Total
189607 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31795 | 2022-06-26 | N/A | N/A | ||
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. | |||||
CVE-2022-31794 | 2022-06-26 | N/A | N/A | ||
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. | |||||
CVE-2022-23850 | 1 Epub2txt Project | 1 Epub2txt | 2022-06-26 | 6.8 MEDIUM | 7.8 HIGH |
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document. | |||||
CVE-2022-33124 | 2022-06-26 | N/A | N/A | ||
** DISPUTED ** AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application. | |||||
CVE-2022-30932 | 2022-06-26 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
CVE-2022-2206 | 2022-06-26 | N/A | N/A | ||
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2022-34495 | 2022-06-26 | N/A | N/A | ||
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |||||
CVE-2022-34494 | 2022-06-26 | N/A | N/A | ||
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |||||
CVE-2020-27509 | 2022-06-26 | N/A | N/A | ||
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. | |||||
CVE-2022-27092 | 2022-06-26 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
CVE-2022-30158 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2022-06-26 | 6.0 MEDIUM | 8.8 HIGH |
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30157. | |||||
CVE-2022-30157 | 1 Microsoft | 1 Sharepoint Server | 2022-06-26 | 6.5 MEDIUM | 8.8 HIGH |
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158. | |||||
CVE-2022-30159 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2022-06-26 | 4.3 MEDIUM | 5.5 MEDIUM |
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172. | |||||
CVE-2022-30171 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2022-06-26 | 4.3 MEDIUM | 5.5 MEDIUM |
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30172. | |||||
CVE-2022-30172 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2022-06-26 | 4.3 MEDIUM | 5.5 MEDIUM |
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30171. | |||||
CVE-2022-30174 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2022-06-26 | 6.8 MEDIUM | 7.8 HIGH |
Microsoft Office Remote Code Execution Vulnerability. | |||||
CVE-2015-20107 | 1 Python | 1 Python | 2022-06-26 | 10.0 HIGH | 9.8 CRITICAL |
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). | |||||
CVE-2022-28202 | 1 Mediawiki | 1 Mediawiki | 2022-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | |||||
CVE-2022-21127 | 2 Intel, Xen | 4 Sgx Dcap, Sgx Psw, Sgx Sdk and 1 more | 2022-06-26 | 2.1 LOW | 5.5 MEDIUM |
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-21125 | 3 Fedoraproject, Intel, Xen | 5 Fedora, Sgx Dcap, Sgx Psw and 2 more | 2022-06-26 | 2.1 LOW | 5.5 MEDIUM |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |