Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0532 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2022-02-22 | 4.9 MEDIUM | 4.2 MEDIUM |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||||
| CVE-2022-23637 | 1 K-link | 1 K-box | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links. | |||||
| CVE-2022-23391 | 1 Pybbs Project | 1 Pybbs | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | |||||
| CVE-2021-45005 | 1 Artifex | 1 Mujs | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. | |||||
| CVE-2021-46365 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. | |||||
| CVE-2022-24924 | 1 Samsung | 1 Livewallpaperservice | 2022-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. | |||||
| CVE-2021-46361 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | |||||
| CVE-2022-24975 | 1 Git-scm | 1 Git | 2022-02-22 | 4.3 MEDIUM | 7.5 HIGH |
| The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. | |||||
| CVE-2022-0713 | 2022-02-22 | N/A | N/A | ||
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2022-0712 | 2022-02-22 | N/A | N/A | ||
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2021-46699 | 2022-02-22 | N/A | N/A | ||
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061) | |||||
| CVE-2021-46162 | 2022-02-22 | N/A | N/A | ||
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) | |||||
| CVE-2022-0665 | 2022-02-22 | N/A | N/A | ||
| Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. | |||||
| CVE-2021-23555 | 1 Vm2 Project | 1 Vm2 | 2022-02-22 | 10.0 HIGH | 9.8 CRITICAL |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-46462 | 1 Nginx | 1 Njs | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | |||||
| CVE-2021-20001 | 2 Debian, Skolelinux | 2 Debian Linux, Debian-edu-config | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | |||||
| CVE-2021-46463 | 1 Nginx | 1 Njs | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | |||||
| CVE-2022-24923 | 1 Samsung | 1 Searchwidget | 2022-02-22 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||||
| CVE-2000-0672 | 1 Apache | 1 Tomcat | 2022-02-22 | 5.0 MEDIUM | N/A |
| The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | |||||
| CVE-2022-0208 | 1 Mappresspro | 1 Mappress | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0193 | 1 Really-simple-plugins | 1 Complianz | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-24587 | 1 Pluxml | 1 Pluxml | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-24585 | 1 Pluxml | 1 Pluxml | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | |||||
| CVE-2022-24588 | 1 Flatpress | 1 Flatpress | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | |||||
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | |||||
| CVE-2021-39079 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. | |||||
| CVE-2022-22295 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | |||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | |||||
| CVE-2022-0206 | 1 Newstatpress Project | 1 Newstatpress | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | |||||
| CVE-2022-23336 | 1 S-cms | 1 S-cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | |||||
| CVE-2022-0188 | 1 Niteothemes | 1 Cmp | 2022-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout. | |||||
| CVE-2019-20372 | 1 F5 | 1 Nginx | 2022-02-22 | 4.3 MEDIUM | 5.3 MEDIUM |
| NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | |||||
| CVE-2019-9516 | 11 Apache, Apple, Canonical and 8 more | 20 Traffic Server, Mac Os X, Swiftnio and 17 more | 2022-02-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. | |||||
| CVE-2019-9513 | 11 Apache, Apple, Canonical and 8 more | 21 Traffic Server, Mac Os X, Swiftnio and 18 more | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | |||||
| CVE-2019-9511 | 11 Apache, Apple, Canonical and 8 more | 21 Traffic Server, Mac Os X, Swiftnio and 18 more | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | |||||
| CVE-2018-16845 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2022-02-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | |||||
| CVE-2018-16844 | 4 Apple, Canonical, Debian and 1 more | 4 Xcode, Ubuntu Linux, Debian Linux and 1 more | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | |||||
| CVE-2018-16843 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | |||||
| CVE-2022-24667 | 1 Apple | 1 Swiftnio Http\/2 | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time | |||||
| CVE-2022-24668 | 1 Apple | 1 Swiftnio Http\/2 | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | |||||
| CVE-2021-22806 | 1 Schneider-electric | 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) | |||||
| CVE-2021-22801 | 1 Schneider-electric | 1 Connexium Network Manager | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) | |||||
| CVE-2022-24666 | 1 Apple | 1 Swiftnio Http\/2 | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | |||||
| CVE-2021-35068 | 1 Qualcomm | 200 Apq8009w, Apq8009w Firmware, Aqt1000 and 197 more | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-14521 | 1 Mitsubishielectric | 47 C Controller Interface Module Utility, C Controller Module Setting And Monitoring Tool, Cc-link Ie Control Network Data Collector and 44 more | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. | |||||
| CVE-2020-26728 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. | |||||
| CVE-2022-0116 | 1 Google | 1 Chrome | 2022-02-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0115 | 1 Google | 1 Chrome | 2022-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||