Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44960 | 1 Svgpp | 1 Svgpp | 2022-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function. | |||||
| CVE-2022-24976 | 1 Atheme | 1 Atheme | 2022-02-23 | 5.8 MEDIUM | 9.1 CRITICAL |
| Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. | |||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2022-02-23 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2021-44141 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Storage, Samba | 2022-02-23 | 3.5 LOW | 4.3 MEDIUM |
| All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. | |||||
| CVE-2022-0727 | 2022-02-23 | N/A | N/A | ||
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-0726 | 2022-02-23 | N/A | N/A | ||
| Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-0724 | 2022-02-23 | N/A | N/A | ||
| Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0721 | 2022-02-23 | N/A | N/A | ||
| Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0719 | 2022-02-23 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0736 | 2022-02-23 | N/A | N/A | ||
| Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | |||||
| CVE-2022-0717 | 2022-02-23 | N/A | N/A | ||
| Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. | |||||
| CVE-2022-0654 | 2022-02-23 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. | |||||
| CVE-2022-23612 | 2022-02-23 | N/A | N/A | ||
| OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance. | |||||
| CVE-2022-21657 | 2022-02-23 | N/A | N/A | ||
| Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade. | |||||
| CVE-2022-21656 | 2022-02-23 | N/A | N/A | ||
| Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted. | |||||
| CVE-2022-21655 | 2022-02-23 | N/A | N/A | ||
| Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener. | |||||
| CVE-2021-43826 | 2022-02-23 | N/A | N/A | ||
| Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2021-43825 | 2022-02-23 | N/A | N/A | ||
| Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service. | |||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | |||||
| CVE-2021-45347 | 1 Zzcms | 1 Zzcms | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | |||||
| CVE-2022-24586 | 1 Pluxml | 1 Pluxml | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | |||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2022-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | |||||
| CVE-2021-39116 | 1 Atlassian | 2 Data Center, Jira | 2022-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. | |||||
| CVE-2021-26074 | 1 Atlassian | 1 Connect Spring Boot | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | |||||
| CVE-2021-26073 | 1 Atlassian | 1 Connect Express | 2022-02-23 | 4.0 MEDIUM | 7.7 HIGH |
| Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | |||||
| CVE-2022-25139 | 1 Nginx | 1 Njs | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | |||||
| CVE-2021-43106 | 1 Compassplus | 2 Tranzware Online, Tranzware Online Financial Institution Maintenance Interface | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions. | |||||
| CVE-2021-45392 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-02-23 | 7.8 HIGH | 7.5 HIGH |
| A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-23 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2022-0576 | 1 Librenms | 1 Librenms | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2016-6578 | 1 Filecloud | 1 Filecloud | 2022-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | |||||
| CVE-2022-0575 | 1 Librenms | 1 Librenms | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2021-25110 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address. | |||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 2.7 LOW |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | |||||
| CVE-2021-25107 | 1 Accesspressthemes | 1 Form Store To Db | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | |||||
| CVE-2021-25014 | 1 Vowelweb | 1 Ibtana | 2022-02-22 | 3.5 LOW | 3.5 LOW |
| The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24904 | 1 Lenderd | 1 Mortgage Calculators Wp | 2022-02-22 | 3.5 LOW | 4.8 MEDIUM |
| The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24874 | 1 Sendinblue | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-0311 | 1 Google | 1 Chrome | 2022-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0310 | 1 Google | 1 Chrome | 2022-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-0309 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-24968 | 1 Mellium | 1 Xmpp | 2022-02-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification. | |||||
| CVE-2021-25992 | 1 If-me | 1 Ifme | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks. | |||||
| CVE-2022-23633 | 1 Rubyonrails | 1 Rails | 2022-02-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. | |||||
| CVE-2021-45901 | 1 Servicenow | 1 Servicenow | 2022-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. | |||||
| CVE-2022-0587 | 1 Librenms | 1 Librenms | 2022-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2022-0589 | 1 Librenms | 1 Librenms | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2022-0570 | 1 Mruby | 1 Mruby | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | |||||
| CVE-2022-22854 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | |||||
| CVE-2022-23638 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available. | |||||