Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3943 | 1 Microsoft | 1 Internet Explorer | 2022-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | |||||
| CVE-2021-44730 | 3 Canonical, Debian, Fedoraproject | 4 Snapd, Ubuntu Linux, Debian Linux and 1 more | 2022-02-28 | 6.9 MEDIUM | 8.8 HIGH |
| snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | |||||
| CVE-2009-3270 | 1 Microsoft | 1 Internet Explorer | 2022-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | |||||
| CVE-2009-3267 | 1 Microsoft | 1 Internet Explorer | 2022-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. | |||||
| CVE-2007-1751 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2022-25137 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25136 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2022-02-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | |||||
| CVE-2022-25135 | 1 Totolink | 2 T6, T6 Firmware | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2005-2273 | 1 Opera | 1 Opera Browser | 2022-02-28 | 2.6 LOW | N/A |
| Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2022-25134 | 1 Totolink | 2 T6, T6 Firmware | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25133 | 1 Totolink | 2 T6, T6 Firmware | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2005-2405 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code. | |||||
| CVE-2005-2309 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg. | |||||
| CVE-2022-25132 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2005-3007 | 1 Opera | 1 Opera Browser | 2022-02-28 | 2.6 LOW | N/A |
| Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content. | |||||
| CVE-2005-2406 | 1 Opera | 1 Opera Browser | 2022-02-28 | 4.3 MEDIUM | N/A |
| Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. | |||||
| CVE-2022-25131 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25130 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2005-2407 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.1 MEDIUM | N/A |
| A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". | |||||
| CVE-2005-3041 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads." | |||||
| CVE-2021-44302 | 1 Baicloud-cms Project | 1 Baicloud-cms | 2022-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | |||||
| CVE-2017-0371 | 1 Mediawiki | 1 Mediawiki | 2022-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. | |||||
| CVE-2021-40840 | 1 Liveconfig | 1 Liveconfig | 2022-02-28 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2. | |||||
| CVE-2005-4718 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute. | |||||
| CVE-2005-4210 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. | |||||
| CVE-2005-3946 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | |||||
| CVE-2005-3750 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.5 HIGH | N/A |
| Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. | |||||
| CVE-2005-3699 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | |||||
| CVE-2005-3059 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2022-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." | |||||
| CVE-2022-0685 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | |||||
| CVE-2022-26158 | 2022-02-28 | N/A | N/A | ||
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-26156 | 2022-02-28 | N/A | N/A | ||
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. | |||||
| CVE-2022-26155 | 2022-02-28 | N/A | N/A | ||
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | |||||
| CVE-2022-24712 | 2022-02-28 | N/A | N/A | ||
| CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. | |||||
| CVE-2022-24711 | 2022-02-28 | N/A | N/A | ||
| CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. | |||||
| CVE-2021-44340 | 2022-02-28 | N/A | N/A | ||
| David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403". | |||||
| CVE-2021-44339 | 2022-02-28 | N/A | N/A | ||
| David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712". | |||||
| CVE-2022-25642 | 2022-02-28 | N/A | N/A | ||
| Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. | |||||
| CVE-2021-44334 | 2022-02-28 | N/A | N/A | ||
| David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" . | |||||
| CVE-2021-43086 | 2022-02-28 | N/A | N/A | ||
| ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp". | |||||
| CVE-2022-24572 | 2022-02-28 | N/A | N/A | ||
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | |||||
| CVE-2022-24571 | 2022-02-28 | N/A | N/A | ||
| Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. | |||||
| CVE-2022-25255 | 3 Linux, Opengroup, Qt | 3 Linux Kernel, Unix, Qt | 2022-02-28 | 7.2 HIGH | 7.8 HIGH |
| In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | |||||
| CVE-2006-3945 | 2 Microsoft, Opera | 2 Windows Xp, Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. | |||||
| CVE-2006-3353 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties. | |||||
| CVE-2006-3331 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. | |||||
| CVE-2006-3199 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation. | |||||
| CVE-2006-3198 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.5 HIGH | N/A |
| Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended. | |||||
| CVE-2021-3753 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-02-28 | 1.9 LOW | 4.7 MEDIUM |
| A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. | |||||