Weekly Vulnerabilities Reports > January 31 to February 6, 2022
Overview
406 new vulnerabilities reported during this period, including 88 critical vulnerabilities and 175 high severity vulnerabilities. This weekly summary report vulnerabilities in 498 products from 154 vendors including Google, Debian, Tenda, Fedoraproject, and Tendacn. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Command Injection", "Cross-site Scripting", "SQL Injection", and "Path Traversal".
- 334 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 115 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 253 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 57 reported vulnerabilities.
- Dlink has the most reported critical vulnerabilities, with 18 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
88 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-04 | CVE-2021-21960 | Sealevel | Improper Validation of Specified Quantity in Input vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. | 10.0 |
2022-02-04 | CVE-2021-21961 | Sealevel | Out-of-bounds Write vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. | 10.0 |
2022-02-06 | CVE-2013-20004 | Starwindsoftware | Resource Exhaustion vulnerability in Starwindsoftware Iscsi SAN A flaw was found in StarWind iSCSI target. | 9.8 |
2022-02-06 | CVE-2021-41816 | Ruby Lang Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. | 9.8 |
2022-02-06 | CVE-2022-22831 | Servisnet | Improper Authentication vulnerability in Servisnet Tessa 0.0.2 An issue was discovered in Servisnet Tessa 0.0.2. | 9.8 |
2022-02-06 | CVE-2022-22832 | Servisnet | Authorization Bypass Through User-Controlled Key vulnerability in Servisnet Tessa 0.0.2 An issue was discovered in Servisnet Tessa 0.0.2. | 9.8 |
2022-02-06 | CVE-2022-24552 | Starwindsoftware | OS Command Injection vulnerability in Starwindsoftware NAS and SAN A flaw was found in the REST API in StarWind Stack. | 9.8 |
2022-02-05 | CVE-2021-38172 | Debian | Classic Buffer Overflow vulnerability in Debian Perm 0.4.0 perM 0.4.0 has a Buffer Overflow related to strncpy. | 9.8 |
2022-02-04 | CVE-2021-28503 | Arista | Improper Authentication vulnerability in Arista EOS The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | 9.8 |
2022-02-04 | CVE-2021-36152 | Apache | Unspecified vulnerability in Apache Gobblin 0.15.0 Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. | 9.8 |
2022-02-04 | CVE-2021-44779 | GWA Autoresponder Project | SQL Injection vulnerability in [Gwa] Autoresponder Project [Gwa] Autoresponder 2.3 Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). | 9.8 |
2022-02-04 | CVE-2022-0365 | Riconmobile | OS Command Injection vulnerability in Riconmobile S9922L Firmware and S9922Xl Firmware The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | 9.8 |
2022-02-04 | CVE-2022-22987 | Advantech | Use of Hard-coded Credentials vulnerability in Advantech Adam-3600 Firmware 2.6.2 The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | 9.8 |
2022-02-04 | CVE-2022-23379 | Emlog | SQL Injection vulnerability in Emlog 6.0.0 Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | 9.8 |
2022-02-04 | CVE-2022-23587 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 9.8 | |
2022-02-04 | CVE-2022-23611 | Itunesrpc Remastered Project | OS Command Injection vulnerability in Itunesrpc-Remastered Project Itunesrpc-Remastered iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. | 9.8 |
2022-02-04 | CVE-2022-23614 | Symfony Fedoraproject Debian | Code Injection vulnerability in multiple products Twig is an open source template language for PHP. | 9.8 |
2022-02-04 | CVE-2022-23329 | Ujcms | Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | 9.8 |
2022-02-04 | CVE-2021-23470 | Putil Merge Project | Unspecified vulnerability in Putil-Merge Project Putil-Merge This affects the package putil-merge before 3.8.0. | 9.8 |
2022-02-04 | CVE-2021-23497 | SET Project | Unspecified vulnerability in SET Project SET 1.0.0/1.0.1 This affects the package @strikeentco/set before 1.0.2. | 9.8 |
2022-02-04 | CVE-2021-23507 | Skratchdot | Unspecified vulnerability in Skratchdot Object-Path-Set The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. | 9.8 |
2022-02-04 | CVE-2021-29393 | Globalnorthstar | OS Command Injection vulnerability in Globalnorthstar Northstar Club Management 6.3 Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters. | 9.8 |
2022-02-04 | CVE-2021-29396 | Globalnorthstar | Incorrect Permission Assignment for Critical Resource vulnerability in Globalnorthstar Northstar Club Management 6.3 Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. | 9.8 |
2022-02-04 | CVE-2022-24259 | Voipmonitor | Improper Authentication vulnerability in Voipmonitor An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. | 9.8 |
2022-02-04 | CVE-2022-24260 | Voipmonitor | SQL Injection vulnerability in Voipmonitor A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | 9.8 |
2022-02-04 | CVE-2021-44978 | Idreamsoft | Code Injection vulnerability in Idreamsoft Icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 9.8 |
2022-02-04 | CVE-2021-44247 | Totolink | Command Injection vulnerability in Totolink A3100R Firmware, A720R Firmware and A830R Firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. | 9.8 |
2022-02-04 | CVE-2021-44880 | Dlink | Command Injection vulnerability in Dlink Dir-878 Firmware and Dir-882 Firmware D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. | 9.8 |
2022-02-04 | CVE-2021-44881 | Dlink | Command Injection vulnerability in Dlink Dir-882 Firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. | 9.8 |
2022-02-04 | CVE-2021-44882 | Dlink | Command Injection vulnerability in Dlink Dir-878 Firmware D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. | 9.8 |
2022-02-04 | CVE-2021-45733 | Totolink | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. | 9.8 |
2022-02-04 | CVE-2021-45738 | Totolink | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. | 9.8 |
2022-02-04 | CVE-2021-45740 | Totolink | Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. | 9.8 |
2022-02-04 | CVE-2021-45742 | Totolink | Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. | 9.8 |
2022-02-04 | CVE-2021-45986 | Tendacn | OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. | 9.8 |
2022-02-04 | CVE-2021-45987 | Tendacn | OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. | 9.8 |
2022-02-04 | CVE-2021-45990 | Tendacn | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. | 9.8 |
2022-02-04 | CVE-2021-45998 | Dlink | Command Injection vulnerability in Dlink Dir-882 Firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. | 9.8 |
2022-02-04 | CVE-2021-46226 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. | 9.8 |
2022-02-04 | CVE-2021-46227 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. | 9.8 |
2022-02-04 | CVE-2021-46228 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. | 9.8 |
2022-02-04 | CVE-2021-46229 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. | 9.8 |
2022-02-04 | CVE-2021-46230 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. | 9.8 |
2022-02-04 | CVE-2021-46231 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. | 9.8 |
2022-02-04 | CVE-2021-46232 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. | 9.8 |
2022-02-04 | CVE-2021-46233 | Dlink | Command Injection vulnerability in Dlink Di-7200Gv2 Firmware 21.04.09E1 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. | 9.8 |
2022-02-04 | CVE-2021-46452 | Dlink | Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. | 9.8 |
2022-02-04 | CVE-2021-46453 | Dlink | Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. | 9.8 |
2022-02-04 | CVE-2021-46454 | Dlink | Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. | 9.8 |
2022-02-04 | CVE-2021-46455 | Dlink | Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. | 9.8 |
2022-02-04 | CVE-2021-46456 | Dlink | Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. | 9.8 |
2022-02-04 | CVE-2021-46457 | Dlink | Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. | 9.8 |
2022-02-04 | CVE-2022-24144 | Tenda | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. | 9.8 |
2022-02-04 | CVE-2022-24148 | Tenda | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. | 9.8 |
2022-02-04 | CVE-2022-24150 | Tenda | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. | 9.8 |
2022-02-04 | CVE-2022-24165 | Tendacn | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. | 9.8 |
2022-02-04 | CVE-2022-24167 | Tendacn | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. | 9.8 |
2022-02-04 | CVE-2022-24168 | Tendacn | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. | 9.8 |
2022-02-04 | CVE-2022-24170 | Tendacn | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. | 9.8 |
2022-02-04 | CVE-2022-24171 | Tendacn | Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. | 9.8 |
2022-02-03 | CVE-2022-24307 | Joinmastodon | Incorrect Authorization vulnerability in Joinmastodon Mastodon Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. | 9.8 |
2022-02-02 | CVE-2021-42637 | Printerlogic | Server-Side Request Forgery (SSRF) vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. | 9.8 |
2022-02-02 | CVE-2021-39070 | IBM | Unspecified vulnerability in IBM products IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. | 9.8 |
2022-02-02 | CVE-2022-21724 | Postgresql Fedoraproject Quarkus Debian | Improper Initialization vulnerability in multiple products pgjdbc is the offical PostgreSQL JDBC Driver. | 9.8 |
2022-02-02 | CVE-2022-24300 | Minetest Debian | Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. | 9.8 |
2022-02-01 | CVE-2021-46093 | Elitecms | Incorrect Default Permissions vulnerability in Elitecms Elite CMS 1.0 eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. | 9.8 |
2022-02-01 | CVE-2022-24219 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.0 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. | 9.8 |
2022-02-01 | CVE-2022-24220 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.0 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. | 9.8 |
2022-02-01 | CVE-2022-24221 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.0 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. | 9.8 |
2022-02-01 | CVE-2022-24222 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.0 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. | 9.8 |
2022-02-01 | CVE-2022-24223 | Thedigitalcraft | SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0 AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. | 9.8 |
2022-02-01 | CVE-2021-43509 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | 9.8 |
2022-02-01 | CVE-2021-43510 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | 9.8 |
2022-02-01 | CVE-2021-24762 | Getperfectsurvey | Unspecified vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. | 9.8 |
2022-02-01 | CVE-2022-0320 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques. | 9.8 |
2022-02-01 | CVE-2022-0401 | W ZIP Project | Unspecified vulnerability in W-Zip Project W-Zip Path Traversal in NPM w-zip prior to 1.0.12. | 9.8 |
2022-01-31 | CVE-2022-24263 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | 9.8 |
2022-01-31 | CVE-2021-31617 | Stormshield | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | 9.8 |
2022-01-31 | CVE-2020-36064 | Online Course Registration Project | Use of Hard-coded Credentials vulnerability in Online Course Registration Project Online Course Registration 1.0 Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | 9.8 |
2022-01-31 | CVE-2021-23520 | Juce | Path Traversal vulnerability in Juce The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. | 9.8 |
2022-02-01 | CVE-2021-24814 | Welaunch | Cross-site Scripting vulnerability in Welaunch Wordpress Gdpr&Ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. | 9.6 |
2022-02-04 | CVE-2021-21965 | Sealevel | Improper Authentication vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. | 9.3 |
2022-02-04 | CVE-2022-23609 | Itunesrpc Remastered Project | Path Traversal vulnerability in Itunesrpc-Remastered Project Itunesrpc-Remastered 3.1.0 iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. | 9.1 |
2022-02-03 | CVE-2022-23357 | Mozilo | Path Traversal vulnerability in Mozilo Mozilocms 2.0 mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | 9.1 |
2022-02-02 | CVE-2021-42640 | Printerlogic | Exposure of Resource to Wrong Sphere vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | 9.1 |
2022-02-02 | CVE-2021-24043 | Out-of-bounds Read vulnerability in Whatsapp and Whatsapp Business A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call. | 9.1 | |
2022-02-01 | CVE-2022-24218 | Elitecms | Unspecified vulnerability in Elitecms Elite CMS 1.0 An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. | 9.1 |
2022-01-31 | CVE-2021-45079 | Strongswan Debian Fedoraproject Canonical | NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | 9.1 |
175 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-06 | CVE-2021-39280 | Korenix | Unspecified vulnerability in Korenix products Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. | 8.8 |
2022-02-06 | CVE-2022-24551 | Starwindsoftware | Improper Authentication vulnerability in Starwindsoftware NAS and SAN A flaw was found in StarWind Stack. | 8.8 |
2022-02-04 | CVE-2020-7534 | Schneider Electric | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. | 8.8 |
2022-02-04 | CVE-2021-22284 | ABB | Incorrect Permission Assignment for Critical Resource vulnerability in ABB OPC Server for AC 800M Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. | 8.8 |
2022-02-04 | CVE-2021-40420 | Foxit | Use After Free vulnerability in Foxit PDF Reader 11.1.0.52543 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. | 8.8 |
2022-02-04 | CVE-2021-4154 | Linux Redhat Netapp | Use After Free vulnerability in multiple products A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. | 8.8 |
2022-02-04 | CVE-2022-0484 | Mirantis | Improper Input Validation vulnerability in Mirantis Container Cloud Lens Extension Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. | 8.8 |
2022-02-04 | CVE-2022-22150 | Foxit | Improper Handling of Exceptional Conditions vulnerability in Foxit PDF Reader 11.1.0.52543 A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. | 8.8 |
2022-02-04 | CVE-2022-22689 | Broadcom | Improper Neutralization of Formula Elements in a CSV File vulnerability in Broadcom CA Harvest Software Change Manager CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | 8.8 |
2022-02-04 | CVE-2022-22723 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. | 8.8 |
2022-02-04 | CVE-2022-22725 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy P3 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. | 8.8 |
2022-02-04 | CVE-2022-22727 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. | 8.8 |
2022-02-04 | CVE-2022-23558 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23559 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23560 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23561 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23562 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23566 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23573 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23574 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-04 | CVE-2022-23330 | Jpress | Unspecified vulnerability in Jpress 4.2.0 A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | 8.8 |
2022-02-04 | CVE-2022-24262 | Voipmonitor | Unrestricted Upload of File with Dangerous Type vulnerability in Voipmonitor The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | 8.8 |
2022-02-04 | CVE-2021-46398 | Filebrowser | Cross-Site Request Forgery (CSRF) vulnerability in Filebrowser A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. | 8.8 |
2022-02-03 | CVE-2021-45268 | Backdropcms | Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0 A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. | 8.8 |
2022-02-03 | CVE-2022-21740 | Out-of-bounds Write vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-03 | CVE-2022-21726 | Out-of-bounds Read vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-03 | CVE-2022-21727 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.8 | |
2022-02-03 | CVE-2022-23873 | Victor CMS Project | SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | 8.8 |
2022-02-02 | CVE-2022-22509 | Phoenixcontact | Improper Privilege Management vulnerability in Phoenixcontact products In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | 8.8 |
2022-02-02 | CVE-2021-39044 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2022-02-02 | CVE-2021-39066 | IBM | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 8.8 |
2022-02-02 | CVE-2021-41018 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
2022-02-02 | CVE-2022-0366 | Capsule8 | SQL Injection vulnerability in Capsule8 4.6.0/4.9.1 An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. | 8.8 |
2022-02-02 | CVE-2021-41016 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiextender Firmware A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters | 8.8 |
2022-02-02 | CVE-2021-43073 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
2022-02-01 | CVE-2021-24763 | Getperfectsurvey | Cross-Site Request Forgery (CSRF) vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. | 8.8 |
2022-02-01 | CVE-2021-24919 | Wickedplugins | SQL Injection vulnerability in Wickedplugins Wicked Folders The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. | 8.8 |
2022-02-01 | CVE-2022-23601 | Sensiolabs | Unspecified vulnerability in Sensiolabs Symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. | 8.8 |
2022-02-01 | CVE-2022-23597 | Element | Use After Free vulnerability in Element Desktop Element Desktop is a Matrix client for desktop platforms with Element Web at its core. | 8.8 |
2022-02-04 | CVE-2021-40401 | Gerbv Project Fedoraproject Debian | Unchecked Return Value vulnerability in multiple products A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. | 8.6 |
2022-02-04 | CVE-2013-20003 | Silabs | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Silabs products Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | 8.3 |
2022-02-04 | CVE-2021-21968 | Sealevel | Unspecified vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. | 8.3 |
2022-02-04 | CVE-2022-24129 | Shibboleth | Server-Side Request Forgery (SSRF) vulnerability in Shibboleth Oidc OP The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. | 8.2 |
2022-02-03 | CVE-2021-33627 | Insyde Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. | 8.2 |
2022-02-03 | CVE-2021-41837 | Insyde Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. | 8.2 |
2022-02-03 | CVE-2021-41838 | Insyde Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. | 8.2 |
2022-02-03 | CVE-2021-41839 | Insyde | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Insydeh2O An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. | 8.2 |
2022-02-03 | CVE-2021-41840 | Insyde | Allocation of Resources Without Limits or Throttling vulnerability in Insyde Insydeh2O An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. | 8.2 |
2022-02-03 | CVE-2021-41841 | Insyde | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Insyde Insydeh2O An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. | 8.2 |
2022-02-03 | CVE-2021-42060 | Insyde | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. | 8.2 |
2022-02-03 | CVE-2021-42113 | Insyde | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. | 8.2 |
2022-02-03 | CVE-2021-42554 | Insyde Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. | 8.2 |
2022-02-03 | CVE-2021-43323 | Insyde | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. | 8.2 |
2022-02-03 | CVE-2021-43615 | Insyde | Out-of-bounds Write vulnerability in Insyde Insydeh2O An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. | 8.2 |
2022-02-03 | CVE-2022-24031 | Insyde | Out-of-bounds Write vulnerability in Insyde Insydeh2O An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. | 8.2 |
2022-02-03 | CVE-2022-24069 | Insyde | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. | 8.2 |
2022-02-04 | CVE-2018-25029 | Silabs | Unspecified vulnerability in Silabs products The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. | 8.1 |
2022-02-04 | CVE-2021-21959 | Sealevel | Improper Certificate Validation vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. | 8.1 |
2022-02-04 | CVE-2021-21962 | Sealevel | Out-of-bounds Write vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. | 8.1 |
2022-02-04 | CVE-2021-21969 | Sealevel | Out-of-bounds Write vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. | 8.1 |
