Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2022-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | |||||
| CVE-2021-43572 | 1 Starkbank | 1 Ecdsa-python | 2022-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2019-18818 | 1 Strapi | 1 Strapi | 2022-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. | |||||
| CVE-2019-10212 | 2 Netapp, Redhat | 8 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 5 more | 2022-02-20 | 4.3 MEDIUM | 9.8 CRITICAL |
| A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. | |||||
| CVE-2019-3888 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more | 2022-02-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | |||||
| CVE-2018-20839 | 2 Netapp, Systemd Project | 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more | 2022-02-20 | 4.3 MEDIUM | 9.8 CRITICAL |
| systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. | |||||
| CVE-2018-17036 | 1 Ucms Project | 1 Ucms | 2022-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | |||||
| CVE-2021-45957 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45956 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45955 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed. | |||||
| CVE-2021-45954 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45953 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45952 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45951 | 1 Thekelleys | 1 Dnsmasq | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2020-10109 | 1 Twistedmatrix | 1 Twisted | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. | |||||
| CVE-2020-10108 | 1 Twistedmatrix | 1 Twisted | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. | |||||
| CVE-2021-38013 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-19 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-0559 | 1 Radare | 1 Radare2 | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-24705 | 1 Accel-ppp | 1 Accel-ppp | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. | |||||
| CVE-2022-24704 | 1 Accel-ppp | 1 Accel-ppp | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered. | |||||
| CVE-2021-43616 | 2 Netapp, Npmjs | 2 Next Generation Application Programming Interface, Npm | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. | |||||
| CVE-2020-14523 | 1 Mitsubishielectric | 25 Cw Configurator, Fr Configurator2, Gx Works2 and 22 more | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | |||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | |||||
| CVE-2021-34235 | 1 Tsg-solutions | 1 Tokheim Profleet Dialog | 2022-02-18 | 10.0 HIGH | 9.8 CRITICAL |
| Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. | |||||
| CVE-2021-22823 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | |||||
| CVE-2021-22805 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2021-22802 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2022-0097 | 1 Google | 1 Chrome | 2022-02-18 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. | |||||
| CVE-2021-45364 | 1 Statamic | 1 Statamic | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product. | |||||
| CVE-2021-37981 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-18 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-22803 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2021-44738 | 1 Lexmark | 467 6500e, 6500e Firmware, B2236 and 464 more | 2022-02-18 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. | |||||
| CVE-2021-42940 | 1 Projeqtor | 1 Projeqtor | 2022-02-18 | 3.5 LOW | 9.9 CRITICAL |
| A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. | |||||
| CVE-2020-36062 | 1 Dairy Farm Shop Management System Project | 1 Dairy Farm Shop Management System | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | |||||
| CVE-2020-13675 | 1 Drupal | 1 Drupal | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. | |||||
| CVE-2022-0162 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | |||||
| CVE-2021-39675 | 1 Google | 1 Android | 2022-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183 | |||||
| CVE-2022-24961 | 1 Portainer | 1 Portainer | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | |||||
| CVE-2022-20700 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20712 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20749 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-26706 | 1 Micrium | 1 Uc\/lib | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW. Because these functions use multiplication to calculate the pool sizes, the operation may cause an integer overflow if the arguments are large enough. The resulting memory pool will be smaller than expected and may be exploited by an attacker. | |||||
| CVE-2022-24313 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-24312 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-24568 | 1 Novel-plus Project | 1 Novel-plus | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | |||||
| CVE-2022-24954 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings. | |||||
| CVE-2022-24955 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. | |||||
| CVE-2022-20738 | 1 Cisco | 1 Umbrella Secure Web Gateway | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. | |||||
| CVE-2022-24311 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-24310 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||