Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0470 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0610 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2023-08-08 | 5.5 MEDIUM | 7.1 HIGH |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | |||||
| CVE-2022-25915 | 1 Elecom | 46 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wmc-2hc-w and 43 more | 2023-08-08 | 5.8 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. | |||||
| CVE-2022-28128 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2022-26019 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2023-08-08 | 8.5 HIGH | 8.8 HIGH |
| Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | |||||
| CVE-2022-25348 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2022-20002 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 | |||||
| CVE-2021-39762 | 1 Google | 1 Android | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 | |||||
| CVE-2022-23345 | 1 Bigantsoft | 1 Bigant Server | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. | |||||
| CVE-2022-25766 | 1 Ungit Project | 1 Ungit | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution. | |||||
| CVE-2022-24237 | 1 Snapt | 1 Aria | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. | |||||
| CVE-2022-22394 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. | |||||
| CVE-2022-22665 | 1 Apple | 2 Mac Os X, Macos | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. | |||||
| CVE-2022-22639 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | |||||
| CVE-2022-22627 | 1 Apple | 2 Mac Os X, Macos | 2023-08-08 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2022-22617 | 1 Apple | 2 Mac Os X, Macos | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. | |||||
| CVE-2022-22578 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges. | |||||
| CVE-2022-26526 | 2 Anaconda, Conda | 2 Anaconda3, Miniconda3 | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed. | |||||
| CVE-2022-25214 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2023-08-08 | 5.8 MEDIUM | 7.4 HIGH |
| Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. | |||||
| CVE-2022-20053 | 2 Google, Mediatek | 60 Android, Mt6731, Mt6732 and 57 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. | |||||
| CVE-2022-23266 | 1 Microsoft | 1 Defender For Iot | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2022-21967 | 1 Microsoft | 2 Windows 10, Windows 11 | 2023-08-08 | 4.4 MEDIUM | 7.0 HIGH |
| Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability | |||||
| CVE-2022-22706 | 1 Arm | 3 Bifrost, Midgard, Valhall | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0. | |||||
| CVE-2022-22300 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. | |||||
| CVE-2021-22437 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. | |||||
| CVE-2022-25640 | 1 Wolfssl | 1 Wolfssl | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. | |||||
| CVE-2022-23176 | 1 Watchguard | 1 Fireware | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3. | |||||
| CVE-2022-24295 | 1 Okta | 1 Advanced Server Access Client For Windows | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | |||||
| CVE-2022-24985 | 1 Jqueryform | 1 Jqueryform | 2023-08-08 | 6.0 MEDIUM | 8.8 HIGH |
| Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server. | |||||
| CVE-2021-42714 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-42713 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2022-0301 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4100 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-21174 | 1 Intel | 1 Quartus Prime | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-23276 | 2 Linux, Microsoft | 2 Linux Kernel, Sql Server | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| SQL Server for Linux Containers Elevation of Privilege Vulnerability | |||||
| CVE-2022-23273 | 1 Microsoft | 1 Dynamics Gp | 2023-08-08 | 9.0 HIGH | 7.1 HIGH |
| Microsoft Dynamics GP Elevation Of Privilege Vulnerability | |||||
| CVE-2022-23272 | 1 Microsoft | 1 Dynamics Gp | 2023-08-08 | 9.0 HIGH | 8.1 HIGH |
| Microsoft Dynamics GP Elevation Of Privilege Vulnerability | |||||
| CVE-2022-22717 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-22715 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Named Pipe File System Elevation of Privilege Vulnerability | |||||
| CVE-2022-22001 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2022-22000 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21997 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 3.6 LOW | 7.1 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-21996 | 1 Microsoft | 1 Windows 11 | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2022-21994 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-21989 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.9 MEDIUM | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-21981 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21971 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| Windows Runtime Remote Code Execution Vulnerability | |||||
| CVE-2022-21173 | 1 Elecom | 16 Wrh-300bk3, Wrh-300bk3-s, Wrh-300bk3-s Firmware and 13 more | 2023-08-08 | 8.3 HIGH | 8.8 HIGH |
| Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2022-23263 | 1 Microsoft | 1 Edge Chromium | 2023-08-08 | 4.4 MEDIUM | 7.7 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||