Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1648 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2012 and 2 more | 2022-07-21 | 7.2 HIGH | 7.8 HIGH |
| Microsoft splwow64 Elevation of Privilege Vulnerability | |||||
| CVE-2022-22282 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | |||||
| CVE-2022-33011 | 1 Withknown | 1 Known | 2022-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. | |||||
| CVE-2021-24838 | 1 Bologer | 1 Anycomment | 2022-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | |||||
| CVE-2021-1074 | 1 Nvidia | 1 Gpu Display Driver | 2022-07-21 | 6.9 MEDIUM | 7.3 HIGH |
| NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure. | |||||
| CVE-2022-0967 | 1 Showdoc | 1 Showdoc | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0711 | 3 Debian, Haproxy, Redhat | 5 Debian Linux, Haproxy, Enterprise Linux and 2 more | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | |||||
| CVE-2022-27929 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP. | |||||
| CVE-2022-27930 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. | |||||
| CVE-2022-27932 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | |||||
| CVE-2022-27931 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. | |||||
| CVE-2022-27933 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.8 MEDIUM | 8.2 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | |||||
| CVE-2022-27934 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. | |||||
| CVE-2022-27935 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. | |||||
| CVE-2022-27936 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. | |||||
| CVE-2022-27937 | 1 Pexip | 1 Pexip Infinity | 2022-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. | |||||
| CVE-2021-21832 | 1 Disc-soft | 1 Daemon Tools | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21810 | 1 Att | 1 Xmill | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21831 | 1 Foxit | 1 Pdf Reader | 2022-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2021-21913 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. | |||||