Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13161 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2022-06-01 | 3.5 LOW | 5.3 MEDIUM |
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). | |||||
CVE-2022-30018 | 1 Mobotix | 1 Mxcontrolcenter | 2022-06-01 | 6.5 MEDIUM | 8.8 HIGH |
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations. | |||||
CVE-2022-22328 | 1 Ibm | 1 Partner Engagement Manager | 2022-06-01 | 2.1 LOW | 6.2 MEDIUM |
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. | |||||
CVE-2022-29230 | 1 Shopify | 1 Hydrogen | 2022-06-01 | 3.5 LOW | 5.4 MEDIUM |
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability. | |||||
CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||||
CVE-2022-0667 | 2 Isc, Netapp | 17 Bind, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |||||
CVE-2022-31215 | 1 Goverlan | 3 Client Agent, Reach Console, Reach Server | 2022-06-01 | 3.5 LOW | 6.5 MEDIUM |
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11. | |||||
CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2022-06-01 | 7.5 HIGH | 9.8 CRITICAL |
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | |||||
CVE-2022-30994 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 | |||||
CVE-2020-7307 | 1 Mcafee | 1 Data Loss Prevention | 2022-06-01 | 2.1 LOW | 5.2 MEDIUM |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | |||||
CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2022-06-01 | 6.9 MEDIUM | 7.0 HIGH |
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | |||||
CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2022-06-01 | 3.3 LOW | 6.9 MEDIUM |
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | |||||
CVE-2022-30991 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
CVE-2022-30993 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
CVE-2021-44733 | 5 Debian, Fedoraproject, Linux and 2 more | 20 Debian Linux, Fedora, Linux Kernel and 17 more | 2022-06-01 | 4.4 MEDIUM | 7.0 HIGH |
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. | |||||
CVE-2020-7314 | 1 Mcafee | 1 Mcafee Agent | 2022-06-01 | 7.2 HIGH | 7.8 HIGH |
Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | |||||
CVE-2020-4031 | 4 Canonical, Fedoraproject, Freerdp and 1 more | 4 Ubuntu Linux, Fedora, Freerdp and 1 more | 2022-06-01 | 4.3 MEDIUM | 7.5 HIGH |
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | |||||
CVE-2020-4032 | 4 Canonical, Fedoraproject, Freerdp and 1 more | 4 Ubuntu Linux, Fedora, Freerdp and 1 more | 2022-06-01 | 4.3 MEDIUM | 4.3 MEDIUM |
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. | |||||
CVE-2020-4033 | 4 Canonical, Fedoraproject, Freerdp and 1 more | 4 Ubuntu Linux, Fedora, Freerdp and 1 more | 2022-06-01 | 6.4 MEDIUM | 6.5 MEDIUM |
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. |