Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35477 | 1 Otfcc Project | 1 Otfcc | 2023-08-08 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. | |||||
| CVE-2022-35476 | 1 Otfcc Project | 1 Otfcc | 2023-08-08 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | |||||
| CVE-2022-35114 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c. | |||||
| CVE-2022-35113 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c. | |||||
| CVE-2022-35109 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | |||||
| CVE-2022-35108 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||
| CVE-2022-35106 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc. | |||||
| CVE-2022-25357 | 1 Pexip | 1 Pexip Infinity | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. | |||||
| CVE-2022-31260 | 1 Montala | 1 Resourcespace | 2023-08-08 | N/A | 6.5 MEDIUM |
| In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. | |||||
| CVE-2022-32409 | 1 Softwarepublico | 1 I3geo | 2023-08-08 | N/A | 9.8 CRITICAL |
| A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. | |||||
| CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2023-08-08 | N/A | 7.8 HIGH |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
| CVE-2022-28375 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root, | |||||
| CVE-2022-28374 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root. | |||||
| CVE-2022-28371 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2023-08-08 | N/A | 7.5 HIGH |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.) | |||||
| CVE-2022-35857 | 1 Kvf-admin Project | 1 Kvf-admin | 2023-08-08 | N/A | 9.8 CRITICAL |
| kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file. | |||||
| CVE-2022-30224 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | |||||
| CVE-2022-30223 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | 2.7 LOW | 5.7 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2022-30187 | 1 Microsoft | 2 Azure Storage Blobs, Azure Storage Queue | 2023-08-08 | 1.9 LOW | 4.7 MEDIUM |
| Azure Storage Library Information Disclosure Vulnerability | |||||
| CVE-2022-30181 | 1 Microsoft | 1 Azure Site Recovery | 2023-08-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability | |||||
| CVE-2022-22047 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||
| CVE-2022-22045 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | 6.9 MEDIUM | 7.8 HIGH |
| Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | |||||
| CVE-2022-22043 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-22041 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-08-08 | 8.5 HIGH | 6.8 MEDIUM |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-22037 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 8.5 HIGH | 7.5 HIGH |
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | |||||
| CVE-2022-22036 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.4 MEDIUM | 7.0 HIGH |
| Performance Counters for Windows Elevation of Privilege Vulnerability | |||||
| CVE-2022-22031 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | |||||
| CVE-2021-40016 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 3.3 LOW | 6.5 MEDIUM |
| Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality. | |||||
| CVE-2022-29512 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. | |||||
| CVE-2022-35411 | 1 Rpc.py Project | 1 Rpc.py | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. | |||||
| CVE-2022-34306 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-08-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435. | |||||
| CVE-2022-34160 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2023-08-08 | 5.8 MEDIUM | 5.4 MEDIUM |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330. | |||||
| CVE-2022-32054 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. | |||||
| CVE-2021-46825 | 1 Broadcom | 2 Advanced Secure Gateway, Proxysg | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | |||||
| CVE-2022-34597 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
| CVE-2022-34596 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
| CVE-2022-34595 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | |||||
| CVE-2022-32310 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. | |||||
| CVE-2022-29892 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | |||||
| CVE-2022-28713 | 1 Cybozu | 1 Garoon | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. | |||||
| CVE-2022-28692 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. | |||||
| CVE-2022-27807 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | |||||
| CVE-2022-25900 | 1 Git-clone Project | 1 Git-clone | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. | |||||
| CVE-2022-32053 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. | |||||
| CVE-2022-32052 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. | |||||
| CVE-2022-32051 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. | |||||
| CVE-2022-32050 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. | |||||
| CVE-2022-32049 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. | |||||
| CVE-2022-32048 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. | |||||
| CVE-2022-32047 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. | |||||
| CVE-2022-32046 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. | |||||