Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25261 | 2022-02-26 | N/A | N/A | ||
| JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
| CVE-2022-25260 | 2022-02-26 | N/A | N/A | ||
| JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-25259 | 2022-02-26 | N/A | N/A | ||
| JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | |||||
| CVE-2022-25062 | 2022-02-26 | N/A | N/A | ||
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2021-44132 | 2022-02-26 | N/A | N/A | ||
| A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | |||||
| CVE-2021-23495 | 2022-02-26 | N/A | N/A | ||
| The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | |||||
| CVE-2022-25170 | 2022-02-26 | N/A | N/A | ||
| The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code | |||||
| CVE-2022-23921 | 2022-02-26 | N/A | N/A | ||
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
| CVE-2022-21798 | 2022-02-26 | N/A | N/A | ||
| The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | |||||
| CVE-2022-0615 | 2022-02-26 | N/A | N/A | ||
| Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system. | |||||
| CVE-2021-42244 | 2022-02-26 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. | |||||
| CVE-2021-40043 | 2022-02-26 | N/A | N/A | ||
| The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device. | |||||
| CVE-2021-37504 | 2022-02-26 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | |||||
| CVE-2021-37103 | 2022-02-26 | N/A | N/A | ||
| There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37027 | 2022-02-26 | N/A | N/A | ||
| There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-26617 | 2022-02-26 | N/A | N/A | ||
| This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | |||||
| CVE-2021-22489 | 2022-02-26 | N/A | N/A | ||
| There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-22480 | 2022-02-26 | N/A | N/A | ||
| The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. | |||||
| CVE-2021-22479 | 2022-02-26 | N/A | N/A | ||
| The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | |||||
| CVE-2021-22478 | 2022-02-26 | N/A | N/A | ||
| The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. | |||||
| CVE-2021-22441 | 2022-02-26 | N/A | N/A | ||
| Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | |||||
| CVE-2021-22434 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22433 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22432 | 2022-02-26 | N/A | N/A | ||
| There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-22431 | 2022-02-26 | N/A | N/A | ||
| There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-22429 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22426 | 2022-02-26 | N/A | N/A | ||
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22395 | 2022-02-26 | N/A | N/A | ||
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22394 | 2022-02-26 | N/A | N/A | ||
| There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. | |||||
| CVE-2021-22319 | 2022-02-26 | N/A | N/A | ||
| There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. | |||||
| CVE-2022-0678 | 1 Microweber | 1 Microweber | 2022-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0689 | 1 Microweber | 1 Microweber | 2022-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0690 | 1 Microweber | 1 Microweber | 2022-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0660 | 1 Microweber | 1 Microweber | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-46372 | 1 Erudika | 1 Scoold | 2022-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters. | |||||
| CVE-2020-8107 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2022-02-25 | 4.4 MEDIUM | 7.8 HIGH |
| A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. | |||||
| CVE-2021-26618 | 2 Microsoft, Tmax | 2 Windows, Tooffice | 2022-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code. | |||||
| CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2022-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | |||||
| CVE-2021-3155 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2022-02-25 | 2.1 LOW | 5.5 MEDIUM |
| snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | |||||
| CVE-2022-23981 | 1 Quadlayers | 1 Perfect Brands For Woocommerce | 2022-02-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | |||||
| CVE-2021-46592 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15386. | |||||
| CVE-2021-46591 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15385. | |||||
| CVE-2021-46593 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15387. | |||||
| CVE-2021-46594 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15388. | |||||
| CVE-2021-46595 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15389. | |||||
| CVE-2021-46596 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15390. | |||||
| CVE-2021-46590 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15384. | |||||
| CVE-2021-46597 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15391. | |||||
| CVE-2022-25298 | 1 Webcc Project | 1 Webcc | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server. | |||||
| CVE-2021-46575 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15369. | |||||