Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33068 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2022-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2021-33120 | 1 Intel | 50 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 47 more | 2022-02-15 | 5.5 MEDIUM | 5.4 MEDIUM |
| Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. | |||||
| CVE-2021-0176 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-0175 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 3.3 LOW | 6.5 MEDIUM |
| Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-0174 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 3.3 LOW | 6.5 MEDIUM |
| Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-0179 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 3.3 LOW | 6.5 MEDIUM |
| Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-0178 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-0177 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 3.3 LOW | 6.5 MEDIUM |
| Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-21218 | 1 Intel | 1 Trace Analyzer And Collector | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33147 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21226 | 1 Intel | 1 Trace Analyzer And Collector | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33166 | 1 Intel | 1 Retail Experience Tool | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21156 | 1 Intel | 1 Trace Analyzer And Collector | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-21133 | 1 Intel | 1 Trace Analyzer And Collector | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
| Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-0166 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0165 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-0169 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0168 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2022-02-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-45286 | 1 Zzcms | 1 Zzcms | 2022-02-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | |||||
| CVE-2021-25084 | 1 Bracketspace | 1 Advanced Cron Manager | 2022-02-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example | |||||
| CVE-2021-24993 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2022-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example | |||||
| CVE-2021-20877 | 1 Canon | 34 2204f, 2204n, 2206if and 31 more | 2022-02-14 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-0473 | 1 Otrs | 1 Otrs | 2022-02-14 | 3.5 LOW | 4.8 MEDIUM |
| OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions. | |||||
| CVE-2022-20046 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 2.1 LOW | 5.5 MEDIUM |
| In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. | |||||
| CVE-2022-20039 | 2 Google, Mediatek | 9 Android, Mt6833, Mt6853 and 6 more | 2022-02-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345. | |||||
| CVE-2022-23280 | 1 Microsoft | 1 Outlook 2016 | 2022-02-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microsoft Outlook for Mac Security Feature Bypass Vulnerability. | |||||
| CVE-2021-24947 | 1 Thinkupthemes | 1 Responsive Vector Maps | 2022-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server | |||||
| CVE-2021-25097 | 1 Creativityjuice | 1 Labtools | 2022-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | |||||
| CVE-2022-0414 | 1 Dolibarr | 1 Dolibarr | 2022-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2022-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0395 | 1 Livehelperchat | 1 Live Helper Chat | 2022-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0352 | 1 Calibre-web Project | 1 Calibre-web | 2022-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0394 | 1 Livehelperchat | 1 Live Helper Chat | 2022-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2021-37990 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. | |||||
| CVE-2021-37989 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. | |||||
| CVE-2022-23261 | 1 Microsoft | 1 Edge Chromium | 2022-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Tampering Vulnerability. | |||||
| CVE-2021-38010 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2021-40837 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2022-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | |||||
| CVE-2022-23378 | 1 Tastyigniter | 1 Tastyigniter | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable. | |||||
| CVE-2022-20042 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-11 | 2.1 LOW | 5.5 MEDIUM |
| In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. | |||||
| CVE-2022-20030 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-02-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793. | |||||
| CVE-2022-20032 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-02-11 | 1.9 LOW | 4.1 MEDIUM |
| In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822. | |||||
| CVE-2022-20033 | 2 Google, Mediatek | 22 Android, Mt6739, Mt6761 and 19 more | 2022-02-11 | 2.1 LOW | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862973; Issue ID: ALPS05862973. | |||||
| CVE-2022-20034 | 2 Google, Mediatek | 22 Android, Mt6580, Mt6735 and 19 more | 2022-02-11 | 4.6 MEDIUM | 6.8 MEDIUM |
| In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806. | |||||
| CVE-2022-20035 | 2 Google, Mediatek | 32 Android, Mt6768, Mt6769 and 29 more | 2022-02-11 | 2.1 LOW | 4.4 MEDIUM |
| In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675. | |||||
| CVE-2022-24694 | 1 Mahara | 1 Mahara | 2022-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) | |||||
| CVE-2022-20029 | 2 Google, Mediatek | 39 Android, Mt6761, Mt6762 and 36 more | 2022-02-11 | 2.1 LOW | 4.4 MEDIUM |
| In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. | |||||
| CVE-2022-0539 | 1 Beanstalk Console Project | 1 Beanstalk Console | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. | |||||
| CVE-2021-45919 | 1 Std42 | 1 Elfinder | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | |||||
| CVE-2022-0526 | 1 Chatwoot | 1 Chatwoot | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||