Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4241 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-25 | 6.1 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679. | |||||
| CVE-2016-1445 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-25 | 4.3 MEDIUM | 5.3 MEDIUM |
| Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. | |||||
| CVE-2022-29539 | 1 Resi | 1 Gemini-net | 2022-05-25 | 10.0 HIGH | 9.8 CRITICAL |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user. | |||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2022-05-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | |||||
| CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2019-12677 | 1 Cisco | 12 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 9 more | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. A reload of the device is required to recover from this condition. Established SSL/TLS connections to the device and SSL/TLS connections through the device are not affected. Note: Although this vulnerability is in the SSL VPN feature, successful exploitation of this vulnerability would affect all new SSL/TLS sessions to the device, including management sessions. | |||||
| CVE-2021-22275 | 1 Br-automation | 1 Automation Runtime | 2022-05-25 | 7.8 HIGH | 8.6 HIGH |
| Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. | |||||
| CVE-2021-26390 | 1 Amd | 74 Athlon 300u, Athlon 300u Firmware, Ryzen 3 3200u and 71 more | 2022-05-25 | 4.9 MEDIUM | 6.2 MEDIUM |
| A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | |||||
| CVE-2022-23677 | 1 Arubanetworks | 22 2530, 2530 Firmware, 2540 and 19 more | 2022-05-25 | 9.3 HIGH | 8.1 HIGH |
| A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-23676 | 1 Arubanetworks | 22 2530, 2530 Firmware, 2540 and 19 more | 2022-05-25 | 9.3 HIGH | 9.8 CRITICAL |
| A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-23667 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 6.5 MEDIUM | 7.2 HIGH |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23668 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. | |||||
| CVE-2022-23670 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-30959 | 1 Jenkins | 1 Ssh | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-30972 | 1 Jenkins | 1 Storage Configs | 2022-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2022-30958 | 1 Jenkins | 1 Ssh | 2022-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | |||||
| CVE-2022-30055 | 2 Mersenne, Microsoft | 2 Prime95, Windows | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | |||||
| CVE-2021-27442 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. | |||||
| CVE-2022-30965 | 1 Jenkins | 1 Promoted Builds | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||