Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20026 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. | |||||
| CVE-2022-20025 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. | |||||
| CVE-2022-20028 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID: ALPS06198663. | |||||
| CVE-2022-20029 | 2 Google, Mediatek | 39 Android, Mt6761, Mt6762 and 36 more | 2022-02-11 | 2.1 LOW | 4.4 MEDIUM |
| In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. | |||||
| CVE-2022-0525 | 1 Mruby | 1 Mruby | 2022-02-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | |||||
| CVE-2022-0539 | 1 Beanstalk Console Project | 1 Beanstalk Console | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. | |||||
| CVE-2022-0524 | 1 Publify Project | 1 Publify | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | |||||
| CVE-2022-0523 | 1 Radare | 1 Radare2 | 2022-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2021-38892 | 2022-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-0522 | 1 Radare | 1 Radare2 | 2022-02-11 | 5.8 MEDIUM | 7.1 HIGH |
| Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. | |||||
| CVE-2022-0521 | 1 Radare | 1 Radare2 | 2022-02-11 | 5.8 MEDIUM | 7.1 HIGH |
| Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-24677 | 1 Hyphp | 1 Hybbs2 | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. | |||||
| CVE-2022-24676 | 1 Hyphp | 1 Hybbs2 | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | |||||
| CVE-2022-0520 | 1 Radare | 1 Radare2 | 2022-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in NPM radare2.js prior to 5.6.2. | |||||
| CVE-2022-0519 | 1 Radare | 1 Radare2 | 2022-02-11 | 5.8 MEDIUM | 7.1 HIGH |
| Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2022-0518 | 1 Radare | 1 Radare2 | 2022-02-11 | 5.8 MEDIUM | 7.1 HIGH |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||
| CVE-2021-45919 | 1 Std42 | 1 Elfinder | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | |||||
| CVE-2022-0526 | 1 Chatwoot | 1 Chatwoot | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||
| CVE-2021-45329 | 1 Gitea | 1 Gitea | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | |||||
| CVE-2022-0527 | 1 Chatwoot | 1 Chatwoot | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||
| CVE-2022-0506 | 1 Microweber | 1 Microweber | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-21193 | 1 Dounokouno | 1 Transmitmail | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2021-45325 | 1 Gitea | 1 Gitea | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | |||||
| CVE-2022-0505 | 1 Microweber | 1 Microweber | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-45326 | 1 Gitea | 1 Gitea | 2022-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | |||||
| CVE-2022-0510 | 1 Pimcore | 1 Pimcore | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. | |||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2022-02-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | |||||
| CVE-2022-0139 | 1 Radare | 1 Radare2 | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. | |||||
| CVE-2021-44864 | 1 Tp-link | 2 Wn886n, Wn886n Firmware | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | |||||
| CVE-2022-23340 | 1 Joplin Project | 1 Joplin | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. | |||||
| CVE-2022-21799 | 1 Elecom | 2 Wrc-300febk-r, Wrc-300febk-r Firmware | 2022-02-11 | 2.9 LOW | 5.2 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-0504 | 1 Microweber | 1 Microweber | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-25004 | 1 Seur Oficial Project | 1 Seur Oficial | 2022-02-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. | |||||
| CVE-2022-0509 | 1 Pimcore | 1 Pimcore | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. | |||||
| CVE-2022-22146 | 1 Dounokouno | 1 Transmitmail | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-23623 | 1 Frourio | 1 Frourio | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | |||||
| CVE-2022-22532 | 1 Sap | 1 Netweaver Application Server Java | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session. | |||||
| CVE-2022-23624 | 1 Frourio | 1 Frourio-express | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | |||||
| CVE-2022-22161 | 1 Juniper | 2 Junos, Mx104 | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that an irq handled by the fman process is shown to be using a high percentage of CPU cycles like in the following example output: user@host> show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 31 root -84 -187 0K 16K WAIT 22.2H 56939.26% irq96: fman0 This issue affects Juniper Networks Junos OS: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. | |||||
| CVE-2021-30792 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2022-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30838 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-02-11 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine. | |||||
| CVE-2021-30791 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2022-02-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information. | |||||
| CVE-2021-30784 | 1 Apple | 2 Mac Os X, Macos | 2022-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip. | |||||
| CVE-2021-37728 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2022-02-11 | 8.5 HIGH | 6.5 MEDIUM |
| A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. | |||||
| CVE-2021-37725 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2022-02-11 | 8.8 HIGH | 8.1 HIGH |
| A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | |||||
| CVE-2021-37724 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2022-02-11 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. | |||||
| CVE-2021-37723 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2022-02-11 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. | |||||
| CVE-2021-30774 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-02-11 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges. | |||||
| CVE-2022-22533 | 1 Sap | 1 Netweaver Application Server Java | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. | |||||
| CVE-2022-22536 | 1 Sap | 3 Content Server, Netweaver As Abap, Web Dispatcher | 2022-02-11 | 10.0 HIGH | 10.0 CRITICAL |
| SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. | |||||