Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12359 | 2 Intel, Netapp | 546 Bios, Core I3-l13g4, Core I5-l16g7 and 543 more | 2022-05-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient control flow management in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2012-5085 | 2 Oracle, Sun | 4 Jdk, Jre, Jdk and 1 more | 2022-05-13 | 0.0 LOW | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. | |||||
| CVE-2021-38425 | 1 Eprosima | 1 Fast Dds | 2022-05-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. | |||||
| CVE-2020-6112 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2022-25783 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2022-05-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. | |||||
| CVE-2022-28780 | 1 Google | 1 Android | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | |||||
| CVE-2022-21230 | 1 Nanohttpd | 1 Nanohttpd | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
| This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue. | |||||
| CVE-2022-1543 | 1 Erudika | 1 Scoold | 2022-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | |||||
| CVE-2022-20089 | 2 Google, Mediatek | 47 Android, Mt6580, Mt6731 and 44 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. | |||||
| CVE-2020-7066 | 4 Debian, Opensuse, Php and 1 more | 4 Debian Linux, Leap, Php and 1 more | 2022-05-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. | |||||
| CVE-2021-3971 | 1 Lenovo | 146 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 143 more | 2022-05-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. | |||||
| CVE-2021-3972 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2022-05-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||
| CVE-2022-29812 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 2.1 LOW | 2.3 LOW |
| In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | |||||
| CVE-2022-28093 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-20642 | 1 Logitech | 2 Lan-w300n\/rs, Lan-w300n\/rs Firmware | 2022-05-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. | |||||
| CVE-2021-22250 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | |||||
| CVE-2021-29758 | 1 Ibm | 1 Sterling B2b Integrator | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169. | |||||
| CVE-2020-24515 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2022-05-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2020-4646 | 1 Ibm | 1 Sterling B2b Integrator | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control. | |||||
| CVE-2021-22248 | 1 Gitlab | 1 Gitlab | 2022-05-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | |||||