Vulnerabilities (CVE)

Total 190069 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32967 1 Deltaww 1 Diaenergie 2022-07-02 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.
CVE-2021-32954 1 Advantech 1 Webaccess\/scada 2022-07-02 6.8 MEDIUM 6.5 MEDIUM
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
CVE-2021-32995 1 Hornerautomation 1 Cscape 2022-07-02 6.8 MEDIUM 7.8 HIGH
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-33004 1 Advantech 1 Webaccess\/hmi Designer 2022-07-02 6.8 MEDIUM 7.8 HIGH
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2022-2285 2022-07-02 N/A N/A
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
CVE-2022-2284 2022-07-02 N/A N/A
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-33016 2022-07-02 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2022-33015 2022-07-02 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2022-33014 2022-07-02 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2022-34903 2022-07-02 N/A N/A
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-28200 2022-07-02 N/A 8.2 HIGH
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
CVE-2022-32551 2022-07-02 N/A N/A
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVE-2022-28987 1 Zohocorp 1 Manageengine Adselfservice Plus 2022-07-02 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
CVE-2022-28219 1 Zohocorp 1 Manageengine Adaudit Plus 2022-07-02 7.5 HIGH 9.8 CRITICAL
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVE-2022-32412 2022-07-01 N/A N/A
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32411 2022-07-01 N/A N/A
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32325 2022-07-01 N/A N/A
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.
CVE-2022-32324 2022-07-01 N/A N/A
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32420 2022-07-01 N/A N/A
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.
CVE-2022-32384 2022-07-01 N/A N/A
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.