Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30563 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2022-07-13 5.8 MEDIUM 7.4 HIGH
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
CVE-2022-30561 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2022-07-13 4.3 MEDIUM 5.9 MEDIUM
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
CVE-2022-30560 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2022-07-13 5.8 MEDIUM 7.4 HIGH
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
CVE-2022-32411 1 Hongcms Project 1 Hongcms 2022-07-13 6.5 MEDIUM 7.2 HIGH
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412 1 Hongcms Project 1 Hongcms 2022-07-13 6.5 MEDIUM 7.2 HIGH
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2018-2786 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2022-07-13 5.5 MEDIUM 5.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2014-6489 2 Mariadb, Oracle 2 Mariadb, Mysql 2022-07-13 5.5 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.
CVE-2019-2758 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2022-07-13 5.5 MEDIUM 5.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3185 5 Canonical, Mariadb, Microsoft and 2 more 9 Ubuntu Linux, Mariadb, Windows and 6 more 2022-07-13 5.5 MEDIUM 5.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-2787 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2022-07-13 5.5 MEDIUM 5.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2021-2022 4 Fedoraproject, Mariadb, Netapp and 1 more 6 Fedora, Mariadb, Oncommand Insight and 3 more 2022-07-13 6.3 MEDIUM 4.4 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2760 6 Canonical, Fedoraproject, Mariadb and 3 more 9 Ubuntu Linux, Fedora, Mariadb and 6 more 2022-07-13 5.5 MEDIUM 5.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2021-35604 4 Fedoraproject, Mariadb, Netapp and 1 more 5 Fedora, Mariadb, Oncommand Insight and 2 more 2022-07-13 5.5 MEDIUM 5.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2022-34829 1 Zohocorp 1 Manageengine Adselfservice Plus 2022-07-13 5.0 MEDIUM 7.5 HIGH
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
CVE-2022-28327 1 Golang 1 Go 2022-07-13 5.0 MEDIUM 7.5 HIGH
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVE-2022-31770 1 Ibm 1 App Connect Enterprise Certified Container 2022-07-13 4.0 MEDIUM 4.9 MEDIUM
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
CVE-2022-32158 1 Splunk 1 Splunk 2022-07-12 7.5 HIGH 10.0 CRITICAL
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server.
CVE-2022-34912 1 Mediawiki 1 Mediawiki 2022-07-12 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
CVE-2021-43245 1 Microsoft 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more 2022-07-12 4.6 MEDIUM 7.8 HIGH
Windows Digital TV Tuner Elevation of Privilege Vulnerability
CVE-2021-43239 1 Microsoft 4 Windows 10, Windows 11, Windows Server and 1 more 2022-07-12 4.6 MEDIUM 7.8 HIGH
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2021-43217 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-07-12 7.5 HIGH 9.8 CRITICAL
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
CVE-2021-43214 1 Microsoft 1 Raw Image Extension 2022-07-12 7.5 HIGH 9.8 CRITICAL
Web Media Extensions Remote Code Execution Vulnerability
CVE-2021-42293 1 Microsoft 2 365 Apps, Office 2022-07-12 5.0 MEDIUM 6.5 MEDIUM
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2021-38950 1 Ibm 1 Mq For Hpe Nonstop 2022-07-12 4.4 MEDIUM 7.8 HIGH
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
CVE-2021-36721 1 Sysaid 1 Application Programming Interface 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.
CVE-2021-46785 1 Huawei 2 Emui, Harmonyos 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
CVE-2021-37075 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-07-12 5.0 MEDIUM 7.5 HIGH
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.
CVE-2021-37068 1 Huawei 1 Harmonyos 2022-07-12 5.0 MEDIUM 7.5 HIGH
There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks.
CVE-2021-37058 1 Huawei 1 Harmonyos 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user's nickname is maliciously tampered with.
CVE-2021-43040 1 Kaseya 1 Unitrends Backup 2022-07-12 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.
CVE-2021-43039 1 Kaseya 1 Unitrends Backup 2022-07-12 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.
CVE-2020-12962 2 Amd, Microsoft 2 Radeon Software, Windows 2022-07-12 4.6 MEDIUM 7.8 HIGH
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
CVE-2020-12902 2 Amd, Microsoft 2 Radeon Software, Windows 10 2022-07-12 4.6 MEDIUM 7.8 HIGH
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12964 1 Amd 1 Radeon Software 2022-07-12 4.6 MEDIUM 7.8 HIGH
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.
CVE-2021-43196 1 Jetbrains 1 Teamcity 2022-07-12 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2020-6931 1 Hp 1 Print And Scan Doctor 2022-07-12 4.6 MEDIUM 7.8 HIGH
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
CVE-2021-36922 1 Realtek 1 Rtsupx Usb Utility Driver 2022-07-12 7.2 HIGH 7.8 HIGH
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
CVE-2020-18174 1 Autohotkey 1 Autohotkey 2022-07-12 7.5 HIGH 9.8 CRITICAL
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.
CVE-2021-41021 1 Fortinet 1 Fortinac 2022-07-12 7.2 HIGH 6.7 MEDIUM
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
CVE-2021-3254 1 Asus 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware 2022-07-12 7.8 HIGH 7.5 HIGH
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
CVE-2021-43223 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2022-07-12 4.6 MEDIUM 7.8 HIGH
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2021-39752 1 Google 1 Android 2022-07-12 4.6 MEDIUM 7.8 HIGH
In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848
CVE-2021-39624 1 Google 1 Android 2022-07-12 4.9 MEDIUM 5.5 MEDIUM
In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-67862680
CVE-2021-39025 1 Ibm 1 Guardium Data Encryption 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.
CVE-2021-36809 1 Sophos 1 Ssl Vpn Client 2022-07-12 3.6 LOW 6.0 MEDIUM
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.
CVE-2021-41003 1 Hpe 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y83 and 12 more 2022-07-12 4.3 MEDIUM 6.1 MEDIUM
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
CVE-2021-38955 1 Ibm 2 Aix, Vios 2022-07-12 2.1 LOW 4.4 MEDIUM
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.
CVE-2021-40046 1 Huawei 1 Pcmanager 2022-07-12 7.5 HIGH 9.8 CRITICAL
PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.
CVE-2021-22448 1 Huawei 2 Emui, Magic Ui 2022-07-12 6.4 MEDIUM 9.1 CRITICAL
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.
CVE-2021-22430 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-07-12 7.5 HIGH 9.8 CRITICAL
There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.