | 1 Cryptomator | 1 Cryptomator | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable. | |||||
| CVE-2022-25335 | 1 Rigoblock | 1 Drago | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs. | |||||
| CVE-2022-23317 | 1 Helpsystems | 1 Cobalt Strike | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | |||||
| CVE-2022-0581 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-45421 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced. | |||||
| CVE-2021-4098 | 1 Google | 1 Chrome | 2023-08-08 | 4.3 MEDIUM | 7.4 HIGH |
| Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-23853 | 1 Kde | 2 Kate, Ktexteditor | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. | |||||
| CVE-2021-39676 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 | |||||
| CVE-2022-23773 | 2 Golang, Netapp | 5 Go, Beegfs Csi Driver, Cloud Insights Telegraf Agent and 2 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. | |||||
| CVE-2022-22718 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-21999 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||