Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30873 | 1 Apple | 1 Macos | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to elevate privileges. | |||||
| CVE-2021-30935 | 1 Apple | 2 Mac Os X, Macos | 2022-05-26 | 8.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
| CVE-2020-9941 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state. | |||||
| CVE-2021-26400 | 1 Amd | 1 Cpu | 2022-05-25 | 2.1 LOW | 4.0 MEDIUM |
| AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | |||||
| CVE-2021-26390 | 1 Amd | 74 Athlon 300u, Athlon 300u Firmware, Ryzen 3 3200u and 71 more | 2022-05-25 | 4.9 MEDIUM | 6.2 MEDIUM |
| A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | |||||
| CVE-2022-23670 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-30697 | 1 Acronis | 1 Snap Deploy | 2022-05-24 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||||
| CVE-2022-30708 | 1 Webmin | 1 Webmin | 2022-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | |||||
| CVE-2020-9992 | 1 Apple | 3 Ipad Os, Iphone Os, Xcode | 2022-05-24 | 9.3 HIGH | 7.8 HIGH |
| This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. | |||||
| CVE-2020-9986 | 1 Apple | 1 Mac Os X | 2022-05-24 | 4.3 MEDIUM | 3.3 LOW |
| A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information. | |||||
| CVE-2021-27358 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | |||||
| CVE-2021-27516 | 1 Urijs Project | 1 Urijs | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | |||||
| CVE-2021-27803 | 3 Debian, Fedoraproject, W1.fi | 3 Debian Linux, Fedora, Wpa Supplicant | 2022-05-23 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | |||||
| CVE-2021-27515 | 1 Url-parse Project | 1 Url-parse | 2022-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | |||||
| CVE-2021-23972 | 1 Mozilla | 1 Firefox | 2022-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. | |||||
| CVE-2022-22393 | 1 Ibm | 1 Websphere Application Server | 2022-05-23 | 3.5 LOW | 6.5 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. | |||||
| CVE-2021-23974 | 1 Mozilla | 1 Firefox | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | |||||
| CVE-2021-46787 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. | |||||
| CVE-2021-46788 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. | |||||
| CVE-2022-22261 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||
| CVE-2022-29789 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||
| CVE-2022-29791 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||
| CVE-2022-29790 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. | |||||
| CVE-2022-29792 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-29796 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||
| CVE-2022-30408 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-24297 | 1 Intel | 118 Lapbc510, Lapbc510 Firmware, Lapbc710 and 115 more | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | |||||
| CVE-2021-43244 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2021-43234 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2018-0882 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880. | |||||
| CVE-2018-0884 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902. | |||||
| CVE-2018-0877 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0883 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 7.6 HIGH | 7.5 HIGH |
| Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability". | |||||
| CVE-2018-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0880 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882. | |||||
| CVE-2022-21974 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Roaming Security Rights Management Services Remote Code Execution Vulnerability. | |||||
| CVE-2022-21992 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Windows Mobile Device Management Remote Code Execution Vulnerability. | |||||
| CVE-2017-11788 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | |||||
| CVE-2017-11874 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2022-05-23 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872. | |||||
| CVE-2018-0757 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810. | |||||
| CVE-2018-0825 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 7.6 HIGH | 7.5 HIGH |
| StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability". | |||||
| CVE-2018-0902 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884. | |||||
| CVE-2018-8202 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | |||||
| CVE-2022-21995 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 6.8 MEDIUM | 7.9 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. | |||||
| CVE-2022-24508 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Windows SMBv3 Client/Server Remote Code Execution Vulnerability. | |||||
| CVE-2022-24507 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24502 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2022-05-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability. | |||||
| CVE-2022-21977 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2022-05-23 | 4.3 MEDIUM | 3.3 LOW |
| Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22010. | |||||