Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28675 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-22 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16642. | |||||
| CVE-2022-28674 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-22 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16644. | |||||
| CVE-2022-28673 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-22 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16641. | |||||
| CVE-2022-28672 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-22 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16640. | |||||
| CVE-2022-28671 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-22 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16639. | |||||
| CVE-2022-28669 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-22 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16420. | |||||
| CVE-2022-2400 | 1 Dompdf Project | 1 Dompdf | 2022-07-22 | N/A | 5.3 MEDIUM |
| External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
| CVE-2022-23142 | 1 Zte | 2 Zxen Cg200, Zxen Cg200 Firmware | 2022-07-22 | N/A | 5.3 MEDIUM |
| ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible. | |||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-22 | N/A | 7.5 HIGH |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | |||||
| CVE-2022-30626 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-22 | N/A | 7.5 HIGH |
| Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | |||||
| CVE-2022-30625 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-22 | N/A | 5.3 MEDIUM |
| Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible. | |||||
| CVE-2022-30624 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-22 | N/A | 7.5 HIGH |
| Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password. | |||||
| CVE-2022-30623 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-22 | N/A | 9.8 CRITICAL |
| The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password. | |||||
| CVE-2022-36126 | 1 Inductiveautomation | 1 Ignition | 2022-07-22 | N/A | 7.2 HIGH |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. | |||||
| CVE-2022-34754 | 1 Schneider-electric | 4 Acti9 Powertag Link C \(a9xelc10-a\), Acti9 Powertag Link C \(a9xelc10-a\) Firmware, Acti9 Powertag Link C \(a9xelc10-b\) and 1 more | 2022-07-22 | N/A | 6.8 MEDIUM |
| A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior) | |||||
| CVE-2020-23563 | 1 Irfanview | 1 Irfanview | 2022-07-22 | N/A | 5.5 MEDIUM |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. | |||||
| CVE-2022-30620 | 1 Cellinx | 2 Cellinx Nvt - Ip Ptz Camera, Cellinx Nvt - Ip Ptz Camera Firmware | 2022-07-22 | N/A | 8.8 HIGH |
| On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows changing various configuration in the camera. | |||||
| CVE-2022-1737 | 1 Pyramidsolutions | 4 Netstax Ethernet\/ip Adapter Development Kit, Netstax Ethernet\/ip Adapter Dll Kit, Netstax Ethernet\/ip Scanner Development Kit and 1 more | 2022-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition. | |||||
| CVE-2022-30243 | 1 Honeywell | 2 Alterton Visual Logic, Alterton Visual Logic Firmware | 2022-07-22 | N/A | 8.8 HIGH |
| Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | |||||
| CVE-2022-30242 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2022-07-22 | N/A | 6.8 MEDIUM |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered. | |||||