Vulnerabilities (CVE)

Total 189607 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31795 2022-06-26 N/A N/A
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVE-2022-31794 2022-06-26 N/A N/A
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVE-2022-23850 1 Epub2txt Project 1 Epub2txt 2022-06-26 6.8 MEDIUM 7.8 HIGH
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.
CVE-2022-33124 2022-06-26 N/A N/A
** DISPUTED ** AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application.
CVE-2022-30932 2022-06-26 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2022-2206 2022-06-26 N/A N/A
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-34495 2022-06-26 N/A N/A
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
CVE-2022-34494 2022-06-26 N/A N/A
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
CVE-2020-27509 2022-06-26 N/A N/A
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
CVE-2022-27092 2022-06-26 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2022-30158 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2022-06-26 6.0 MEDIUM 8.8 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30157.
CVE-2022-30157 1 Microsoft 1 Sharepoint Server 2022-06-26 6.5 MEDIUM 8.8 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158.
CVE-2022-30159 1 Microsoft 3 Office Online Server, Office Web Apps Server, Sharepoint Server 2022-06-26 4.3 MEDIUM 5.5 MEDIUM
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172.
CVE-2022-30171 1 Microsoft 3 Office Online Server, Office Web Apps Server, Sharepoint Server 2022-06-26 4.3 MEDIUM 5.5 MEDIUM
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30172.
CVE-2022-30172 1 Microsoft 3 Office Online Server, Office Web Apps Server, Sharepoint Server 2022-06-26 4.3 MEDIUM 5.5 MEDIUM
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30171.
CVE-2022-30174 1 Microsoft 2 365 Apps, Office Long Term Servicing Channel 2022-06-26 6.8 MEDIUM 7.8 HIGH
Microsoft Office Remote Code Execution Vulnerability.
CVE-2015-20107 1 Python 1 Python 2022-06-26 10.0 HIGH 9.8 CRITICAL
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
CVE-2022-28202 1 Mediawiki 1 Mediawiki 2022-06-26 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVE-2022-21127 2 Intel, Xen 4 Sgx Dcap, Sgx Psw, Sgx Sdk and 1 more 2022-06-26 2.1 LOW 5.5 MEDIUM
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125 3 Fedoraproject, Intel, Xen 5 Fedora, Sgx Dcap, Sgx Psw and 2 more 2022-06-26 2.1 LOW 5.5 MEDIUM
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.