Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0686 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2022-08-29 | 5.0 MEDIUM | N/A |
| Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | |||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2022-08-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-20921 | 1 Cisco | 1 Aci Multi-site Orchestrator | 2022-08-29 | N/A | 8.8 HIGH |
| A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. | |||||
| CVE-2022-33172 | 1 Bund | 1 De.fac2 | 2022-08-29 | N/A | 5.5 MEDIUM |
| de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | |||||
| CVE-2022-37240 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-29 | N/A | 9.8 CRITICAL |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. | |||||
| CVE-2022-37242 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-29 | N/A | 9.8 CRITICAL |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | |||||
| CVE-2022-37953 | 1 Ge | 1 Workstationst | 2022-08-29 | N/A | 6.1 MEDIUM |
| An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2022-37151 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-08-26 | N/A | 7.5 HIGH |
| There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | |||||
| CVE-2022-21793 | 2 Intel, Vmware | 10 82599 10 Gigabit Ethernet Controller, Ethernet Controller X540, Ethernet Controller X550 and 7 more | 2022-08-26 | N/A | 5.5 MEDIUM |
| Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2021-33126 | 1 Intel | 14 Ethernet Controller V710, Ethernet Controller V710 Firmware, Ethernet Controller X710 and 11 more | 2022-08-26 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-42627 | 2 D-link, Dlink | 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more | 2022-08-24 | N/A | 9.8 CRITICAL |
| The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | |||||
| CVE-2022-33932 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. | |||||
| CVE-2022-0028 | 1 Paloaltonetworks | 1 Pan-os | 2022-08-24 | N/A | 8.6 HIGH |
| A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them. | |||||
| CVE-2022-2600 | 1 Auto-hyperlink Urls Project | 1 Auto-hyperlink Urls | 2022-08-23 | N/A | 5.4 MEDIUM |
| The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object. | |||||
| CVE-2022-35909 | 1 Jellyfin | 1 Jellyfin | 2022-08-19 | N/A | 8.8 HIGH |
| In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. | |||||
| CVE-2022-33990 | 1 Dproxy-nexgen Project | 1 Dproxy-nexgen | 2022-08-18 | N/A | 7.5 HIGH |
| Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | |||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2022-08-18 | 4.6 MEDIUM | 8.2 HIGH |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | |||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2022-08-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. | |||||
| CVE-2022-2390 | 1 Google | 1 Google Play Services Software Development Kit | 2022-08-17 | N/A | 8.4 HIGH |
| Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps. | |||||
| CVE-1999-0532 | 2022-08-17 | 0.0 LOW | N/A | ||
| A DNS server allows zone transfers. | |||||