Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26903 | 1 Microsoft | 16 Excel, Excel Mobile, Powerpoint and 13 more | 2022-04-26 | 9.3 HIGH | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability. | |||||
| CVE-2022-26901 | 1 Microsoft | 6 365 Apps, Excel, Excel Rt and 3 more | 2022-04-26 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473. | |||||
| CVE-2022-26898 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability. | |||||
| CVE-2022-26897 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26896. | |||||
| CVE-2022-26896 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26897. | |||||
| CVE-2022-26831 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| Windows LDAP Denial of Service Vulnerability. | |||||
| CVE-2021-27653 | 1 Pega | 1 Infinity | 2022-04-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | |||||
| CVE-2021-29493 | 1 Kennnyshiwa-cogs Project | 1 Kennnyshiwa-cogs | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable. | |||||
| CVE-2022-26830 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2022-04-25 | 5.1 MEDIUM | 7.5 HIGH |
| DiskUsage.exe Remote Code Execution Vulnerability. | |||||
| CVE-2021-25219 | 6 Debian, Fedoraproject, Isc and 3 more | 23 Debian Linux, Fedora, Bind and 20 more | 2022-04-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. | |||||
| CVE-2021-3615 | 1 Lenovo | 6 Smart Camera C2e, Smart Camera C2e Firmware, Smart Camera X3 and 3 more | 2022-04-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262. | |||||
| CVE-2022-26810 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827. | |||||
| CVE-2022-26924 | 1 Microsoft | 1 Yet Another Reverse Proxy | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| YARP Denial of Service Vulnerability. | |||||
| CVE-2022-26921 | 1 Microsoft | 1 Visual Studio Code | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability. | |||||
| CVE-2022-26920 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability. | |||||
| CVE-2022-26919 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 9.3 HIGH | 8.1 HIGH |
| Windows LDAP Remote Code Execution Vulnerability. | |||||
| CVE-2022-26918 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917. | |||||
| CVE-2022-26917 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918. | |||||
| CVE-2022-26916 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918. | |||||
| CVE-2022-26915 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability. | |||||
| CVE-2022-20681 | 1 Cisco | 1 Ios Xe | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device. | |||||
| CVE-2021-42230 | 1 Seowonintech | 2 130-slc, 130-slc Firmware | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. | |||||
| CVE-2021-1288 | 1 Cisco | 1 Ios Xr | 2022-04-25 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-7533 | 1 Schneider-electric | 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | |||||
| CVE-2021-40386 | 1 Kaseya | 1 Unitrends Backup | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | |||||
| CVE-2021-36012 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item. | |||||
| CVE-2021-1394 | 1 Cisco | 1 Ios Xe | 2022-04-25 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affected device. A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition. Note: This vulnerability does not impact traffic that is going through the device or going to the Management Ethernet interface of the device. | |||||
| CVE-2021-1377 | 1 Cisco | 2 Ios, Ios Xe | 2022-04-25 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. | |||||
| CVE-2022-26788 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| PowerShell Elevation of Privilege Vulnerability. | |||||
| CVE-2022-26785 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26783. | |||||
| CVE-2022-26784 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-24538. | |||||
| CVE-2022-26783 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-04-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26785. | |||||
| CVE-2022-24549 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Package Manager Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24547 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24546 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24544 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486. | |||||
| CVE-2022-24543 | 1 Microsoft | 1 Windows Upgrade Assistant | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Upgrade Assistant Remote Code Execution Vulnerability. | |||||
| CVE-2022-24542 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474. | |||||
| CVE-2022-24541 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 9.3 HIGH | 8.8 HIGH |
| Windows Server Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-24539 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-04-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785. | |||||
| CVE-2022-24534 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.5 HIGH |
| Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. | |||||
| CVE-2022-28870 | 1 F-secure | 1 Safe | 2022-04-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. | |||||
| CVE-2011-2000 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." | |||||
| CVE-2011-1999 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." | |||||
| CVE-2021-37994 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-37995 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2011-1996 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." | |||||
| CVE-2011-1993 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." | |||||
| CVE-2011-1961 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." | |||||
| CVE-2022-21926 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. | |||||