Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31589 | 1 Sap | 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana | 2022-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | |||||
| CVE-2013-2216 | 2022-06-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2013-2180 | 2022-06-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-31914 | 1 Zoo Management System Project | 1 Zoo Management System | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | |||||
| CVE-2022-31300 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-20203 | 1 Google | 1 Android | 2022-06-27 | 4.6 MEDIUM | 7.8 HIGH |
| In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-31298 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-29509 | 1 Tandd | 3 T\&d Server, Thermo Recorder Data Server, Thermo Recorder Data Server Firmware | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2022-23167 | 1 Amodat | 1 Amodat | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED. | |||||
| CVE-2022-27176 | 1 Jscom | 3 Revoworks Browser, Revoworks Desktop, Revoworks Scvx | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. | |||||
| CVE-2022-26302 | 1 Fujielectric | 1 V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-29257 | 1 Electronjs | 1 Electron | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. | |||||
| CVE-2022-30151 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-06-27 | 4.4 MEDIUM | 7.0 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30549 | 1 Fujielectric | 1 V-server | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-30546 | 1 Fujielectric | 1 Monitouch V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-30538 | 1 Fujielectric | 1 Monitouch V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-30163 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-06-27 | 6.0 MEDIUM | 8.5 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. | |||||
| CVE-2022-29247 | 1 Electronjs | 1 Electron | 2022-06-27 | 6.8 MEDIUM | 9.8 CRITICAL |
| Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`. | |||||
| CVE-2022-30148 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-06-27 | 2.1 LOW | 5.5 MEDIUM |
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. | |||||
| CVE-2022-30147 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-06-27 | 7.2 HIGH | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability. | |||||