Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42060 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2022-23604 | 1 X26-cogs Project | 1 X26-cogs | 2022-02-24 | 6.5 MEDIUM | 7.2 HIGH |
| x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround. | |||||
| CVE-2021-43050 | 1 Tibco | 1 Businessconnect | 2022-02-23 | 7.2 HIGH | 7.8 HIGH |
| The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. | |||||
| CVE-2021-44892 | 1 Thinkphp | 1 Thinkphp | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | |||||
| CVE-2019-25057 | 1 R3 | 1 Corda | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. | |||||
| CVE-2021-45348 | 1 Attendance Management System Project | 1 Attendance Management System | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). | |||||
| CVE-2021-46365 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. | |||||
| CVE-2021-46462 | 1 Nginx | 1 Njs | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | |||||
| CVE-2021-30825 | 1 Apple | 2 Ipados, Iphone Os | 2022-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-29981 | 1 Mozilla | 2 Firefox, Thunderbird | 2022-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2021-46662 | 1 Mariadb | 1 Mariadb | 2022-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | |||||
| CVE-2021-46666 | 1 Mariadb | 1 Mariadb | 2022-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | |||||
| CVE-2022-22292 | 1 Google | 1 Android | 2022-02-18 | 4.6 MEDIUM | 7.8 HIGH |
| Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
| CVE-2022-23427 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 7.1 HIGH |
| PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | |||||
| CVE-2022-24916 | 1 Optimism | 1 Eth-optimism\/l2geth | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. | |||||
| CVE-2021-37980 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-18 | 4.3 MEDIUM | 7.4 HIGH |
| Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |||||
| CVE-2022-21927 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. | |||||
| CVE-2022-21844 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. | |||||
| CVE-2022-21988 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability. | |||||
| CVE-2021-39672 | 1 Google | 1 Android | 2022-02-17 | 7.2 HIGH | 7.8 HIGH |
| In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701 | |||||
| CVE-2021-29632 | 1 Freebsd | 1 Freebsd | 2022-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory. | |||||
| CVE-2021-43803 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2022-02-17 | 4.3 MEDIUM | 7.5 HIGH |
| Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. | |||||
| CVE-2021-0117 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2022-02-16 | 4.6 MEDIUM | 7.8 HIGH |
| Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2022-22005 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-02-15 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability. | |||||
| CVE-2022-22003 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability. | |||||
| CVE-2022-22709 | 1 Microsoft | 1 Vp9 Video Extensions | 2022-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| VP9 Video Extensions Remote Code Execution Vulnerability. | |||||
| CVE-2022-22004 | 1 Microsoft | 2 365 Apps, Office | 2022-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office ClickToRun Remote Code Execution Vulnerability. | |||||
| CVE-2022-23274 | 1 Microsoft | 1 Dynamics Gp | 2022-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics GP Remote Code Execution Vulnerability. | |||||
| CVE-2022-21987 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-02-14 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability. | |||||
| CVE-2021-30838 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-02-11 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine. | |||||
| CVE-2021-30784 | 1 Apple | 2 Mac Os X, Macos | 2022-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip. | |||||
| CVE-2021-30774 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-02-11 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-30834 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2022-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-30924 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2022-02-11 | 7.8 HIGH | 7.5 HIGH |
| A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart. | |||||
| CVE-2021-30864 | 1 Apple | 1 Macos | 2022-02-11 | 5.0 MEDIUM | 8.6 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-30835 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2022-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-39280 | 1 Korenix | 12 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 9 more | 2022-02-11 | 9.0 HIGH | 8.8 HIGH |
| Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. | |||||
| CVE-2021-46359 | 1 Fisco-bcos | 1 Fisco-bcos | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. | |||||
| CVE-2022-21392 | 1 Oracle | 1 Enterprise Manager Base Platform | 2022-02-10 | 7.2 HIGH | 8.8 HIGH |
| Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-22680 | 1 Synology | 1 Diskstation Manager | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-22833 | 1 Servisnet | 1 Tessa | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. | |||||
| CVE-2020-12988 | 1 Amd | 122 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 119 more | 2022-02-10 | 7.8 HIGH | 7.5 HIGH |
| A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted. | |||||
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2022-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | |||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2022-02-09 | 7.2 HIGH | 7.8 HIGH |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | |||||
| CVE-2017-8036 | 1 Cloudfoundry | 1 Capi-release | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. | |||||
| CVE-2020-13364 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | |||||
| CVE-2022-23330 | 1 Jpress | 1 Jpress | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | |||||
| CVE-2021-45463 | 4 Fedoraproject, Gegl, Gimp and 1 more | 4 Fedora, Gegl, Gimp and 1 more | 2022-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. | |||||
| CVE-2011-2177 | 1 Apache | 1 Openoffice | 2022-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. | |||||
| CVE-2021-29923 | 1 Golang | 1 Go | 2022-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | |||||