Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4352 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 2.4 LOW |
| IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494. | |||||
| CVE-2022-25204 | 1 Jenkins | 1 Doktor | 2022-02-23 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | |||||
| CVE-2021-44892 | 1 Thinkphp | 1 Thinkphp | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | |||||
| CVE-2019-25057 | 1 R3 | 1 Corda | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. | |||||
| CVE-2021-45348 | 1 Attendance Management System Project | 1 Attendance Management System | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). | |||||
| CVE-2021-39116 | 1 Atlassian | 2 Data Center, Jira | 2022-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-23 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2022-23633 | 1 Rubyonrails | 1 Rails | 2022-02-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. | |||||
| CVE-2021-46365 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. | |||||
| CVE-2021-46361 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | |||||
| CVE-2021-23555 | 1 Vm2 Project | 1 Vm2 | 2022-02-22 | 10.0 HIGH | 9.8 CRITICAL |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-46462 | 1 Nginx | 1 Njs | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | |||||
| CVE-2000-0672 | 1 Apache | 1 Tomcat | 2022-02-22 | 5.0 MEDIUM | N/A |
| The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | |||||
| CVE-2020-26728 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. | |||||
| CVE-2022-0116 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0294 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2022-0291 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2022-0292 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-24001 | 1 Google | 1 Android | 2022-02-22 | 2.1 LOW | 4.6 MEDIUM |
| Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. | |||||
| CVE-2022-24000 | 1 Google | 1 Android | 2022-02-22 | 2.1 LOW | 3.3 LOW |
| PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||||
| CVE-2022-23999 | 1 Google | 1 Android | 2022-02-22 | 2.1 LOW | 3.3 LOW |
| PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||||
| CVE-2022-0112 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. | |||||
| CVE-2021-30825 | 1 Apple | 2 Ipados, Iphone Os | 2022-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-3129 | 2 Facade, Laravel | 2 Ignition, Laravel | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. | |||||
| CVE-2021-29981 | 1 Mozilla | 2 Firefox, Thunderbird | 2022-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2021-29974 | 1 Mozilla | 1 Firefox | 2022-02-22 | 2.6 LOW | 4.3 MEDIUM |
| When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-38491 | 1 Mozilla | 1 Firefox | 2022-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. | |||||
| CVE-2021-46666 | 1 Mariadb | 1 Mariadb | 2022-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | |||||
| CVE-2021-46662 | 1 Mariadb | 1 Mariadb | 2022-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | |||||
| CVE-2020-2922 | 1 Oracle | 1 Mysql | 2022-02-21 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-1954 | 3 Apache, Netapp, Oracle | 10 Cxf, Oncommand Workflow Automation, Snapmanager and 7 more | 2022-02-21 | 2.9 LOW | 5.3 MEDIUM |
| Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. | |||||
| CVE-2019-15718 | 3 Fedoraproject, Redhat, Systemd Project | 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more | 2022-02-20 | 3.6 LOW | 4.4 MEDIUM |
| In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | |||||
| CVE-2022-24003 | 1 Samsung | 1 Bixby Vision | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. | |||||
| CVE-2022-22292 | 1 Google | 1 Android | 2022-02-18 | 4.6 MEDIUM | 7.8 HIGH |
| Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
| CVE-2022-23427 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 7.1 HIGH |
| PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | |||||
| CVE-2022-23426 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | |||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2022-02-18 | 2.1 LOW | 3.3 LOW |
| A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-24916 | 1 Optimism | 1 Eth-optimism\/l2geth | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. | |||||
| CVE-2021-38022 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-38021 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-0097 | 1 Google | 1 Chrome | 2022-02-18 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. | |||||
| CVE-2021-45364 | 1 Statamic | 1 Statamic | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product. | |||||
| CVE-2021-38018 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-4054 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-37980 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-18 | 4.3 MEDIUM | 7.4 HIGH |
| Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |||||
| CVE-2021-37964 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-18 | 4.3 MEDIUM | 3.3 LOW |
| Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. | |||||
| CVE-2021-37963 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2021-37958 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 5.8 MEDIUM | 5.4 MEDIUM |
| Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||
| CVE-2022-21927 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. | |||||
| CVE-2022-21844 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. | |||||