Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26722 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | |||||
| CVE-2022-26723 | 1 Apple | 1 Macos | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | |||||
| CVE-2022-26726 | 1 Apple | 3 Mac Os X, Macos, Watchos | 2022-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. | |||||
| CVE-2022-26725 | 1 Apple | 1 Macos | 2022-06-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. | |||||
| CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-28618 | 1 Hpe | 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-29188 | 1 Stripe | 1 Smokescreen | 2022-06-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by surrounding the hostname with square brackets (e.g. `[example.com]`). This only impacted the HTTP proxy functionality of Smokescreen. HTTPS requests were not impacted. Smokescreen version 0.0.4 contains a patch for this issue. | |||||
| CVE-2022-20674 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-20673 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-20672 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-26706 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2022-29185 | 1 Totp-rs Project | 1 Totp-rs | 2022-06-07 | 3.5 LOW | 4.4 MEDIUM |
| totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds. | |||||
| CVE-2022-26711 | 1 Apple | 6 Ipados, Iphone Os, Itunes and 3 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-14496 | 1 Mitsubishielectric | 29 Cpu Module Logging Configuration Tool, Cw Configurator, Data Transfer and 26 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed. | |||||
| CVE-2022-26771 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26727 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2022-26773 | 1 Apple | 1 Itunes | 2022-06-07 | 5.8 MEDIUM | 7.1 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | |||||
| CVE-2022-26772 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2022-06-07 | 4.6 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | |||||