Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24279 | 1 Springtree | 1 Madlib-object-utils | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676) | |||||
| CVE-2022-28113 | 1 Fantec | 2 Mwid25-ds, Mwid25-ds Firmware | 2022-04-25 | 9.0 HIGH | 7.2 HIGH |
| An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. | |||||
| CVE-2022-27048 | 1 Moxa | 40 Mgate Mb3170, Mgate Mb3170-m-sc, Mgate Mb3170-m-sc-t and 37 more | 2022-04-25 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. | |||||
| CVE-2022-20693 | 1 Cisco | 1 Ios Xe | 2022-04-25 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | |||||
| CVE-2021-37713 | 4 Microsoft, Npmjs, Oracle and 1 more | 4 Windows, Tar, Graalvm and 1 more | 2022-04-25 | 4.4 MEDIUM | 8.6 HIGH |
| The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves. | |||||
| CVE-2022-26810 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827. | |||||
| CVE-2022-26924 | 1 Microsoft | 1 Yet Another Reverse Proxy | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| YARP Denial of Service Vulnerability. | |||||
| CVE-2022-26921 | 1 Microsoft | 1 Visual Studio Code | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability. | |||||
| CVE-2022-26920 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability. | |||||
| CVE-2022-26919 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 9.3 HIGH | 8.1 HIGH |
| Windows LDAP Remote Code Execution Vulnerability. | |||||
| CVE-2022-26918 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917. | |||||
| CVE-2022-26917 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918. | |||||
| CVE-2022-26916 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.1 MEDIUM | 7.8 HIGH |
| Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918. | |||||
| CVE-2022-26808 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-25 | 4.4 MEDIUM | 7.0 HIGH |
| Windows File Explorer Elevation of Privilege Vulnerability. | |||||
| CVE-2021-40702 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2022-26915 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability. | |||||
| CVE-2021-40701 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40700 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-39824 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-39819 | 1 Adobe | 1 Incopy | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||