Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | |||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | |||||
| CVE-2021-43045 | 1 Apache | 1 Avro | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. | |||||
| CVE-2021-46053 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | |||||
| CVE-2021-46052 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | |||||
| CVE-2022-22707 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2022-01-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. | |||||
| CVE-2021-32996 | 1 Fanuc | 18 R-30ia, R-30ia Firmware, R-30ia Mate and 15 more | 2022-01-13 | 7.8 HIGH | 7.5 HIGH |
| The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. | |||||
| CVE-2021-32998 | 1 Fanuc | 18 R-30ia, R-30ia Firmware, R-30ia Mate and 15 more | 2022-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. | |||||
| CVE-2021-38990 | 1 Ibm | 2 Aix, Vios | 2022-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. | |||||
| CVE-2021-38957 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | |||||
| CVE-2021-38956 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 | |||||
| CVE-2021-38921 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. | |||||
| CVE-2021-38895 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. | |||||
| CVE-2021-38894 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | |||||
| CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | |||||
| CVE-2021-46054 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | |||||
| CVE-2021-23568 | 1 Eggjs | 1 Extend2 | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. | |||||
| CVE-2021-39982 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. | |||||
| CVE-2021-46055 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | |||||
| CVE-2021-39981 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 4.3 MEDIUM | 5.3 MEDIUM |
| Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. | |||||
| CVE-2021-20039 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-01-13 | 9.0 HIGH | 8.8 HIGH |
| Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-30942 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-23594 | 1 Agoric | 1 Realms-shim | 2022-01-13 | 7.5 HIGH | 10.0 CRITICAL |
| All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | |||||
| CVE-2021-45456 | 1 Apache | 1 Kylin | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0. | |||||
| CVE-2021-23543 | 1 Agoric | 1 Realms-shim | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | |||||
| CVE-2021-46163 | 1 Kentico | 1 Kentico Cms | 2022-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | |||||
| CVE-2021-45458 | 1 Apache | 1 Kylin | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | |||||
| CVE-2021-27738 | 1 Apache | 1 Kylin | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2. | |||||
| CVE-2022-21648 | 1 Nette | 1 Latte | 2022-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources. | |||||
| CVE-2021-25994 | 1 Userfrosting | 1 Userfrosting | 2022-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account. | |||||
| CVE-2021-39984 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service. | |||||
| CVE-2021-39983 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2021-46147 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. | |||||
| CVE-2021-35093 | 1 Qualcomm | 4 Csr8510 A10, Csr8510 A10 Firmware, Csr8811 A12 and 1 more | 2022-01-13 | 3.3 LOW | 6.5 MEDIUM |
| Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore | |||||
| CVE-2021-46146 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | |||||
| CVE-2021-46148 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance. | |||||
| CVE-2021-41388 | 2 Apple, Netskope | 2 Macos, Netskope | 2022-01-13 | 7.2 HIGH | 7.8 HIGH |
| Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level. | |||||
| CVE-2021-45913 | 1 Controlup | 1 Controlup Agent | 2022-01-13 | 9.0 HIGH | 7.2 HIGH |
| A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | |||||
| CVE-2021-46150 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. | |||||
| CVE-2021-46149 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search. | |||||
| CVE-2021-39968 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class. | |||||
| CVE-2021-39967 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-39966 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-38576 | 1 Tianocore | 1 Edk2 | 2022-01-13 | 7.8 HIGH | 7.5 HIGH |
| A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. | |||||
| CVE-2021-37134 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 6.8 MEDIUM | 8.1 HIGH |
| Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. | |||||
| CVE-2021-37125 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. | |||||
| CVE-2020-12080 | 1 Flexera | 1 Flexnet Publisher | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. | |||||
| CVE-2021-20147 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. | |||||
| CVE-2021-40002 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | |||||
| CVE-2021-39975 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks. | |||||