IDCVSSSummaryLast (major) updatePublished
CVE-2022-32552 9.0
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x
05-07-2022 - 13:20 23-06-2022 - 17:15
CVE-2022-32553 9.0
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x
05-07-2022 - 13:19 23-06-2022 - 17:15
CVE-2022-32554 10.0
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x
05-07-2022 - 13:16 23-06-2022 - 17:15
CVE-2022-26365 None
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-2304 None
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-30290 None
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, e
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-33740 None
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-33741 None
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-33742 None
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-33743 None
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2022-33744 None
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small ra
05-07-2022 - 13:15 05-07-2022 - 13:15
CVE-2021-43702 None
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stor
05-07-2022 - 12:53 05-07-2022 - 12:15
CVE-2022-30289 None
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the f
05-07-2022 - 12:53 05-07-2022 - 12:15
CVE-2022-2309 None
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes t
05-07-2022 - 12:53 05-07-2022 - 10:15
CVE-2022-2097 None
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't writte
05-07-2022 - 12:53 05-07-2022 - 11:15
CVE-2022-2306 None
Old session tokens can be used to authenticate to the application and send authenticated requests.
05-07-2022 - 12:53 05-07-2022 - 09:15
CVE-2022-34829 None
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
05-07-2022 - 12:53 04-07-2022 - 20:15
CVE-2022-34918 None
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacke
05-07-2022 - 12:53 04-07-2022 - 21:15
CVE-2022-31599 None
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information di
05-07-2022 - 12:53 04-07-2022 - 18:15
CVE-2022-31600 None
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, deni
05-07-2022 - 12:53 04-07-2022 - 18:15
CVE-2022-31601 None
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclo
05-07-2022 - 12:53 04-07-2022 - 18:15
CVE-2022-31602 None
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity i
05-07-2022 - 12:53 04-07-2022 - 18:15
CVE-2022-31603 None
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of servic
05-07-2022 - 12:53 04-07-2022 - 18:15
CVE-2022-33171 None
** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id strin
05-07-2022 - 12:53 04-07-2022 - 16:15
CVE-2022-34265 None
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and
05-07-2022 - 12:53 04-07-2022 - 16:15
CVE-2021-25056 None
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2021-25066 None
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2022-0250 None
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2022-1301 None
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltere
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2022-1946 None
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting is
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2022-1967 None
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2022-2268 None
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP
05-07-2022 - 12:53 04-07-2022 - 13:15
CVE-2022-2300 None
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
05-07-2022 - 12:53 04-07-2022 - 11:15
CVE-2022-2301 None
Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.
05-07-2022 - 12:53 04-07-2022 - 11:15
CVE-2022-26051 None
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-26054 None
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-26368 None
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-27627 None
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-27661 None
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-27803 None
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-27807 None
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-28692 None
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-28713 None
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-28718 None
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-29467 None
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-29471 None
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-29484 None
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-29513 None
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-29892 None
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
05-07-2022 - 12:53 04-07-2022 - 07:15
CVE-2022-32284 None
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a s
05-07-2022 - 12:53 04-07-2022 - 02:15
Back to Top Mark selected
Back to Top