Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35769 | 2 Microsoft, Webmin | 2 Windows, Webmin | 2022-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | |||||
| CVE-2022-22022 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-16 | 3.6 LOW | 7.1 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22041, CVE-2022-30206, CVE-2022-30226. | |||||
| CVE-2022-22024 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-16 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22027. | |||||
| CVE-2022-22025 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-16 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Internet Information Services Cachuri Module Denial of Service Vulnerability. | |||||
| CVE-2021-39041 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-07-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028. | |||||
| CVE-2022-35228 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-07-15 | 6.8 MEDIUM | 8.8 HIGH |
| SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. | |||||
| CVE-2021-1113 | 1 Nvidia | 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more | 2022-07-15 | 5.4 MEDIUM | 4.7 MEDIUM |
| NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients. | |||||
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-23744 | 1 Checkpoint | 2 Endpoint Security, Harmony Endpoint | 2022-07-15 | 2.1 LOW | 2.3 LOW |
| Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | |||||
| CVE-2022-31472 | 1 Cybozu | 1 Garoon | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | |||||
| CVE-2022-30943 | 1 Cybozu | 1 Garoon | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | |||||
| CVE-2022-30602 | 1 Cybozu | 1 Garoon | 2022-07-15 | 5.5 MEDIUM | 8.1 HIGH |
| Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | |||||
| CVE-2021-28507 | 1 Arista | 1 Eos | 2022-07-14 | 4.9 MEDIUM | 7.1 HIGH |
| An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. | |||||
| CVE-2021-28501 | 1 Arista | 1 Terminattr | 2022-07-14 | 6.9 MEDIUM | 7.8 HIGH |
| An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | |||||
| CVE-2022-30707 | 1 Yokogawa | 11 B\/m9000 Vp, B\/m9000cs, Centum Cs 3000 and 8 more | 2022-07-14 | 5.4 MEDIUM | 8.8 HIGH |
| Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. | |||||
| CVE-2022-32533 | 1 Apache | 1 Jetspeed | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue. | |||||
| CVE-2022-26078 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2022-07-14 | 7.8 HIGH | 7.5 HIGH |
| Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a. | |||||
| CVE-2022-34598 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands. | |||||
| CVE-2022-24141 | 1 Iobit | 1 Itop Vpn | 2022-07-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). | |||||
| CVE-2022-2228 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range | |||||