Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26748 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-39795 | 2022-06-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Pulled from Android ASB#2022-04 publication (https://source.android.com/security/bulletin/2022-04-01) due to a functional regression. We will re-release this CVE at a future date, in a future publication that is currently TBD | |||||
| CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2022-06-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | |||||
| CVE-2022-26747 | 1 Apple | 1 Xcode | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. | |||||
| CVE-2022-22127 | 1 Tableau | 1 Tableau Server | 2022-06-07 | 6.5 MEDIUM | 7.2 HIGH |
| Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable. | |||||
| CVE-2022-26755 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 4.3 MEDIUM | 6.3 MEDIUM |
| This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. | |||||
| CVE-2022-26751 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2022-26750 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-29253 | 1 Xwiki | 1 Xwiki | 2022-06-07 | 4.0 MEDIUM | 2.7 LOW |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. | |||||
| CVE-2022-26754 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26753 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26752 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-35487 | 1 Nokia | 1 Broadcast Message Center | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. | |||||
| CVE-2022-26857 | 1 Dell | 1 Openmanage Enterprise | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | |||||
| CVE-2021-4231 | 1 Angular | 1 Angular | 2022-06-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. | |||||
| CVE-2022-26865 | 1 Dell | 1 Supportassist Os Recovery | 2022-06-07 | 7.2 HIGH | 6.8 MEDIUM |
| Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. | |||||
| CVE-2022-29252 | 1 Xwiki | 1 Xwiki | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. | |||||
| CVE-2020-13499 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13522 | 1 Softperfect | 1 Ram Disk | 2022-06-07 | 3.6 LOW | 7.1 HIGH |
| An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13523 | 1 Softperfect | 1 Ram Disk | 2022-06-07 | 2.1 LOW | 3.3 LOW |
| An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||