2022-02-04 | CVE-2021-21970 | Sealevel | Out-of-bounds Write vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. | 8.1 |
2022-02-04 | CVE-2022-23592 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.1 | |
2022-02-04 | CVE-2021-43145 | Zammad | Unspecified vulnerability in Zammad 5.0.1 With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | 8.1 |
2022-02-03 | CVE-2022-21728 | Out-of-bounds Read vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.1 | |
2022-02-03 | CVE-2022-21730 | Out-of-bounds Read vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 8.1 | |
2022-02-02 | CVE-2021-42753 | Fortinet | Path Traversal vulnerability in Fortinet Fortiweb An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | 8.1 |
2022-02-01 | CVE-2021-42638 | Printerlogic | Command Injection vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. | 8.1 |
2022-02-01 | CVE-2022-23602 | NIM Lang | Path Traversal vulnerability in Nim-Lang Docutils and Nimforum Nimforum is a lightweight alternative to Discourse written in Nim. | 8.1 |
2022-01-31 | CVE-2021-42631 | Printerlogic | Deserialization of Untrusted Data vulnerability in Printerlogic Virtual Appliance and web Stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. | 8.1 |
2022-01-31 | CVE-2021-42635 | Printerlogic | Use of Hard-coded Credentials vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. | 8.1 |
2022-02-04 | CVE-2020-12891 | AMD | Uncontrolled Search Path Element vulnerability in AMD Radeon PRO Software and Radeon Software AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. | 7.8 |
2022-02-04 | CVE-2021-29219 | HPE | Classic Buffer Overflow vulnerability in HPE products A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. | 7.8 |
2022-02-04 | CVE-2021-44204 | Acronis | Unspecified vulnerability in Acronis products Local privilege escalation via named pipe due to improper access control checks. | 7.8 |
2022-02-04 | CVE-2022-23946 | Kicad Fedoraproject Debian | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. | 7.8 |
2022-02-04 | CVE-2022-23947 | Kicad Fedoraproject Debian | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. | 7.8 |
2022-02-04 | CVE-2022-24113 | Acronis | Incorrect Default Permissions vulnerability in Acronis products Local privilege escalation due to excessive permissions assigned to child processes. | 7.8 |
2022-02-04 | CVE-2022-24115 | Acronis | Improper Verification of Cryptographic Signature vulnerability in Acronis Cyber Protect Home Office and True Image Local privilege escalation due to unrestricted loading of unsigned libraries. | 7.8 |
2022-02-04 | CVE-2021-44903 | MSI | Unspecified vulnerability in MSI Center PRO 2.0.16.0 Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. | 7.8 |
2022-02-04 | CVE-2021-44899 | MSI | Unspecified vulnerability in MSI Center 1.0.31.0 Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. | 7.8 |
2022-02-04 | CVE-2021-44900 | MSI | Unspecified vulnerability in MSI APP Player 4.280.1.6309 Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. | 7.8 |
2022-02-04 | CVE-2021-44901 | MSI | Unspecified vulnerability in MSI Dragon Center Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. | 7.8 |
2022-02-02 | CVE-2022-0443 | VIM Fedoraproject Debian | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-02-01 | CVE-2022-0417 | VIM Fedoraproject Debian | Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-01-31 | CVE-2021-23521 | Juce | Link Following vulnerability in Juce This affects the package juce-framework/JUCE before 6.1.5. | 7.8 |
2022-01-31 | CVE-2021-27971 | Alpsalpine | Unspecified vulnerability in Alpsalpine Touchpad Driver 10.3201.101.215 Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. | 7.8 |
2022-02-04 | CVE-2022-24348 | Argoproj | Path Traversal vulnerability in Argoproj Argo CD Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. | 7.7 |
2022-02-06 | CVE-2022-22833 | Servisnet | Unspecified vulnerability in Servisnet Tessa 0.0.2 An issue was discovered in Servisnet Tessa 0.0.2. | 7.5 |
2022-02-06 | CVE-2007-20001 | Starwindsoftware | Resource Exhaustion vulnerability in Starwindsoftware Iscsi SAN A flaw was found in StarWind iSCSI target. | 7.5 |
2022-02-06 | CVE-2022-23206 | Apache | Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 7.5 |
2022-02-04 | CVE-2020-12965 | AMD | Injection vulnerability in AMD products When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | 7.5 |
2022-02-04 | CVE-2021-22285 | ABB | Improper Handling of Exceptional Conditions vulnerability in ABB Pni800 Firmware and Spiet800 Firmware Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. | 7.5 |
2022-02-04 | CVE-2021-22286 | ABB | Improper Input Validation vulnerability in ABB Pni800 Firmware and Spiet800 Firmware Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | 7.5 |
2022-02-04 | CVE-2021-22288 | ABB | Improper Input Validation vulnerability in ABB Pni800 Firmware and Spiet800 Firmware Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | 7.5 |
2022-02-04 | CVE-2021-38960 | IBM | Information Exposure vulnerability in IBM products IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. | 7.5 |
2022-02-04 | CVE-2022-0481 | Mruby | Unspecified vulnerability in Mruby NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 7.5 |
2022-02-04 | CVE-2022-22722 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. | 7.5 |
2022-02-04 | CVE-2022-22724 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. | 7.5 |
2022-02-04 | CVE-2022-23590 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 7.5 | |
2022-02-04 | CVE-2022-23591 | Uncontrolled Recursion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 7.5 | |
2022-02-04 | CVE-2022-23593 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 7.5 | |
2022-02-04 | CVE-2022-23913 | Apache Netapp | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | 7.5 |
2022-02-04 | CVE-2021-29395 | Globalnorthstar | Path Traversal vulnerability in Globalnorthstar Northstar Club Management 6.3 Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. | 7.5 |
2022-02-04 | CVE-2021-29397 | Globalnorthstar | Cleartext Transmission of Sensitive Information vulnerability in Globalnorthstar Northstar Club Management 6.3 Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. | 7.5 |
2022-02-04 | CVE-2021-44977 | Idreamsoft | Path Traversal vulnerability in Idreamsoft Icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 7.5 |
2022-02-04 | CVE-2021-46320 | Openzeppelin | Improper Initialization vulnerability in Openzeppelin In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. | 7.5 |
2022-02-04 | CVE-2021-44246 | Totolink | Unspecified vulnerability in Totolink A3100R Firmware, A720R Firmware and A830R Firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. | 7.5 |
2022-02-04 | CVE-2021-45734 | Totolink | Unspecified vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. | 7.5 |
2022-02-04 | CVE-2021-45735 | Totolink | Cleartext Transmission of Sensitive Information vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | 7.5 |
