Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41946 | 1 Fiberhome | 2 Hg150-ub, Hg150-ub Firmware | 2022-05-26 | 3.5 LOW | 5.4 MEDIUM |
| In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS. | |||||
| CVE-2022-28186 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. | |||||
| CVE-2022-26633 | 1 Simple Student Quarterly Result\/grade System Project | 1 Simple Student Quarterly Result\/grade System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | |||||
| CVE-2022-26632 | 1 Multi-vendor Online Groceries Management System Project | 1 Multi-vendor Online Groceries Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. | |||||
| CVE-2022-28185 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 6.8 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. | |||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-05-26 | 4.6 MEDIUM | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2022-05-26 | 7.2 HIGH | 6.7 MEDIUM |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-24290 | 1 Siemens | 2 Teamcenter, Teamcenter Visualization | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash. | |||||
| CVE-2022-29645 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. | |||||
| CVE-2022-29646 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | |||||
| CVE-2021-39705 | 2022-05-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-23067 | 1 Tooljet | 1 Tooljet | 2022-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account. | |||||
| CVE-2022-23068 | 1 Tooljet | 1 Tooljet | 2022-05-26 | 3.5 LOW | 5.4 MEDIUM |
| ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. | |||||
| CVE-2021-42849 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2022-05-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. | |||||
| CVE-2021-42850 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. | |||||
| CVE-2022-1727 | 1 Diagrams | 1 Draw.io | 2022-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | |||||
| CVE-2021-42851 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2022-05-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | |||||
| CVE-2021-38944 | 1 Ibm | 1 Datapower Gateway | 2022-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236. | |||||
| CVE-2022-22009 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2022-05-26 | 4.4 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. | |||||
| CVE-2022-22008 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2022-05-26 | 6.9 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. | |||||
| CVE-2022-28191 | 1 Nvidia | 1 Virtual Gpu | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service. | |||||
| CVE-2022-28188 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service. | |||||
| CVE-2022-24537 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2022-05-26 | 6.9 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257. | |||||
| CVE-2022-30111 | 1 Mck Smartlock Project | 1 Mck Smartlock | 2022-05-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. | |||||
| CVE-2022-28187 | 1 Nvidia | 1 Gpu Display Driver | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service. | |||||
| CVE-2022-29028 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2022-30763 | 1 Janet-lang | 1 Janet | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Janet before 1.22.0 mishandles arrays. | |||||
| CVE-2022-1767 | 1 Diagrams | 1 Draw.io | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2022-05-26 | 6.0 MEDIUM | 8.0 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-27095 | 1 Battleye | 1 Battleye | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-28990 | 1 Wasm3 Project | 1 Wasm3 | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. | |||||
| CVE-2022-28531 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. | |||||
| CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-30887 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2022-30886 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. | |||||
| CVE-2022-30518 | 1 Chatbot Application With A Suggestion Feature Project | 1 Chatbot Application With A Suggestion Feature | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. | |||||
| CVE-2022-29320 | 1 Minitool | 1 Partition Wizard | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-29023 | 1 Openrazer Project | 1 Openrazer | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2022-30956 | 1 Jenkins | 1 Rundeck | 2022-05-26 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. | |||||
| CVE-2022-30955 | 1 Jenkins | 1 Gitlab | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-30954 | 1 Jenkins | 1 Blue Ocean | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-30953 | 1 Jenkins | 1 Blue Ocean | 2022-05-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | |||||
| CVE-2022-30952 | 1 Jenkins | 1 Blue Ocean | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | |||||
| CVE-2022-29638 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-30951 | 1 Jenkins | 1 Wmi Windows Agents | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. | |||||
| CVE-2022-30950 | 1 Jenkins | 1 Wmi Windows Agents | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | |||||
| CVE-2022-24890 | 1 Nextcloud | 1 Talk | 2022-05-26 | 3.5 LOW | 4.3 MEDIUM |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds. | |||||
| CVE-2022-1715 | 1 Facturascripts | 1 Facturascripts | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. | |||||
| CVE-2022-22252 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. | |||||
| CVE-2022-28192 | 1 Nvidia | 1 Virtual Gpu | 2022-05-26 | 1.9 LOW | 4.1 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges. | |||||