Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4840 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
| CVE-2015-4843 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |||||
| CVE-2015-4732 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. | |||||
| CVE-2015-2596 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot. | |||||
| CVE-2015-4731 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | |||||
| CVE-2015-4748 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | |||||
| CVE-2015-4760 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | |||||
| CVE-2015-4803 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. | |||||
| CVE-2015-4810 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2015-4806 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | |||||
| CVE-2014-6511 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
| CVE-2014-6515 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. | |||||
| CVE-2014-6492 | 2 Mozilla, Oracle | 3 Firefox, Jdk, Jre | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-6466 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-6532 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. | |||||
| CVE-2014-4288 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. | |||||
| CVE-2014-6458 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2013-2461 | 2 Oracle, Sun | 5 Jdk, Jre, Jrockit and 2 more | 2022-05-13 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | |||||
| CVE-2014-6493 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. | |||||
| CVE-2014-6503 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. | |||||
| CVE-2020-10558 | 1 Tesla | 1 Model 3 Web Interface | 2022-05-13 | 7.1 HIGH | 6.5 MEDIUM |
| The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. | |||||
| CVE-2022-21449 | 3 Debian, Netapp, Oracle | 15 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 12 more | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2021-33670 | 1 Sap | 1 Netweaver Application Server Java | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. | |||||
| CVE-2021-39880 | 1 Gitlab | 1 Gitlab | 2022-05-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. | |||||
| CVE-2022-25343 | 1 Olivetti | 2 D-color Mf3555, D-color Mf3555 Firmware | 2022-05-12 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application. | |||||
| CVE-2021-42242 | 1 Jflyfox | 1 Jfinal Cms | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | |||||
| CVE-2021-46424 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2022-05-12 | 9.4 HIGH | 9.1 CRITICAL |
| Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. | |||||
| CVE-2022-21427 | 3 Mariadb, Netapp, Oracle | 6 Mariadb, Active Iq Unified Manager, Oncommand Insight and 3 more | 2022-05-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2021-39298 | 1 Hp | 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more | 2022-05-12 | 7.2 HIGH | 8.8 HIGH |
| A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware. | |||||
| CVE-2021-26337 | 1 Amd | 90 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 87 more | 2022-05-12 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | |||||
| CVE-2021-26335 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2022-05-12 | 7.2 HIGH | 7.8 HIGH |
| Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution. | |||||
| CVE-2020-6111 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 B Firmware | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-11971 | 2 Apache, Oracle | 5 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 2 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. | |||||
| CVE-2020-13956 | 4 Apache, Netapp, Oracle and 1 more | 17 Httpclient, Active Iq Unified Manager, Snapcenter and 14 more | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | |||||
| CVE-2020-27218 | 4 Apache, Eclipse, Netapp and 1 more | 16 Kafka, Spark, Jetty and 13 more | 2022-05-12 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. | |||||
| CVE-2020-13936 | 3 Apache, Debian, Oracle | 16 Velocity Engine, Wss4j, Debian Linux and 13 more | 2022-05-12 | 9.0 HIGH | 8.8 HIGH |
| An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | |||||
| CVE-2022-28076 | 1 Seacms | 1 Seacms | 2022-05-12 | 6.5 MEDIUM | 7.2 HIGH |
| Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. | |||||
| CVE-2022-22275 | 1 Sonicwall | 53 Nsa 2650, Nsa 2700, Nsa 3650 and 50 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | |||||
| CVE-2020-1920 | 1 Facebook | 1 React-native | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1. | |||||
| CVE-2022-25780 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2022-05-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. | |||||
| CVE-2021-44596 | 1 Wondershare | 1 Dr.fone | 2022-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | |||||
| CVE-2022-23161 | 1 Dell | 1 Emc Powerscale Onefs | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. | |||||
| CVE-2022-23923 | 1 Jailed Project | 1 Jailed | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object. | |||||
| CVE-2022-27313 | 1 Gitea | 1 Gitea | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. | |||||
| CVE-2022-24683 | 1 Hashicorp | 1 Nomad | 2022-05-11 | 7.8 HIGH | 7.5 HIGH |
| HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | |||||
| CVE-2022-21227 | 1 Ghost | 1 Sqlite3 | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. | |||||
| CVE-2022-21167 | 1 Idqk | 1 Masuit.tools | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. | |||||
| CVE-2022-28198 | 2 Microsoft, Nvidia | 3 Windows, Omniverse Cache, Omniverse Nucleus | 2022-05-11 | 4.6 MEDIUM | 6.8 MEDIUM |
| NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. | |||||
| CVE-2021-29859 | 1 Ibm | 1 Cloud Pak For Business Automation | 2022-05-11 | 4.6 MEDIUM | 6.8 MEDIUM |
| IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. | |||||
| CVE-2021-4138 | 1 Mozilla | 1 Geckodriver | 2022-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | |||||