Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29340 | 1 Gpac | 1 Gpac | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | |||||
| CVE-2022-1464 | 1 Gogs | 1 Gogs | 2022-05-13 | 3.5 LOW | 5.4 MEDIUM |
| Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . | |||||
| CVE-2022-27189 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-29339 | 1 Gpac | 1 Gpac | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | |||||
| CVE-2006-2450 | 1 Libvncserver | 1 Libvncserver | 2022-05-13 | 7.5 HIGH | N/A |
| auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. | |||||
| CVE-2006-2369 | 1 Vnc | 1 Realvnc | 2022-05-13 | 7.5 HIGH | N/A |
| RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. | |||||
| CVE-2022-28471 | 1 Ffjpeg Project | 1 Ffjpeg | 2022-05-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 | |||||
| CVE-2022-20759 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-13 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. | |||||
| CVE-2022-20716 | 1 Cisco | 7 Sd-wan, Sd-wan Solution, Sd-wan Vbond Orchestrator and 4 more | 2022-05-13 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | |||||
| CVE-2022-28272 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28271 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | |||||
| CVE-2022-28270 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. | |||||
| CVE-2022-28273 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-25786 | 1 Secomea | 1 Gatemanager | 2022-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. | |||||
| CVE-2021-21812 | 1 Att | 1 Xmill | 2022-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities. | |||||
| CVE-2021-27041 | 3 Autodesk, Iconics, Mitsubishielectric | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code | |||||
| CVE-2021-24117 | 1 Apache | 1 Teaclave Sgx Sdk | 2022-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | |||||
| CVE-2020-19203 | 1 Netgate | 1 Pfsense | 2022-05-13 | 3.5 LOW | 5.4 MEDIUM |
| An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS. | |||||
| CVE-2021-27043 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application. | |||||
| CVE-2021-27042 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. | |||||