Total
190069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2022-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | |||||
| CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2022-07-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||
| CVE-2021-32995 | 1 Hornerautomation | 1 Cscape | 2022-07-02 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-07-02 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2022-2285 | 2022-07-02 | N/A | N/A | ||
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2284 | 2022-07-02 | N/A | N/A | ||
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-33016 | 2022-07-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-33015 | 2022-07-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-33014 | 2022-07-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-34903 | 2022-07-02 | N/A | N/A | ||
| GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | |||||
| CVE-2022-28200 | 2022-07-02 | N/A | 8.2 HIGH | ||
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-32551 | 2022-07-02 | N/A | N/A | ||
| Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | |||||
| CVE-2022-28987 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-07-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | |||||
| CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2022-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | |||||
| CVE-2022-32412 | 2022-07-01 | N/A | N/A | ||
| An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. | |||||
| CVE-2022-32411 | 2022-07-01 | N/A | N/A | ||
| An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. | |||||
| CVE-2022-32325 | 2022-07-01 | N/A | N/A | ||
| JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | |||||
| CVE-2022-32324 | 2022-07-01 | N/A | N/A | ||
| PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. | |||||
| CVE-2022-32420 | 2022-07-01 | N/A | N/A | ||
| College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. | |||||
| CVE-2022-32384 | 2022-07-01 | N/A | N/A | ||
| Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. | |||||