Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11830 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 4.6 MEDIUM | 5.3 MEDIUM |
| Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | |||||
| CVE-2017-11827 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2022-05-23 | 9.3 HIGH | 7.5 HIGH |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | |||||
| CVE-2017-11788 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | |||||
| CVE-2017-11768 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2022-05-23 | 1.9 LOW | 2.5 LOW |
| Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." | |||||
| CVE-2022-26002 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2022-26007 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26020 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26042 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-30378 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. | |||||
| CVE-2022-30376 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. | |||||
| CVE-2022-30379 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-23705 | 1 Hpe | 1 Nimbleos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-26075 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26420 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26510 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-30367 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-26518 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2014-3392 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-23 | 8.3 HIGH | N/A |
| The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136. | |||||
| CVE-2014-3393 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-23 | 4.3 MEDIUM | N/A |
| The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. | |||||