Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30748 | 1 Samsung | 1 Members | 2022-06-14 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. | |||||
| CVE-2019-5021 | 4 Alpinelinux, F5, Gliderlabs and 1 more | 4 Alpine Linux, Big-ip Controller, Docker-alpine and 1 more | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. | |||||
| CVE-2022-30729 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 4.6 MEDIUM |
| Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | |||||
| CVE-2022-31007 | 1 Elabftw | 1 Elabftw | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. | |||||
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2022-29229 | 1 Cassproject | 1 Competency And Skills System | 2022-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials. The issue has been patched in 1.5.8, however, the vulnerable accounts are only resecured when the user next logs in using standalone authentication, as the data required to resecure the account is not available to the server. The issue may be mitigated by using SSO or client side certificates to log in. Please note that SSO and client side certificate authentication does not have this expectation of no-knowledge credential access, and cryptographic keys are available to the server administrator. | |||||
| CVE-2020-11644 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. | |||||
| CVE-2022-31215 | 1 Goverlan | 3 Client Agent, Reach Console, Reach Server | 2022-06-01 | 3.5 LOW | 6.5 MEDIUM |
| In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11. | |||||
| CVE-2021-27379 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-05-27 | 5.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. | |||||
| CVE-2021-29264 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-05-27 | 4.7 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. | |||||
| CVE-2022-29873 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. | |||||
| CVE-2022-28946 | 1 Openpolicyagent | 1 Open Policy Agent | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. | |||||
| CVE-2020-9979 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2022-05-24 | 2.1 LOW | 5.5 MEDIUM |
| A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content. | |||||
| CVE-2022-25995 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-28147 | 1 Grafana | 1 Grafana | 2022-05-20 | 3.5 LOW | 6.5 MEDIUM |
| The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have. | |||||
| CVE-2022-0024 | 1 Paloaltonetworks | 1 Pan-os | 2022-05-20 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. | |||||
| CVE-2022-28244 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-05-19 | 4.3 MEDIUM | 6.3 MEDIUM |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server. | |||||
| CVE-2021-27290 | 3 Oracle, Siemens, Ssri Project | 3 Graalvm, Sinec Infrastructure Network Services, Ssri | 2022-05-13 | 4.3 MEDIUM | 7.5 HIGH |
| ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. | |||||
| CVE-2006-2450 | 1 Libvncserver | 1 Libvncserver | 2022-05-13 | 7.5 HIGH | N/A |
| auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. | |||||
| CVE-2022-25786 | 1 Secomea | 1 Gatemanager | 2022-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. | |||||