Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22868 | 1 Gibbonedu | 1 Gibbon | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. | |||||
| CVE-2021-26264 | 1 Emerson | 2 Deltav Distributed Control System, Deltav Workstation | 2022-02-02 | 4.9 MEDIUM | 5.5 MEDIUM |
| A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | |||||
| CVE-2021-23863 | 1 Bosch | 1 Video Security | 2022-02-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. | |||||
| CVE-2021-23174 | 1 Wpchill | 1 Download Monitor | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | |||||
| CVE-2021-41166 | 1 Nextcloud | 1 Nextcloud | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds. | |||||
| CVE-2022-22852 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-02-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list. | |||||
| CVE-2022-22850 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types. | |||||
| CVE-2021-34073 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. | |||||
| CVE-2022-24071 | 1 Navercorp | 1 Whale | 2022-02-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. | |||||
| CVE-2022-21720 | 1 Glpi-project | 1 Glpi | 2022-02-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. | |||||
| CVE-2022-21719 | 1 Glpi-project | 1 Glpi | 2022-02-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2021-44794 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | |||||
| CVE-2021-44792 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | |||||
| CVE-2022-0379 | 1 Microweber | 1 Microweber | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0378 | 1 Microweber | 1 Microweber | 2022-02-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-44692 | 1 Buddyboss | 1 Buddyboss | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses. | |||||
| CVE-2021-29838 | 1 Ibm | 1 Security Guardium Insights | 2022-02-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2022-0387 | 1 Livehelperchat | 1 Livehelperchat | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0370 | 1 Livehelperchat | 1 Livehelperchat | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2021-43334 | 1 Buddyboss | 1 Buddyboss | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field. | |||||
| CVE-2022-0203 | 1 Craterapp | 1 Crater | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | |||||
| CVE-2022-0372 | 1 Craterapp | 1 Crater | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. | |||||
| CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | |||||
| CVE-2022-0348 | 1 Pimcore | 1 Pimcore | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. | |||||
| CVE-2021-43017 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2022-02-02 | 3.5 LOW | 4.2 MEDIUM |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2018-7227 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. | |||||
| CVE-2016-8367 | 1 Schneider-electric | 16 Magelis Gto Advanced Optimum Panel, Magelis Gto Advanced Optimum Panel Firmware, Magelis Gtu Universal Panel and 13 more | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. | |||||
| CVE-2021-46492 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46491 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46490 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46489 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46488 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46487 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46486 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46485 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46484 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46494 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46499 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46498 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46497 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46496 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46495 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46502 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46501 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46500 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46503 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46529 | 1 Cesanta | 1 Mjs | 2022-02-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46516 | 1 Cesanta | 1 Mjs | 2022-02-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46512 | 1 Cesanta | 1 Mjs | 2022-02-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46528 | 1 Cesanta | 1 Mjs | 2022-02-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial of Service (DoS). | |||||