VYPR

CVEs

1,631 total · page 14 of 33

  • CVE-2022-0028KEVAug 10, 2022
    risk 0.12cvss epss 0.02

    A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series…

  • CVE-2022-34713KEVAug 9, 2022
    risk 0.12cvss epss 0.68

    Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

  • CVE-2022-2294KEVJul 28, 2022
    risk 0.18cvss epss 0.70

    Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-1364KEVJul 26, 2022
    risk 0.13cvss epss 0.14

    Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-1096KEVJul 22, 2022
    risk 0.15cvss epss 0.24

    Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-26138KEVJul 20, 2022
    risk 0.20cvss epss 0.98

    The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded…

  • CVE-2022-35405KEVJul 19, 2022
    risk 0.23cvss epss 1.00

    Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

  • CVE-2022-33891KEVJul 18, 2022
    risk 0.22cvss epss 0.93

    The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter…

  • CVE-2022-26352KEVJul 17, 2022
    risk 0.29cvss epss 0.92

    An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage…

  • CVE-2022-22047KEVJul 12, 2022
    risk 0.12cvss epss 0.19

    Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

  • CVE-2022-22071KEVJun 14, 2022
    risk 0.12cvss epss 0.00

    Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2022-26134KEVJun 3, 2022
    risk 0.29cvss epss 1.00

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from…

  • CVE-2022-30190KEVJun 1, 2022
    risk 0.28cvss epss 0.99

    A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then…

  • CVE-2022-22675KEVMay 26, 2022
    risk 0.12cvss epss 0.13

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple…

  • CVE-2022-22674KEVMay 26, 2022
    risk 0.12cvss epss 0.01

    An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel…

  • CVE-2022-20821KEVMay 26, 2022
    risk 0.13cvss epss 0.12

    A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon…

  • CVE-2022-29303KEVMay 12, 2022
    risk 0.23cvss epss 1.00

    SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

  • CVE-2022-30525KEVMay 12, 2022
    risk 0.23cvss epss 1.00

    A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00…

  • CVE-2022-26925KEVMay 10, 2022
    risk 0.15cvss epss 0.10

    Windows LSA Spoofing Vulnerability

  • CVE-2022-26923KEVMay 10, 2022
    risk 0.22cvss epss 0.83

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2022-30333KEVMay 9, 2022
    risk 0.28cvss epss 0.99

    RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

  • CVE-2022-1388KEVMay 5, 2022
    risk 0.29cvss epss 1.00

    On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which…

  • CVE-2022-29499KEVApr 26, 2022
    risk 0.25cvss epss 0.57

    The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

  • CVE-2022-24706KEVApr 26, 2022
    risk 0.23cvss epss 0.92

    In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a…

  • CVE-2022-27926KEVApr 20, 2022
    risk 0.20cvss epss 0.17

    A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.

  • CVE-2022-27925KEVApr 20, 2022
    risk 0.29cvss epss 0.98

    Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

  • CVE-2022-27924KEVApr 20, 2022
    risk 0.25cvss epss 0.85

    Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.

  • CVE-2022-21445KEVApr 19, 2022
    risk 0.19cvss epss 0.62

    Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2022-28810KEVApr 18, 2022
    risk 0.21cvss epss 0.70

    Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this…

  • CVE-2022-29464KEVApr 18, 2022
    risk 0.29cvss epss 1.00

    Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a…

  • CVE-2022-26904KEVApr 15, 2022
    risk 0.17cvss epss 0.10

    Windows User Profile Service Elevation of Privilege Vulnerability

  • CVE-2022-24521KEVApr 15, 2022
    risk 0.19cvss epss 0.07

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2022-24816KEVApr 13, 2022
    risk 0.13cvss epss 0.99

    JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In…

  • CVE-2022-22960KEVApr 13, 2022
    risk 0.21cvss epss 0.37

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-22954KEVApr 11, 2022
    risk 0.29cvss epss 1.00

    VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

  • CVE-2022-0609KEVApr 4, 2022
    risk 0.16cvss epss 0.24

    Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-22965KEVApr 1, 2022
    risk 0.16cvss epss 1.00

    A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar,…

  • CVE-2022-22963KEVApr 1, 2022
    risk 0.23cvss epss 1.00

    In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

  • CVE-2022-26871KEVMar 29, 2022
    risk 0.14cvss epss 0.20

    An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

  • CVE-2022-22948KEVMar 29, 2022
    risk 0.17cvss epss 0.14

    The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2022-26258KEVMar 27, 2022
    risk 0.19cvss epss 0.81

    D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.

  • CVE-2022-1040KEVMar 25, 2022
    risk 0.23cvss epss 1.00

    An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

  • CVE-2022-22620KEVMar 18, 2022
    risk 0.12cvss epss 0.16

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution.…

  • CVE-2022-22587KEVMar 18, 2022
    risk 0.12cvss epss 0.12

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report…

  • CVE-2022-26500KEVMar 17, 2022
    risk 0.20cvss epss 0.06

    Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

  • CVE-2022-26501KEVMar 17, 2022
    risk 0.24cvss epss 0.04

    Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).

  • CVE-2021-39793KEVMar 16, 2022
    risk 0.12cvss epss 0.01

    In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-26143KEVMar 9, 2022
    risk 0.19cvss epss 0.88

    The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in…

  • CVE-2022-0847KEVMar 7, 2022
    risk 0.22cvss epss 0.88

    A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to…

  • CVE-2022-26318KEVMar 4, 2022
    risk 0.22cvss epss 0.78

    On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.