Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30634 | 2 Golang, Microsoft | 2 Go, Windows | 2022-07-22 | N/A | 7.5 HIGH |
| Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | |||||
| CVE-2020-24994 | 1 Libass Project | 1 Libass | 2022-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. | |||||
| CVE-2020-29238 | 1 Expressvpn | 1 Expressvpn | 2022-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request. | |||||
| CVE-2020-14372 | 4 Fedoraproject, Gnu, Netapp and 1 more | 9 Fedora, Grub2, Cloud Backup and 6 more | 2022-07-22 | 6.2 MEDIUM | 7.5 HIGH |
| A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. | |||||
| CVE-2021-32736 | 1 Thinkjs | 1 Think-helper | 2022-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3. | |||||
| CVE-2022-27649 | 3 Fedoraproject, Podman Project, Redhat | 14 Fedora, Podman, Developer Tools and 11 more | 2022-07-22 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | |||||
| CVE-2022-26768 | 1 Apple | 3 Macos, Tvos, Watchos | 2022-07-22 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-24070 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2022-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. | |||||
| CVE-2022-26981 | 1 Liblouis | 1 Liblouis | 2022-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |||||
| CVE-2022-0128 | 2 Apple, Vim | 2 Macos, Vim | 2022-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Out-of-bounds Read | |||||
| CVE-2021-4192 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-4187 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2022-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-4173 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2022-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-4166 | 7 Apple, Debian, Fedoraproject and 4 more | 7 Macos, Debian Linux, Fedora and 4 more | 2022-07-22 | 5.8 MEDIUM | 7.1 HIGH |
| vim is vulnerable to Out-of-bounds Read | |||||
| CVE-2021-4136 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2022-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2022-26481 | 1 Poly | 8 G7500, G7500 Firmware, Studio X30 and 5 more | 2022-07-21 | N/A | 8.8 HIGH |
| An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action. | |||||
| CVE-2022-26482 | 1 Poly | 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware | 2022-07-21 | N/A | 7.2 HIGH |
| An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin. | |||||
| CVE-2022-30981 | 1 Gentics | 1 Gentics Cms | 2022-07-21 | N/A | 8.8 HIGH |
| An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution. | |||||
| CVE-2022-31854 | 1 Codologic | 1 Codoforum | 2022-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | |||||
| CVE-2022-34764 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2022-07-21 | N/A | 7.5 HIGH |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
| CVE-2022-2345 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0046. | |||||
| CVE-2022-2344 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | |||||
| CVE-2022-2343 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | |||||
| CVE-2022-2304 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2289 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2288 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2287 | 1 Vim | 1 Vim | 2022-07-21 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2286 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2285 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2284 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2264 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2257 | 1 Vim | 1 Vim | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-20212 | 1 Google | 1 Android | 2022-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630 | |||||
| CVE-2022-34215 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34217 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34222 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34223 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34226 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34225 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34228 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34229 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34230 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27904 | 2 Apple, Automox | 2 Macos, Automox | 2022-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. | |||||
| CVE-2022-32212 | 1 Nodejs | 1 Node.js | 2022-07-21 | N/A | 8.1 HIGH |
| A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | |||||
| CVE-2022-25891 | 1 Containrrr | 1 Shoutrrr | 2022-07-21 | N/A | 7.5 HIGH |
| The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages. | |||||
| CVE-2021-34538 | 1 Apache | 1 Hive | 2022-07-21 | N/A | 7.5 HIGH |
| Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious. | |||||
| CVE-2022-33011 | 1 Withknown | 1 Known | 2022-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. | |||||
| CVE-2021-1074 | 1 Nvidia | 1 Gpu Display Driver | 2022-07-21 | 6.9 MEDIUM | 7.3 HIGH |
| NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure. | |||||
| CVE-2022-0500 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2022-07-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. | |||||
| CVE-2021-3575 | 3 Fedoraproject, Redhat, Uclouvain | 3 Fedora, Enterprise Linux, Openjpeg | 2022-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. | |||||