Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30206 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 7.2 HIGH | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226. | |||||
| CVE-2022-30208 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Security Account Manager (SAM) Denial of Service Vulnerability. | |||||
| CVE-2022-30209 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 5.8 MEDIUM | 7.4 HIGH |
| Windows IIS Server Elevation of Privilege Vulnerability. | |||||
| CVE-2021-4135 | 1 Linux | 1 Linux Kernel | 2022-07-20 | N/A | 5.5 MEDIUM |
| A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. | |||||
| CVE-2022-30212 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-07-20 | 4.7 MEDIUM | 4.7 MEDIUM |
| Windows Connected Devices Platform Service Information Disclosure Vulnerability. | |||||
| CVE-2022-30113 | 1 Fahou100 | 1 Electronic Mall System | 2022-07-20 | N/A | 9.8 CRITICAL |
| Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. | |||||
| CVE-2021-46827 | 1 Sync | 5 Oxygen Publishing Engine, Oxygen Xml Author, Oxygen Xml Developer and 2 more | 2022-07-20 | N/A | 6.1 MEDIUM |
| An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field. | |||||
| CVE-2022-32074 | 1 Osticket | 1 Osticket | 2022-07-20 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | |||||
| CVE-2020-14127 | 1 Mi | 3 Miui, Redmi K40, Redmi Note 10 Pro | 2022-07-20 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service. | |||||
| CVE-2022-1662 | 1 Convert2rhel Project | 1 Convert2rhel | 2022-07-20 | N/A | 5.5 MEDIUM |
| In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel. | |||||
| CVE-2022-32225 | 1 Veeam | 1 Management Pack | 2022-07-20 | N/A | 6.1 MEDIUM |
| A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. | |||||
| CVE-2022-31142 | 1 Fastify | 1 Bearer-auth | 2022-07-20 | N/A | 7.5 HIGH |
| @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack. Version 7.0.2 and 8.0.1 of @fastify/bearer-auth contain a patch. There are currently no known workarounds. The package fastify-bearer-auth, which covers versions 6.0.3 and prior, is also vulnerable starting at version 5.0.1. Users of fastify-bearer-auth should upgrade to a patched version of @fastify/bearer-auth. | |||||
| CVE-2022-22998 | 2 Linux, Westerndigital | 5 Linux Kernel, My Cloud Home, My Cloud Home Duo and 2 more | 2022-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Implemented protections on AWS credentials that were not properly protected. | |||||
| CVE-2017-20126 | 1 Kb Affiliate Referral Script Project | 1 Kb Affiliate Referral Script | 2022-07-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-30215 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-07-20 | 8.5 HIGH | 7.5 HIGH |
| Active Directory Federation Services Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24800 | 1 Octobercms | 1 October | 2022-07-20 | 6.8 MEDIUM | 8.1 HIGH |
| October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. The issue has been patched in Build 476 (v1.0.476), v1.1.12, and v2.2.15. Those who are unable to upgrade may apply with patch to their installation manually as a workaround. | |||||
| CVE-2022-32389 | 1 Isode | 1 Swift | 2022-07-20 | N/A | 7.5 HIGH |
| Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. | |||||
| CVE-2022-2401 | 1 Mattermost | 1 Mattermost Server | 2022-07-20 | N/A | 6.5 MEDIUM |
| Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs. | |||||
| CVE-2017-20127 | 1 Kb Login Authentication Script Project | 1 Kb Login Authentication Script | 2022-07-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-30222 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-07-20 | 4.6 MEDIUM | 8.4 HIGH |
| Windows Shell Remote Code Execution Vulnerability. | |||||