Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8625 | 5 Debian, Fedoraproject, Isc and 2 more | 9 Debian Linux, Fedora, Bind and 6 more | 2022-04-18 | 6.8 MEDIUM | 8.1 HIGH |
| BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch | |||||
| CVE-2022-26825 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-04-18 | 9.0 HIGH | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829. | |||||
| CVE-2022-26826 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-18 | 9.0 HIGH | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829. | |||||
| CVE-2022-26829 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-04-18 | 8.5 HIGH | 6.6 MEDIUM |
| Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826. | |||||
| CVE-2022-26096 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2022-26095 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2022-27279 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. | |||||
| CVE-2022-27277 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | |||||
| CVE-2022-27276 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27275 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27274 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27273 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-26097 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
| CVE-2022-27272 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27271 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2021-39797 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 | |||||
| CVE-2021-39798 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612 | |||||
| CVE-2022-27270 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27269 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27268 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. | |||||