Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10074 | 4 Debian, Netapp, Oracle and 1 more | 25 Debian Linux, Active Iq Unified Manager, Cloud Backup and 22 more | 2022-06-27 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-10078 | 5 Debian, Netapp, Oracle and 2 more | 27 Debian Linux, Active Iq Unified Manager, Cloud Backup and 24 more | 2022-06-27 | 5.5 MEDIUM | 8.1 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-10081 | 3 Debian, Netapp, Oracle | 19 Debian Linux, Active Iq Unified Manager, Cloud Backup and 16 more | 2022-06-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2018-2964 | 2 Netapp, Oracle | 15 Active Iq Unified Manager, Cloud Backup, E-series Santricity Os Controller and 12 more | 2022-06-27 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-14048 | 2 Libpng, Oracle | 3 Libpng, Jdk, Jre | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | |||||
| CVE-2018-3139 | 5 Canonical, Debian, Hp and 2 more | 13 Ubuntu Linux, Debian Linux, Xp7 Command View and 10 more | 2022-06-27 | 2.6 LOW | 3.1 LOW |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-2973 | 4 Hp, Netapp, Oracle and 1 more | 20 Xp7 Command View, Active Iq Unified Manager, Cloud Backup and 17 more | 2022-06-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2018-3136 | 5 Canonical, Debian, Hp and 2 more | 13 Ubuntu Linux, Debian Linux, Xp7 Command View and 10 more | 2022-06-27 | 2.6 LOW | 3.4 LOW |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). | |||||
| CVE-2018-3180 | 5 Canonical, Debian, Hp and 2 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2022-06-27 | 6.8 MEDIUM | 5.6 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2018-3183 | 5 Canonical, Debian, Hp and 2 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2022-06-27 | 6.8 MEDIUM | 9.0 CRITICAL |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-3169 | 5 Canonical, Debian, Hp and 2 more | 13 Ubuntu Linux, Debian Linux, Xp7 Command View and 10 more | 2022-06-27 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-3149 | 5 Canonical, Debian, Hp and 2 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2022-06-27 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-3211 | 1 Oracle | 2 Jdk, Jre | 2022-06-27 | 3.3 LOW | 6.6 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-10053 | 5 Debian, Netapp, Oracle and 2 more | 28 Debian Linux, Active Iq Unified Manager, Cloud Backup and 25 more | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-3209 | 1 Oracle | 2 Jdk, Jre | 2022-06-27 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-3214 | 5 Canonical, Debian, Hp and 2 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2022-31060 | 1 Discourse | 1 Discourse | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. | |||||
| CVE-2022-23167 | 1 Amodat | 1 Amodat | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED. | |||||
| CVE-2022-29257 | 1 Electronjs | 1 Electron | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. | |||||
| CVE-2022-25167 | 1 Apache | 1 Flume | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | |||||
| CVE-2016-9843 | 9 Apple, Canonical, Debian and 6 more | 23 Iphone Os, Mac Os X, Tvos and 20 more | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
| CVE-2012-3163 | 6 Canonical, Debian, F5 and 3 more | 21 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 18 more | 2022-06-27 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | |||||
| CVE-2022-31760 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-06-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. | |||||
| CVE-2022-31757 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-30281 | 1 Qualcomm | 294 Aqt1000, Aqt1000 Firmware, Ar8031 and 291 more | 2022-06-27 | 7.2 HIGH | 7.8 HIGH |
| Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-32561 | 1 Couchbase | 1 Couchbase Server | 2022-06-24 | 3.5 LOW | 4.9 MEDIUM |
| An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. | |||||
| CVE-2022-31594 | 1 Sap | 1 Adaptive Server Enterprise | 2022-06-24 | 7.2 HIGH | 6.7 MEDIUM |
| A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | |||||
| CVE-2022-32550 | 1 1password | 5 1password, 1password In The Browser, Command-line and 2 more | 2022-06-24 | 5.8 MEDIUM | 4.8 MEDIUM |
| An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service. | |||||
| CVE-2022-29241 | 1 Jupyter | 1 Jupyter Server | 2022-06-24 | 9.0 HIGH | 8.8 HIGH |
| Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. | |||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | |||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2022-06-24 | 4.6 MEDIUM | 5.0 MEDIUM |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | |||||
| CVE-2022-20210 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888 | |||||
| CVE-2022-20207 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714 | |||||
| CVE-2022-30785 | 1 Tuxera | 1 Ntfs-3g | 2022-06-24 | 7.2 HIGH | 6.7 MEDIUM |
| A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-20197 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300 | |||||
| CVE-2022-20193 | 1 Google | 1 Android | 2022-06-24 | 4.4 MEDIUM | 7.3 HIGH |
| In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116 | |||||
| CVE-2022-20194 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510 | |||||
| CVE-2022-20188 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A | |||||
| CVE-2022-20192 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712 | |||||
| CVE-2022-20190 | 1 Google | 1 Android | 2022-06-24 | 7.8 HIGH | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A | |||||
| CVE-2022-20191 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A | |||||
| CVE-2022-20135 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465 | |||||
| CVE-2022-20184 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A | |||||
| CVE-2022-20181 | 1 Google | 1 Android | 2022-06-24 | 7.8 HIGH | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A | |||||
| CVE-2022-20179 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A | |||||
| CVE-2022-20177 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A | |||||
| CVE-2022-20175 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A | |||||
| CVE-2022-20171 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A | |||||
| CVE-2022-20173 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A | |||||
| CVE-2022-20170 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A | |||||