Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37176 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard. | |||||
| CVE-2022-36116 | 1 Ssctech | 1 Blue Prism | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo administrative function. Removing the validation applied to newly designed processes increases the chance of successfully hiding malicious code that could be executed in a production environment. | |||||
| CVE-2022-37935 | 1 Hp | 1 Oneview For Vmware Vcenter | 2023-08-08 | N/A | 5.5 MEDIUM |
| HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | |||||
| CVE-2021-31232 | 1 Linuxfoundation | 1 Cortex | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2021-45915 | 1 Luxsoft | 1 Luxcal | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. | |||||
| CVE-2022-22969 | 2 Oracle, Pivotal | 2 Communications Design Studio, Spring Security Oauth | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only. | |||||
| CVE-2022-27336 | 1 Seacms | 1 Seacms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. | |||||
| CVE-2022-22710 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Common Log File System Driver Denial of Service Vulnerability | |||||
| CVE-2022-30614 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-08-08 | N/A | 7.5 HIGH |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. | |||||
| CVE-2021-45983 | 1 Netscout | 1 Ngeniusone | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | |||||
| CVE-2021-36769 | 1 Telegram | 2 Telegram, Telegram Desktop | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. | |||||
| CVE-2021-39947 | 1 Gitlab | 1 Gitlab Runner | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs | |||||
| CVE-2022-37932 | 1 Hpe | 38 Officeconnect 1820 J9979a, Officeconnect 1820 J9979a Firmware, Officeconnect 1820 J9980a and 35 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22; | |||||
| CVE-2022-0540 | 1 Atlassian | 3 Jira Data Center, Jira Server, Jira Service Management | 2023-08-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. | |||||
| CVE-2021-30339 | 1 Qualcomm | 110 Ar8035, Ar8035 Firmware, Qca6391 and 107 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-1821 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. | |||||
| CVE-2022-36133 | 1 Epson | 18 Tm-c3500, Tm-c3500 Firmware, Tm-c3510 and 15 more | 2023-08-08 | N/A | 9.1 CRITICAL |
| The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-30944 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging. | |||||
| CVE-2021-30898 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms. | |||||
| CVE-2021-45101 | 1 Wisc | 1 Htcondor | 2023-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data. | |||||
| CVE-2022-29784 | 1 Publiccms | 1 Publiccms | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | |||||
| CVE-2021-22367 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
| CVE-2021-30998 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address. | |||||
| CVE-2022-34296 | 1 Zalando | 1 Skipper | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. | |||||
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | |||||
| CVE-2022-23688 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-22040 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.5 HIGH | 7.3 HIGH |
| Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | |||||
| CVE-2021-43327 | 1 Renesas | 4 Rx65, Rx65 Firmware, Rx65n and 1 more | 2023-08-08 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted. | |||||
| CVE-2021-42299 | 1 Microsoft | 2 Surface Pro 3, Surface Pro 3 Firmware | 2023-08-08 | 3.6 LOW | 5.6 MEDIUM |
| Microsoft Surface Pro 3 Security Feature Bypass Vulnerability | |||||
| CVE-2021-30346 | 1 Qualcomm | 56 Ar8035, Ar8035 Firmware, Qca9984 and 53 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30345 | 1 Qualcomm | 56 Ar8035, Ar8035 Firmware, Qca9984 and 53 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-26885 | 1 Apache | 1 Dolphinscheduler | 2023-08-08 | N/A | 7.5 HIGH |
| When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | |||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | |||||
| CVE-2022-0130 | 1 Tenable | 1 Tenable.sc | 2023-08-08 | 6.8 MEDIUM | 8.1 HIGH |
| Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. | |||||
| CVE-2022-43366 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. | |||||
| CVE-2021-43888 | 1 Microsoft | 1 Defender For Iot | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Defender for IoT Information Disclosure Vulnerability | |||||
| CVE-2022-23687 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2021-38954 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. | |||||
| CVE-2021-37133 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-39969 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-23705 | 1 Hpe | 1 Nimbleos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2021-1045 | 1 Google | 1 Android | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A | |||||
| CVE-2022-22029 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-08-08 | 6.8 MEDIUM | 8.1 HIGH |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-22039 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-08-08 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-22028 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows Network File System Information Disclosure Vulnerability | |||||
| CVE-2022-22038 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-08 | 6.8 MEDIUM | 8.1 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
| CVE-2022-21845 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.7 MEDIUM | 4.7 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2022-32295 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. | |||||
| CVE-2021-26317 | 1 Amd | 147 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 144 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | |||||