Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1430 | 1 Octoprint | 1 Octoprint | 2022-05-25 | 5.1 MEDIUM | 7.5 HIGH |
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. | |||||
CVE-2020-9973 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2022-05-25 | 9.3 HIGH | 7.8 HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
CVE-2021-42943 | 1 Ipplan Project | 1 Ipplan | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | |||||
CVE-2022-23706 | 1 Hp | 1 Oneview | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
CVE-2020-3937 | 1 Sysjust | 1 Syuan-gu-da-shin | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. | |||||
CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2022-05-25 | 8.5 HIGH | 7.5 HIGH |
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | |||||
CVE-2022-28190 | 1 Nvidia | 1 Gpu Display Driver | 2022-05-25 | 2.1 LOW | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. | |||||
CVE-2022-28189 | 1 Nvidia | 1 Gpu Display Driver | 2022-05-25 | 2.1 LOW | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. | |||||
CVE-2022-30045 | 1 Ezxml Project | 1 Ezxml | 2022-05-25 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. | |||||
CVE-2022-28617 | 1 Hp | 1 Oneview | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
CVE-2022-29436 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | |||||
CVE-2022-29435 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2022-05-25 | 5.8 MEDIUM | 5.4 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. | |||||
CVE-2022-30688 | 2 Debian, Needrestart Project | 2 Debian Linux, Needrestart | 2022-05-25 | 4.6 MEDIUM | 7.8 HIGH |
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. | |||||
CVE-2022-30054 | 1 Covid 19 Travel Pass Management Project | 1 Covid 19 Travel Pass Management | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. | |||||
CVE-2022-30053 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. | |||||
CVE-2022-30052 | 1 Home Clean Service System Project | 1 Home Clean Service System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. | |||||
CVE-2021-26400 | 1 Amd | 1 Cpu | 2022-05-25 | 2.1 LOW | 4.0 MEDIUM |
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | |||||
CVE-2022-1753 | 1 Wowonder | 1 Wowonder | 2022-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public. | |||||
CVE-2021-26364 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | |||||
CVE-2021-26372 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. |