2022-02-04 | CVE-2021-45736 | Totolink | Unspecified vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. | 7.5 |
2022-02-04 | CVE-2021-45737 | Totolink | Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. | 7.5 |
2022-02-04 | CVE-2021-45739 | Totolink | Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. | 7.5 |
2022-02-04 | CVE-2021-45741 | Totolink | Unspecified vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. | 7.5 |
2022-02-04 | CVE-2021-45988 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. | 7.5 |
2022-02-04 | CVE-2021-45989 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. | 7.5 |
2022-02-04 | CVE-2021-45991 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. | 7.5 |
2022-02-04 | CVE-2021-45992 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. | 7.5 |
2022-02-04 | CVE-2021-45993 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. | 7.5 |
2022-02-04 | CVE-2021-45994 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. | 7.5 |
2022-02-04 | CVE-2021-45995 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. | 7.5 |
2022-02-04 | CVE-2021-45996 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. | 7.5 |
2022-02-04 | CVE-2021-45997 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. | 7.5 |
2022-02-04 | CVE-2022-24142 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. | 7.5 |
2022-02-04 | CVE-2022-24143 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware and AX3 Firmware Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. | 7.5 |
2022-02-04 | CVE-2022-24145 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. | 7.5 |
2022-02-04 | CVE-2022-24146 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. | 7.5 |
2022-02-04 | CVE-2022-24147 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. | 7.5 |
2022-02-04 | CVE-2022-24149 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. | 7.5 |
2022-02-04 | CVE-2022-24151 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. | 7.5 |
2022-02-04 | CVE-2022-24152 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. | 7.5 |
2022-02-04 | CVE-2022-24153 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. | 7.5 |
2022-02-04 | CVE-2022-24154 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. | 7.5 |
2022-02-04 | CVE-2022-24155 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. | 7.5 |
2022-02-04 | CVE-2022-24156 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. | 7.5 |
2022-02-04 | CVE-2022-24157 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. | 7.5 |
2022-02-04 | CVE-2022-24158 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. | 7.5 |
2022-02-04 | CVE-2022-24159 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. | 7.5 |
2022-02-04 | CVE-2022-24160 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. | 7.5 |
2022-02-04 | CVE-2022-24161 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. | 7.5 |
2022-02-04 | CVE-2022-24162 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. | 7.5 |
2022-02-04 | CVE-2022-24163 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. | 7.5 |
2022-02-04 | CVE-2022-24164 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. | 7.5 |
2022-02-04 | CVE-2022-24166 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. | 7.5 |
2022-02-04 | CVE-2022-24169 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. | 7.5 |
2022-02-04 | CVE-2022-24172 | Tendacn | Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. | 7.5 |
2022-02-03 | CVE-2021-44866 | Projectworlds | SQL Injection vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. | 7.5 |
2022-02-03 | CVE-2022-24121 | Unifiedoffice | SQL Injection vulnerability in Unifiedoffice Total Connect NOW SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | 7.5 |
2022-02-03 | CVE-2021-33625 | Insyde Netapp Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. | 7.5 |
2022-02-03 | CVE-2022-23833 | Djangoproject Fedoraproject Debian | Infinite Loop vulnerability in multiple products An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. | 7.5 |
2022-02-03 | CVE-2022-24030 | Insyde | Out-of-bounds Write vulnerability in Insyde Insydeh2O An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. | 7.5 |
2022-02-03 | CVE-2020-5953 | Insyde Siemens | A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. | 7.5 |
2022-02-03 | CVE-2021-43522 | Insyde | Out-of-bounds Write vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. | 7.5 |
2022-02-02 | CVE-2021-42641 | Printerlogic | Exposure of Resource to Wrong Sphere vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | 7.5 |
2022-02-02 | CVE-2021-42642 | Printerlogic | Cleartext Storage of Sensitive Information vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. | 7.5 |
2022-02-02 | CVE-2022-22510 | Codesys | NULL Pointer Dereference vulnerability in Codesys Profinet 4.2.0.0 Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. | 7.5 |
2022-02-01 | CVE-2021-25093 | Ylefebvre | Unspecified vulnerability in Ylefebvre Link Library The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | 7.5 |
2022-02-01 | CVE-2021-41040 | Eclipse | Out-of-bounds Read vulnerability in Eclipse Wakaama 1.0 In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. | 7.5 |
2022-02-01 | CVE-2021-43859 | Xstream Project Fedoraproject Debian Oracle | Resource Exhaustion vulnerability in multiple products XStream is an open source java library to serialize objects to XML and back again. | 7.5 |
2022-02-01 | CVE-2022-23596 | Junrar Project | Infinite Loop vulnerability in Junrar Project Junrar Junrar is an open source java RAR archive library. | 7.5 |
2022-02-01 | CVE-2021-46669 | Mariadb Fedoraproject Debian | Use After Free vulnerability in multiple products MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | 7.5 |
2022-01-31 | CVE-2022-24264 | Cuppacms | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | 7.5 |
2022-01-31 | CVE-2022-24265 | Cuppacms | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | 7.5 |
2022-01-31 | CVE-2022-24266 | Cuppacms | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | 7.5 |
2022-01-31 | CVE-2021-46459 | Victor CMS Project | SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. | 7.5 |
2022-01-31 | CVE-2021-46458 | Victor CMS Project | SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. | 7.5 |
2022-01-31 | CVE-2021-46101 | Gitforwindows | Unspecified vulnerability in Gitforwindows GIT 2.34.1 In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. | 7.5 |
2022-01-31 | CVE-2021-34805 | Land Software | Path Traversal vulnerability in Land-Software Faust Iserver An issue was discovered in FAUST iServer before 9.0.019.019.7. | 7.5 |
2022-02-04 | CVE-2021-21964 | Sealevel | Missing Authentication for Critical Function vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. | 7.4 |
