Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30370 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. | |||||
| CVE-2021-26339 | 1 Amd | 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. | |||||
| CVE-2022-30372 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. | |||||
| CVE-2022-30371 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. | |||||
| CVE-2022-28601 | 1 Lmsdoctor | 1 2 Factor Authentication | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism. | |||||
| CVE-2022-30373 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=. | |||||
| CVE-2008-4128 | 1 Cisco | 2 Integrated Services Router 871, Ios | 2022-05-23 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2022-24426 | 1 Dell | 3 Alienware Update, Command Update, Update | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | |||||
| CVE-2013-6707 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-23 | 4.3 MEDIUM | N/A |
| Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. | |||||
| CVE-2022-30374 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=. | |||||
| CVE-2022-27210 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2022-05-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-1588 | 2022-05-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-33108 | 1 Intel | 1 In-band Manageability | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-27363 | 3 Debian, Linux, Netapp | 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more | 2022-05-23 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | |||||
| CVE-2021-26813 | 2 Fedoraproject, Markdown2 Project | 2 Fedora, Markdown2 | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. | |||||
| CVE-2022-29117 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. | |||||
| CVE-2021-27886 | 1 Docker Dashboard Project | 1 Docker Dashboard | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product. | |||||
| CVE-2021-27080 | 1 Microsoft | 1 Azure Sphere | 2022-05-23 | 7.2 HIGH | 8.8 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27074. | |||||
| CVE-2021-27074 | 1 Microsoft | 1 Azure Sphere | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27080. | |||||
| CVE-2022-29727 | 1 Surveysparrow | 1 Enterprise Survey Software | 2022-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | |||||