Latest CVE Feed
-
10.0
HIGHCVE-2022-22087
memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, ... Read more
Affected Products : aqt1000_firmware qca6390_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +299 more products- Published: Jun. 14, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-21907
HTTP Protocol Stack Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows +2 more products- Published: Jan. 11, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-21874
Windows Security Center API Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_server windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 +6 more products- Published: Jan. 11, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-21643
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct... Read more
Affected Products : useful_simple_open-source_cms- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-21431
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Easily exploitable vulnerability allow... Read more
Affected Products : communications_billing_and_revenue_management- Published: Apr. 19, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-21390
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allo... Read more
Affected Products : communications_billing_and_revenue_management- Published: Jan. 19, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2009-0228
Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request,... Read more
Affected Products : windows_2000- Published: Jun. 10, 2009
- Modified: Apr. 09, 2025
-
10.0
CRITICALCVE-2022-21215
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker... Read more
Affected Products : mimosa_management_platform c6x_firmware c5x_firmware c5c_firmware a5x_firmware c6x c5x c5c a5x- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-21275
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allow... Read more
Affected Products : communications_billing_and_revenue_management- Published: Jan. 19, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2011-0914
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.... Read more
Affected Products : lotus_domino- Published: Feb. 08, 2011
- Modified: Apr. 11, 2025
-
10.0
CRITICALCVE-2020-14606
Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more
Affected Products : sd-wan_edge- Published: Jul. 15, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20701
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
- Actively Exploited
- Published: Feb. 10, 2022
- Modified: Feb. 24, 2025
-
10.0
CRITICALCVE-2022-20695
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerabil... Read more
- Published: Apr. 15, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20707
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20711
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20706
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-20130
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitati... Read more
Affected Products : android- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-20140
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr... Read more
Affected Products : android- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-20145
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges nee... Read more
Affected Products : android- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-20210
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotel... Read more
Affected Products : android- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024