2022-02-04 | CVE-2021-44205 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect Home Office and True Image Local privilege escalation due to DLL hijacking vulnerability. | 7.3 |
2022-02-04 | CVE-2021-44206 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect Home Office and True Image Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. | 7.3 |
2022-02-02 | CVE-2021-36193 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. | 7.2 |
2022-01-31 | CVE-2021-28962 | Stormshield | Unspecified vulnerability in Stormshield Network Security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 |
2022-01-31 | CVE-2021-44255 | Motioneye Project Motioneyeos Project | Missing Authentication for Critical Function vulnerability in multiple products Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. | 7.2 |
2022-02-04 | CVE-2021-32036 | Mongodb | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |
2022-02-04 | CVE-2022-23805 | Trendmicro | Out-of-bounds Read vulnerability in Trendmicro Worry-Free Business Security 10.0 A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. | 7.1 |
2022-02-04 | CVE-2022-24114 | Acronis | Race Condition vulnerability in Acronis Cyber Protect Home Office and True Image Local privilege escalation due to race condition on application startup. | 7.0 |
139 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-04 | CVE-2021-29218 | HPE | Unquoted Search Path or Element vulnerability in HPE products A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. | 6.7 |
2022-02-03 | CVE-2021-42059 | Insyde Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. | 6.7 |
2022-02-04 | CVE-2021-32732 | Xwiki | Cross-Site Request Forgery (CSRF) vulnerability in Xwiki ### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. | 6.5 |
2022-02-04 | CVE-2021-38130 | Microfocus | Unspecified vulnerability in Microfocus Voltage Securemail A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. | 6.5 |
2022-02-04 | CVE-2022-22726 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. | 6.5 |
2022-02-04 | CVE-2022-23557 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23564 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23565 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23570 | Reachable Assertion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23571 | Reachable Assertion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23572 | Reachable Assertion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23575 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23576 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23577 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23579 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23580 | Improper Validation of Specified Quantity in Input vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23581 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23582 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23583 | Type Confusion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23584 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23585 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23586 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23588 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23589 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23595 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-04 | CVE-2022-23600 | Fleetdm | Improper Authentication vulnerability in Fleetdm Fleet fleet is an open source device management, built on osquery. | 6.5 |
2022-02-04 | CVE-2021-29394 | Globalnorthstar | Incorrect Authorization vulnerability in Globalnorthstar Northstar Club Management 6.3 Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request. | 6.5 |
2022-02-03 | CVE-2022-21741 | Divide By Zero vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21737 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21738 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21739 | NULL Pointer Dereference vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21725 | Divide By Zero vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21729 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21734 | Type Confusion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21735 | Divide By Zero vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-23569 | Reachable Assertion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21731 | Type Confusion vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21732 | Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21733 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-21736 | NULL Pointer Dereference vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-23567 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-03 | CVE-2022-23568 | Integer Overflow or Wraparound vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.5 | |
2022-02-02 | CVE-2022-24301 | Minetest Debian | Incorrect Default Permissions vulnerability in multiple products In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. | 6.5 |
2022-02-01 | CVE-2022-24196 | Itextpdf | Allocation of Resources Without Limits or Throttling vulnerability in Itextpdf Itext iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
2022-02-01 | CVE-2022-24197 | Itextpdf | Out-of-bounds Write vulnerability in Itextpdf Itext iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
2022-02-01 | CVE-2022-24198 | Itextpdf | Out-of-bounds Read vulnerability in Itextpdf Itext 7.1.17 iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
2022-02-01 | CVE-2021-44451 | Apache | Insufficiently Protected Credentials vulnerability in Apache Superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. | 6.5 |
2022-02-01 | CVE-2021-24761 | Bestwebsoft | Unspecified vulnerability in Bestwebsoft Error LOG Viewer The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. | 6.5 |
2022-02-01 | CVE-2021-25072 | Nextscripts | Unspecified vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack | 6.5 |
2022-02-01 | CVE-2021-25092 | Ylefebvre | Unspecified vulnerability in Ylefebvre Link Library The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack | 6.5 |
2022-02-01 | CVE-2021-25097 | Creativityjuice | Unspecified vulnerability in Creativityjuice Labtools 1.0 The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | 6.5 |
2022-02-01 | CVE-2021-41571 | Apache | Unspecified vulnerability in Apache Pulsar In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. | 6.5 |
2022-02-01 | CVE-2022-21687 | Github | Improper Input Validation vulnerability in Github Gh-Ost gh-ost is a triggerless online schema migration solution for MySQL. | 6.5 |
2022-02-01 | CVE-2022-23607 | Twistedmatrix Debian | Forced Browsing vulnerability in multiple products treq is an HTTP library inspired by requests but written on top of Twisted's Agents. | 6.5 |
2022-01-31 | CVE-2021-40042 | Huawei | Release of Invalid Pointer or Reference vulnerability in Huawei products There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. | 6.5 |
