The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-30663 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30662 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30661 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30660 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30659 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | HIGH | Jun 16, 2022 |
CVE-2022-30658 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30657 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30656 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | HIGH | Jun 16, 2022 |
CVE-2022-30655 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30654 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30653 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30652 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30651 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30650 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30649 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30648 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30647 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jun 16, 2022 |
CVE-2022-30636 | x/crypto/acme/autocert: httpTokenCacheKey allows limited directory traversal on windows | -- | May 27, 2022 |
CVE-2022-30635 | security: fix CVE-2022-30635 | -- | Jul 4, 2022 |
CVE-2022-30634 | crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1 | -- | May 27, 2022 |
CVE-2022-30632 | This is a PRIVATE issue tracked in b/226945200 and fixed by http://tg/1423262. | -- | Jun 20, 2022 |
CVE-2022-30631 | security: fix CVE-2022-30631 | -- | Jun 1, 2022 |
CVE-2022-30630 | This is a PRIVATE issue tracked in b/231318890 and fixed by http://tg/1422952. | -- | Jun 20, 2022 |
CVE-2022-30629 | go: crypto/tls: randomly generate ticket_age_add [freeze exception] | -- | May 20, 2022 |
CVE-2022-30618 | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. | MEDIUM | May 19, 2022 |
CVE-2022-30617 | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For example, a low-privileged “author” role account can view these details in the JSON response for an “editor” or “super admin” that has updated one of the author’s blog posts. There are also many other scenarios where such details from other users can leak in the JSON response, either through a direct or indirect relationship. Access to this information enables a user to compromise other users’ accounts by successfully invoking the password reset workflow. In a worst-case scenario, a low-privileged user could get access to a “super admin” account with full control over the Strapi instance, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. | HIGH | May 19, 2022 |
CVE-2022-30611 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim\'s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\'s cookie-based authentication credentials. IBM X-Force ID: 227364. | LOW | Jun 10, 2022 |
CVE-2022-30610 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. | LOW | Jun 10, 2022 |
CVE-2022-30607 | IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. | MEDIUM | Jun 17, 2022 |
CVE-2022-30600 | A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | HIGH | May 18, 2022 |
CVE-2022-30599 | A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | HIGH | May 18, 2022 |
CVE-2022-30598 | A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | MEDIUM | May 18, 2022 |
CVE-2022-30597 | A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | MEDIUM | May 18, 2022 |
CVE-2022-30596 | A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | LOW | May 18, 2022 |
CVE-2022-30595 | libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | HIGH | May 25, 2022 |
CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | MEDIUM | May 12, 2022 |
CVE-2022-30592 | liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | HIGH | May 12, 2022 |
CVE-2022-30587 | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | MEDIUM | Jun 7, 2022 |
CVE-2022-30586 | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | MEDIUM | Jun 7, 2022 |
CVE-2022-30585 | The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | MEDIUM | May 27, 2022 |
CVE-2022-30584 | Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | HIGH | May 27, 2022 |
CVE-2022-30580 | os/exec: empty Cmd.Path can result in running unintended binary on Windows | -- | Jun 4, 2022 |
CVE-2022-30563 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\'s login packet. | -- | Jun 28, 2022 |
CVE-2022-30562 | If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | -- | Jun 28, 2022 |
CVE-2022-30561 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\'s login packet. | -- | Jun 28, 2022 |
CVE-2022-30560 | When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | -- | Jun 28, 2022 |
CVE-2022-30557 | Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. | MEDIUM | May 12, 2022 |
CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | MEDIUM | Jun 9, 2022 |
CVE-2022-30552 | Das U-Boot 2022.01 has a Buffer Overflow. | LOW | Jun 8, 2022 |
CVE-2022-30551 | OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | MEDIUM | May 20, 2022 |