Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie. | |||||
| CVE-2022-28830 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28829 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28828 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28827 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28826 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28825 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28824 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28823 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28822 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28821 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30401 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. | |||||
| CVE-2022-30400 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. | |||||
| CVE-2022-30399 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. | |||||
| CVE-2022-30398 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. | |||||
| CVE-2022-30396 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. | |||||
| CVE-2022-30395 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | |||||
| CVE-2022-30393 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. | |||||
| CVE-2022-30392 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | |||||
| CVE-2022-30402 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. | |||||
| CVE-2022-30391 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | |||||
| CVE-2022-30387 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | |||||
| CVE-2022-30386 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | |||||
| CVE-2022-30385 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | |||||
| CVE-2022-30384 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | |||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | |||||
| CVE-2021-26350 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2022-05-23 | 1.9 LOW | 4.7 MEDIUM |
| A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service. | |||||
| CVE-2022-24910 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26782 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-26781 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-30375 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | |||||
| CVE-2021-43244 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2021-43234 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2022-0026 | 2 Microsoft, Paloaltonetworks | 3 Windows, Content Update330, Cortex Xdr Agent | 2022-05-23 | 7.2 HIGH | 6.7 MEDIUM |
| A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version. | |||||
| CVE-2022-26780 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-25995 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-24525 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server | 2022-05-23 | 4.4 MEDIUM | 7.0 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24508 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Windows SMBv3 Client/Server Remote Code Execution Vulnerability. | |||||
| CVE-2022-24507 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24505 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2022-05-23 | 4.4 MEDIUM | 7.0 HIGH |
| Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287. | |||||
| CVE-2022-24502 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2022-05-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability. | |||||
| CVE-2022-23297 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. | |||||
| CVE-2022-23296 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability. | |||||
| CVE-2022-23294 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Event Tracing Remote Code Execution Vulnerability. | |||||
| CVE-2022-23283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 4.4 MEDIUM | 7.0 HIGH |
| Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505. | |||||
| CVE-2022-23281 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| Windows Common Log File System Driver Information Disclosure Vulnerability. | |||||
| CVE-2022-23278 | 4 Apple, Google, Linux and 1 more | 11 Macos, Android, Linux Kernel and 8 more | 2022-05-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Microsoft Defender for Endpoint Spoofing Vulnerability. | |||||
| CVE-2022-23253 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Point-to-Point Tunneling Protocol Denial of Service Vulnerability. | |||||
| CVE-2022-22010 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-05-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21977. | |||||
| CVE-2022-21990 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285. | |||||