Search and browse vulnerability records from NVD
Showing 50 of 42015 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
| 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
1.6% | 2022-05-31 | ||
| 7.5 HIGH |
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector |
0.6% | 2022-05-30 | ||
| 7.8 HIGH |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
1.5% | 2022-05-27 | ||
|
CVE-2022-22675
KEV
|
7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. |
12.6% | 2022-05-26 | |
| 8.1 HIGH |
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). |
1.9% | 2022-05-26 | ||
| 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. |
0.4% | 2022-05-26 | ||
| 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. |
0.4% | 2022-05-26 | ||
| 7.8 HIGH |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. |
0.4% | 2022-05-26 | ||
| 7.8 HIGH |
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. |
0.4% | 2022-05-26 | ||
| 7.2 HIGH |
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
1.4% | 2022-05-25 | ||
| 7.1 HIGH |
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. |
0.8% | 2022-05-24 | ||
| 7.5 HIGH |
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10. |
1.1% | 2022-05-24 | ||
| 7.1 HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user. |
0.8% | 2022-05-20 | ||
| 7.5 HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. |
1.0% | 2022-05-20 | ||
| 7.1 HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks. |
0.8% | 2022-05-20 | ||
| 8.8 HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. |
0.7% | 2022-05-20 | ||
| 8.8 HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. |
1.3% | 2022-05-20 | ||
| 7.8 HIGH |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. |
0.5% | 2022-05-19 | ||
| 7.8 HIGH |
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. |
0.4% | 2022-05-17 | ||
| 7.8 HIGH |
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. |
4.1% | 2022-05-12 | ||
| 8.1 HIGH |
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. |
1.7% | 2022-05-12 | ||
| 7.5 HIGH |
.NET and Visual Studio Denial of Service Vulnerability |
4.7% | 2022-05-10 | ||
| 7.5 HIGH |
.NET and Visual Studio Denial of Service Vulnerability |
4.6% | 2022-05-10 | ||
| 7.8 HIGH |
Microsoft Excel Remote Code Execution Vulnerability |
2.5% | 2022-05-10 | ||
| 7.8 HIGH |
Windows Address Book Remote Code Execution Vulnerability |
2.5% | 2022-05-10 | ||
|
CVE-2022-26925
KEV
|
8.1 HIGH |
Windows LSA Spoofing Vulnerability |
9.8% | 2022-05-10 | |
|
CVE-2022-26923
KEV
|
8.8 HIGH |
Active Directory Domain Services Elevation of Privilege Vulnerability |
83.3% | 2022-05-10 | |
| 7.5 HIGH |
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. |
9.1% | 2022-05-10 | ||
| 7.8 HIGH |
Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. |
0.3% | 2022-05-10 | ||
| 7.5 HIGH |
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. |
3.9% | 2022-05-09 | ||
| 7.2 HIGH |
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable "authenticated attacker" always also has the supported ability to make an SSH connection as root). |
4.4% | 2022-05-09 | ||
|
CVE-2022-30333
KEV
|
7.5 HIGH |
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. |
99.0% | 2022-05-09 | |
| 7.8 HIGH |
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution |
2.6% | 2022-05-07 | ||
| 7.1 HIGH |
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. |
0.9% | 2022-05-06 | ||
| 7.8 HIGH |
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM. |
0.4% | 2022-05-04 | ||
| 7.8 HIGH |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
3.6% | 2022-05-02 | ||
| 7.8 HIGH |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
3.6% | 2022-05-02 | ||
| 7.8 HIGH |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
3.6% | 2022-05-02 | ||
| 7.8 HIGH |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
3.6% | 2022-05-02 | ||
| 7.5 HIGH |
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. |
2.1% | 2022-05-02 | ||
| 7.7 HIGH |
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
11.6% | 2022-05-01 | ||
| 7.4 HIGH |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. |
2.2% | 2022-04-26 | ||
| 7.5 HIGH |
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this. |
2.7% | 2022-04-25 | ||
| 7.3 HIGH |
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. |
0.2% | 2022-04-22 | ||
| 7.5 HIGH |
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. |
1.1% | 2022-04-21 | ||
|
CVE-2022-27925
KEV
|
7.2 HIGH |
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. |
98.2% | 2022-04-21 | |
|
CVE-2022-27924
KEV
|
7.5 HIGH |
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. |
84.6% | 2022-04-21 | |
| 7.5 HIGH |
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. |
1.5% | 2022-04-20 | ||
| 7.5 HIGH |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
3.8% | 2022-04-19 | ||
| 7.5 HIGH |
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7. |
19.6% | 2022-04-19 |