2022-02-04 | CVE-2021-40403 | Gerbv Project Fedoraproject Debian | An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. | 6.3 |
2022-02-04 | CVE-2022-23563 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 6.3 | |
2022-02-05 | CVE-2022-0501 | Beanstalk Console Project | Cross-site Scripting vulnerability in Beanstalk Console Project Beanstalk Console Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. | 6.1 |
2022-02-05 | CVE-2022-0437 | Karma Project | Unspecified vulnerability in Karma Project Karma Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. | 6.1 |
2022-02-04 | CVE-2022-0218 | Codemiq | Cross-site Scripting vulnerability in Codemiq Wordpress Email Template Designer The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. | 6.1 |
2022-02-04 | CVE-2022-0380 | Fotobook Project | Cross-site Scripting vulnerability in Fotobook Project Fotobook The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER['PHP_SELF'] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. | 6.1 |
2022-02-04 | CVE-2022-0381 | Embed Swagger Project | Cross-site Scripting vulnerability in Embed Swagger Project Embed Swagger 1.0.0 The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. | 6.1 |
2022-02-04 | CVE-2022-23980 | YET Another Stars Rating Project | Cross-site Scripting vulnerability in YET Another Stars Rating Project YET Another Stars Rating Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. | 6.1 |
2022-02-04 | CVE-2021-45408 | Seeddms | Open Redirect vulnerability in Seeddms 6.0.15 Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. | 6.1 |
2022-02-04 | CVE-2021-43635 | Codex Project | Cross-site Scripting vulnerability in Codex Project Codex A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | 6.1 |
2022-02-03 | CVE-2022-22818 | Djangoproject Fedoraproject Debian | Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. | 6.1 |
2022-02-02 | CVE-2022-0432 | Joinmastodon | Unspecified vulnerability in Joinmastodon Mastodon Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. | 6.1 |
2022-02-02 | CVE-2021-42639 | Printerlogic | Cross-site Scripting vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. | 6.1 |
2022-02-02 | CVE-2020-26208 | Jhead Project | Out-of-bounds Write vulnerability in Jhead Project Jhead JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. | 6.1 |
2022-02-02 | CVE-2021-43062 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortimail A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. | 6.1 |
2022-02-01 | CVE-2021-38560 | Ivanti | Cross-site Scripting vulnerability in Ivanti Service Manager 2021.1 Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. | 6.1 |
2022-02-01 | CVE-2021-24648 | Metagauss | Cross-site Scripting vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-01 | CVE-2021-24764 | Getperfectsurvey | Cross-site Scripting vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues | 6.1 |
2022-02-01 | CVE-2021-24765 | Getperfectsurvey | Cross-site Scripting vulnerability in Getperfectsurvey Perfect Survey The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue | 6.1 |
2022-02-01 | CVE-2021-24926 | Domaincheckplugin | Cross-site Scripting vulnerability in Domaincheckplugin Domain Check The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-02-01 | CVE-2021-24934 | Yellowpencil | Unspecified vulnerability in Yellowpencil Visual CSS Style Editor The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-02-01 | CVE-2021-24937 | Asset Cleanup | Unspecified vulnerability in Asset Cleanup: Page Speed Booster Project Asset Cleanup: Page Speed Booster The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-02-01 | CVE-2021-24975 | Nextscripts | Unspecified vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue | 6.1 |
2022-02-01 | CVE-2021-24983 | Asset Cleanup | Cross-site Scripting vulnerability in Asset Cleanup: Page Speed Booster Project Asset Cleanup: Page Speed Booster The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-02-01 | CVE-2021-25063 | Cf7Skins | Unspecified vulnerability in Cf7Skins Contact Form 7 Skins 2.5.0 The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-01 | CVE-2021-25085 | Pluginus | Unspecified vulnerability in Pluginus Woocommerce products Filter The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-01 | CVE-2021-25089 | Updraftplus | Unspecified vulnerability in Updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-01 | CVE-2021-25091 | Ylefebvre | Unspecified vulnerability in Ylefebvre Link Library The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-01 | CVE-2021-45416 | Rosariosis | Cross-site Scripting vulnerability in Rosariosis 8.2.1 Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | 6.1 |
2022-02-01 | CVE-2022-0220 | Welaunch | Improper Encoding or Escaping of Output vulnerability in Welaunch Wordpress Gdpr&Ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. | 6.1 |
2022-02-01 | CVE-2022-23603 | Itunesrpc Remastered Project | Improper Encoding or Escaping of Output vulnerability in Itunesrpc-Remastered Project Itunesrpc-Remastered iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. | 6.1 |
2022-02-04 | CVE-2021-21963 | Sealevel | Missing Encryption of Sensitive Data vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. | 5.9 |
2022-02-04 | CVE-2021-21971 | Sealevel | Out-of-bounds Write vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. | 5.9 |
2022-02-01 | CVE-2021-43848 | Dena | Unspecified vulnerability in Dena H2O h2o is an open source http server. | 5.9 |
2022-02-04 | CVE-2020-12966 | AMD | Information Exposure vulnerability in AMD products AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). | 5.5 |
2022-02-04 | CVE-2021-36151 | Apache | Information Exposure vulnerability in Apache Gobblin 0.15.0 In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. | 5.5 |
2022-02-04 | CVE-2021-4043 | Gpac Debian | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. | 5.5 |
2022-02-04 | CVE-2022-0264 | Linux | Improper Handling of Exceptional Conditions vulnerability in Linux Kernel A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. | 5.5 |
2022-02-04 | CVE-2022-0487 | Linux Redhat Debian | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. | 5.5 |
2022-02-04 | CVE-2022-23594 | Out-of-bounds Write vulnerability in Google Tensorflow 2.7.0 Tensorflow is an Open Source Machine Learning Framework. | 5.5 | |
2022-02-04 | CVE-2021-45429 | Virustotal | Classic Buffer Overflow vulnerability in Virustotal Yara A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. | 5.5 |
2022-02-04 | CVE-2022-24249 | Gpac | NULL Pointer Dereference vulnerability in Gpac A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. | 5.5 |
2022-02-01 | CVE-2022-0419 | Radare Fedoraproject | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | 5.5 |
2022-02-01 | CVE-2021-46661 | Mariadb Fedoraproject | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | 5.5 |
