Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13161 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2022-06-01 3.5 LOW 5.3 MEDIUM
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
CVE-2022-30018 1 Mobotix 1 Mxcontrolcenter 2022-06-01 6.5 MEDIUM 8.8 HIGH
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations.
CVE-2022-22328 1 Ibm 1 Partner Engagement Manager 2022-06-01 2.1 LOW 6.2 MEDIUM
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871.
CVE-2022-29230 1 Shopify 1 Hydrogen 2022-06-01 3.5 LOW 5.4 MEDIUM
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability.
CVE-2022-0635 2 Isc, Netapp 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more 2022-06-01 5.0 MEDIUM 7.5 HIGH
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
CVE-2022-0667 2 Isc, Netapp 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more 2022-06-01 5.0 MEDIUM 7.5 HIGH
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
CVE-2022-31215 1 Goverlan 3 Client Agent, Reach Console, Reach Server 2022-06-01 3.5 LOW 6.5 MEDIUM
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
CVE-2021-37413 1 Grandcom 1 Dynweb 2022-06-01 7.5 HIGH 9.8 CRITICAL
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.
CVE-2022-30994 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 5.0 MEDIUM 7.5 HIGH
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
CVE-2020-7307 1 Mcafee 1 Data Loss Prevention 2022-06-01 2.1 LOW 5.2 MEDIUM
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
CVE-2020-7311 1 Mcafee 1 Mcafee Agent 2022-06-01 6.9 MEDIUM 7.0 HIGH
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.
CVE-2020-7310 1 Mcafee 1 Total Protection 2022-06-01 3.3 LOW 6.9 MEDIUM
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.
CVE-2022-30991 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 4.3 MEDIUM 6.1 MEDIUM
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2022-30993 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 5.0 MEDIUM 7.5 HIGH
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2022-30992 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 5.8 MEDIUM 6.1 MEDIUM
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2021-44733 5 Debian, Fedoraproject, Linux and 2 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2022-06-01 4.4 MEDIUM 7.0 HIGH
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2020-7314 1 Mcafee 1 Mcafee Agent 2022-06-01 7.2 HIGH 7.8 HIGH
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.
CVE-2020-4031 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-06-01 4.3 MEDIUM 7.5 HIGH
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
CVE-2020-4032 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-06-01 4.3 MEDIUM 4.3 MEDIUM
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
CVE-2020-4033 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-06-01 6.4 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.