Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3929 | 1 Opera | 1 Opera Browser | 2022-02-26 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | |||||
| CVE-2022-25095 | 2022-02-26 | N/A | N/A | ||
| Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | |||||
| CVE-2022-25094 | 2022-02-26 | N/A | N/A | ||
| Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. | |||||
| CVE-2022-21706 | 2022-02-26 | N/A | N/A | ||
| Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com). | |||||
| CVE-2022-24710 | 2022-02-26 | N/A | N/A | ||
| Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic. | |||||
| CVE-2022-25264 | 2022-02-26 | N/A | N/A | ||
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | |||||
| CVE-2022-25263 | 2022-02-26 | N/A | N/A | ||
| JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||||
| CVE-2022-25261 | 2022-02-26 | N/A | N/A | ||
| JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
| CVE-2022-25260 | 2022-02-26 | N/A | N/A | ||
| JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-25259 | 2022-02-26 | N/A | N/A | ||
| JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | |||||
| CVE-2022-25062 | 2022-02-26 | N/A | N/A | ||
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2021-44132 | 2022-02-26 | N/A | N/A | ||
| A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | |||||
| CVE-2021-23495 | 2022-02-26 | N/A | N/A | ||
| The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | |||||
| CVE-2022-25170 | 2022-02-26 | N/A | N/A | ||
| The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code | |||||
| CVE-2022-23921 | 2022-02-26 | N/A | N/A | ||
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
| CVE-2022-21798 | 2022-02-26 | N/A | N/A | ||
| The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | |||||
| CVE-2022-0615 | 2022-02-26 | N/A | N/A | ||
| Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system. | |||||
| CVE-2021-42244 | 2022-02-26 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. | |||||
| CVE-2021-40043 | 2022-02-26 | N/A | N/A | ||
| The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device. | |||||
| CVE-2021-37504 | 2022-02-26 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | |||||
| CVE-2021-37103 | 2022-02-26 | N/A | N/A | ||
| There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37027 | 2022-02-26 | N/A | N/A | ||
| There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-26617 | 2022-02-26 | N/A | N/A | ||
| This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | |||||
| CVE-2021-22489 | 2022-02-26 | N/A | N/A | ||
| There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-22480 | 2022-02-26 | N/A | N/A | ||
| The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. | |||||
| CVE-2021-22479 | 2022-02-26 | N/A | N/A | ||
| The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | |||||
| CVE-2021-22478 | 2022-02-26 | N/A | N/A | ||
| The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. | |||||
| CVE-2021-22441 | 2022-02-26 | N/A | N/A | ||
| Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | |||||
| CVE-2021-22434 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22433 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22432 | 2022-02-26 | N/A | N/A | ||
| There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-22431 | 2022-02-26 | N/A | N/A | ||
| There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-22429 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22426 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22395 | 2022-02-26 | N/A | N/A | ||
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22394 | 2022-02-26 | N/A | N/A | ||
| There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. | |||||
| CVE-2021-22319 | 2022-02-26 | N/A | N/A | ||
| There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. | |||||
| CVE-2022-0732 | 2022-02-25 | N/A | N/A | ||
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | |||||
| CVE-2006-5170 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more | 2022-02-25 | 7.5 HIGH | N/A |
| pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. | |||||
| CVE-2014-3595 | 2 Redhat, Suse | 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more | 2022-02-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. | |||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2022-02-25 | 7.5 HIGH | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||||
| CVE-2014-3654 | 2 Redhat, Suse | 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more | 2022-02-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. | |||||
| CVE-2022-25019 | 2022-02-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidate is a reservation duplicate of CVE-2021-38602. Notes: All CVE users should reference CVE-2021-38602 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-0655 | 2022-02-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-38993 | 2022-02-25 | N/A | N/A | ||
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. | |||||
| CVE-2022-0729 | 2022-02-25 | N/A | N/A | ||
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | |||||
| CVE-2022-0714 | 2022-02-25 | N/A | N/A | ||
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | |||||
| CVE-2022-0696 | 2022-02-25 | N/A | N/A | ||
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. | |||||
| CVE-2013-4415 | 2 Redhat, Suse | 5 Satellite, Satellite 5 Managed Db, Spacewalk-java and 2 more | 2022-02-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED. | |||||
| CVE-2007-6283 | 4 Centos, Fedoraproject, Oracle and 1 more | 9 Centos, Fedora Core, Linux and 6 more | 2022-02-25 | 4.9 MEDIUM | N/A |
| Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | |||||