2022-02-01 | CVE-2021-46662 | Mariadb | Unspecified vulnerability in Mariadb MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | 5.5 |
2022-02-01 | CVE-2021-46663 | Mariadb Fedoraproject | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. | 5.5 |
2022-02-01 | CVE-2021-46664 | Mariadb Fedoraproject | NULL Pointer Dereference vulnerability in multiple products MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | 5.5 |
2022-02-01 | CVE-2021-46665 | Mariadb Fedoraproject | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | 5.5 |
2022-02-01 | CVE-2021-46666 | Mariadb | Reachable Assertion vulnerability in Mariadb MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | 5.5 |
2022-02-01 | CVE-2021-46667 | Mariadb Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. | 5.5 |
2022-02-01 | CVE-2021-46668 | Mariadb Fedoraproject | Resource Exhaustion vulnerability in multiple products MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | 5.5 |
2022-01-31 | CVE-2021-40033 | Huawei | Unspecified vulnerability in Huawei products There is an information exposure vulnerability on several Huawei Products. | 5.5 |
2022-01-31 | CVE-2022-0286 | Linux Oracle | NULL Pointer Dereference vulnerability in multiple products A flaw was found in the Linux kernel. | 5.5 |
2022-01-31 | CVE-2022-24130 | Invisible Island Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | 5.5 |
2022-02-06 | CVE-2022-0502 | Livehelperchat | Unspecified vulnerability in Livehelperchat Live Helper Chat Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | 5.4 |
2022-02-04 | CVE-2021-43841 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
2022-02-04 | CVE-2022-0472 | Laracom Project | Unrestricted Upload of File with Dangerous Type vulnerability in Laracom Project Laracom Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | 5.4 |
2022-02-04 | CVE-2022-22804 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. | 5.4 |
2022-02-03 | CVE-2022-23871 | Gibbonedu | Cross-site Scripting vulnerability in Gibbonedu Gibbon 22.0.01 Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | 5.4 |
2022-02-01 | CVE-2021-46253 | Anchorcms | Cross-site Scripting vulnerability in Anchorcms Anchor CMS 0.12.7 A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. | 5.4 |
2022-01-31 | CVE-2020-36056 | Beetel | Cross-site Scripting vulnerability in Beetel 777Vr1 Firmware 01.00.0955 Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. | 5.4 |
2022-02-04 | CVE-2021-46671 | Atftp Project Debian | Out-of-bounds Read vulnerability in multiple products options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | 5.3 |
2022-02-04 | CVE-2021-29398 | Globalnorthstar | Path Traversal vulnerability in Globalnorthstar Northstar Club Management 6.3 Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | 5.3 |
2022-02-04 | CVE-2021-44886 | Zammad | Unspecified vulnerability in Zammad 5.0.2 In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. | 5.3 |
2022-02-02 | CVE-2021-39021 | IBM | Information Exposure Through Discrepancy vulnerability in IBM Guardium Data Encryption 5.0.0.2 IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. | 5.3 |
2022-02-02 | CVE-2021-42633 | Printerlogic | SQL Injection vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. | 5.3 |
2022-02-01 | CVE-2021-44746 | NEC | Unspecified vulnerability in NEC products UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained. | 5.3 |
2022-02-01 | CVE-2021-24775 | Bplugins | Exposure of Resource to Wrong Sphere vulnerability in Bplugins Document Embedder The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. | 5.3 |
2022-02-01 | CVE-2022-23774 | Docker | Unspecified vulnerability in Docker Desktop Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | 5.3 |
2022-01-31 | CVE-2022-21659 | Flask Appbuilder Project | Information Exposure Through Discrepancy vulnerability in Flask-Appbuilder Project Flask-Appbuilder Flask-AppBuilder is an application development framework, built on top of the Flask web framework. | 5.3 |
2022-02-04 | CVE-2022-22939 | Vmware | Information Exposure Through Log Files vulnerability in VMWare Cloud Foundation VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. | 4.9 |
2022-02-04 | CVE-2021-44983 | Taogogo | Files or Directories Accessible to External Parties vulnerability in Taogogo Taocms 3.0.1 In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | 4.9 |
2022-02-04 | CVE-2022-23316 | Taogogo | Files or Directories Accessible to External Parties vulnerability in Taogogo Taocms 3.0.2 An issue was discovered in taoCMS v3.0.2. | 4.9 |
2022-01-31 | CVE-2022-23409 | Ethercreative | Path Traversal vulnerability in Ethercreative Logs The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | 4.9 |
2022-02-01 | CVE-2021-24686 | Benbodhi | Cross-site Scripting vulnerability in Benbodhi SVG Support The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-02-01 | CVE-2021-24707 | ND Learning Project | Cross-site Scripting vulnerability in Nd-Learning Project Nd-Learning The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-02-01 | CVE-2021-24900 | Wpmanageninja | Unspecified vulnerability in Wpmanageninja Ninja Tables The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-02-01 | CVE-2021-24944 | Cusmin | Unspecified vulnerability in Cusmin Absolutely Glamorous Custom Admin The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-01-31 | CVE-2022-23872 | Emlog | Cross-site Scripting vulnerability in Emlog 1.1.1 Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | 4.8 |
2022-01-31 | CVE-2021-44114 | Stock Management System Project | Cross-site Scripting vulnerability in Stock Management System Project Stock Management System 1.0 Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. | 4.8 |
2022-02-04 | CVE-2022-23578 | Unspecified vulnerability in Google Tensorflow Tensorflow is an Open Source Machine Learning Framework. | 4.3 | |
2022-02-02 | CVE-2021-36177 | Fortinet | Unspecified vulnerability in Fortinet Fortiauthenticator An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. | 4.3 |
2022-02-01 | CVE-2021-24868 | Bplugins | Exposure of Resource to Wrong Sphere vulnerability in Bplugins Document Embedder The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. | 4.3 |
2022-01-31 | CVE-2022-0414 | Dolibarr | Unspecified vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-04 | CVE-2022-0317 | Improper Input Validation vulnerability in Google Go-Attestation An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. | 3.3 | |
2022-02-04 | CVE-2022-24448 | Linux Debian | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. | 3.3 |
2022-02-01 | CVE-2020-8562 | Kubernetes | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Kubernetes As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. | 3.1 |
2022-02-04 | CVE-2022-23605 | Wire | Improper Cross-boundary Removal of Sensitive Data vulnerability in Wire Wire-Webapp Wire webapp is a web client for the wire messaging protocol. | 2.3 |