Weekly Vulnerabilities Reports > February 14 to 20, 2022
Overview
534 new vulnerabilities reported during this period, including 93 critical vulnerabilities and 245 high severity vulnerabilities. This weekly summary report vulnerabilities in 606 products from 213 vendors including Bentley, Fedoraproject, Jenkins, Debian, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Cross-Site Request Forgery (CSRF)", and "Missing Authorization".
- 341 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 110 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 377 reported vulnerabilities are exploitable by an anonymous user.
- Bentley has the most reported vulnerabilities, with 95 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
93 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-18 | CVE-2022-0543 | Redis | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |
2022-02-15 | CVE-2021-46250 | Scratchoauth2 Project | Unspecified vulnerability in Scratchoauth2 Project Scratchoauth2 An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2. | 10.0 |
2022-02-16 | CVE-2021-3781 | Artifex Fedoraproject | OS Command Injection vulnerability in multiple products A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. | 9.9 |
2022-02-20 | CVE-2022-23848 | Alluxio | Unspecified vulnerability in Alluxio In Alluxio before 2.7.3, the logserver does not validate the input stream. | 9.8 |
2022-02-19 | CVE-2016-1239 | Debian | Unspecified vulnerability in Debian Duck duck before 0.10 did not properly handle loading of untrusted code from the current directory. | 9.8 |
2022-02-19 | CVE-2022-25130 | Totolink | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25131 | Totolink | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25132 | Totolink | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25133 | Totolink | Command Injection vulnerability in Totolink T6 Firmware V4.1.5Cu.748B20211015 A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25134 | Totolink | Command Injection vulnerability in Totolink T6 Firmware V4.1.5Cu.748B20211015 A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25135 | Totolink | Command Injection vulnerability in Totolink T6 Firmware V4.1.5Cu.748B20211015 A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25136 | Totolink | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-19 | CVE-2022-25137 | Totolink | Command Injection vulnerability in Totolink T10 Firmware and T6 Firmware A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2022-02-18 | CVE-2021-29655 | Pexip | Insufficient Verification of Data Authenticity vulnerability in Pexip Infinity Connect Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. | 9.8 |
2022-02-18 | CVE-2021-29656 | Pexip | Improper Certificate Validation vulnerability in Pexip Infinity Connect Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. | 9.8 |
2022-02-18 | CVE-2021-46110 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Online Shopping Portal 3.1 Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | 9.8 |
2022-02-18 | CVE-2021-23702 | Object Extend Project | Unspecified vulnerability in Object-Extend Project Object-Extend 0.5.0 The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend. | 9.8 |
2022-02-18 | CVE-2022-24047 | BMC | Improper Authentication vulnerability in BMC Track-It! 20.21.01.102 This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. | 9.8 |
2022-02-18 | CVE-2022-24049 | Sonos | Out-of-bounds Write vulnerability in Sonos S1 and S2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). | 9.8 |
2022-02-18 | CVE-2021-46036 | Mingsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | 9.8 |
2022-02-18 | CVE-2021-20325 | Redhat | Server-Side Request Forgery (SSRF) vulnerability in Redhat Enterprise Linux 8.5.0 Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. | 9.8 |
2022-02-18 | CVE-2021-26618 | Tmax | Improper Input Validation vulnerability in Tmax Tooffice 3.15.5 An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. | 9.8 |
2022-02-18 | CVE-2021-3657 | Isync Project Fedoraproject Redhat Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in mbsync versions prior to 1.4.4. | 9.8 |
2022-02-18 | CVE-2021-45401 | Tendacn | Command Injection vulnerability in Tendacn Ac10U Firmware 15.03.06.49Multi A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. | 9.8 |
2022-02-18 | CVE-2022-21141 | Airspan | Incorrect Authorization vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. | 9.8 |
2022-02-18 | CVE-2022-21143 | Airspan | OS Command Injection vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands. | 9.8 |
2022-02-18 | CVE-2022-21196 | Airspan | Unspecified vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. | 9.8 |
2022-02-18 | CVE-2022-21215 | Airspan | Server-Side Request Forgery (SSRF) vulnerability in Airspan products This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. | 9.8 |
2022-02-18 | CVE-2022-25337 | Ibexa | Injection vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 9.8 |
2022-02-18 | CVE-2022-25322 | Zerof | SQL Injection vulnerability in Zerof web Server 2.0 ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | 9.8 |
2022-02-18 | CVE-2022-0631 | Mruby | Unspecified vulnerability in Mruby Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 9.8 |
2022-02-18 | CVE-2022-0664 | Gravitl | Unspecified vulnerability in Gravitl Netmaker Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | 9.8 |
2022-02-18 | CVE-2022-25315 | Libexpat Project Debian Fedoraproject Oracle Siemens | Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | 9.8 |
2022-02-18 | CVE-2022-22922 | TP Link | Use of Insufficiently Random Values vulnerability in Tp-Link Tl-Wa850Re Firmware TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | 9.8 |
2022-02-17 | CVE-2021-46315 | Dlink | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. | 9.8 |
2022-02-17 | CVE-2021-46319 | Dlink | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. | 9.8 |
2022-02-17 | CVE-2022-22916 | Zoneland | Unspecified vulnerability in Zoneland O2Oa 6.4.7 O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. | 9.8 |
2022-02-17 | CVE-2021-45382 | Dlink | OS Command Injection vulnerability in Dlink products A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. | 9.8 |
2022-02-17 | CVE-2021-46314 | Dlink | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | 9.8 |
2022-02-17 | CVE-2022-22912 | Plist Project | Unspecified vulnerability in Plist Project Plist Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution. | 9.8 |
2022-02-17 | CVE-2021-44868 | Mingsoft | SQL Injection vulnerability in Mingsoft Mcms 5.1 A problem was found in ming-soft MCMS v5.1. | 9.8 |
2022-02-16 | CVE-2022-22880 | Jeecg | SQL Injection vulnerability in Jeecg Boot 2.3/3.0 Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | 9.8 |
2022-02-16 | CVE-2022-22881 | Jeecg | SQL Injection vulnerability in Jeecg Boot 2.3/3.0 Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | 9.8 |
2022-02-16 | CVE-2022-22885 | Hutool | Improper Certificate Validation vulnerability in Hutool 5.7.18 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | 9.8 |
2022-02-16 | CVE-2022-24984 | Jqueryform | Unrestricted Upload of File with Dangerous Type vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. | 9.8 |
2022-02-16 | CVE-2021-43299 | Teluu Debian | Stack overflow in PJSUA API when calling pjsua_player_create. | 9.8 |
2022-02-16 | CVE-2021-43300 | Teluu Debian | Stack overflow in PJSUA API when calling pjsua_recorder_create. | 9.8 |
2022-02-16 | CVE-2021-43301 | Teluu Debian | Stack overflow in PJSUA API when calling pjsua_playlist_create. | 9.8 |
2022-02-16 | CVE-2021-43303 | Teluu Debian | Buffer overflow in PJSUA API when calling pjsua_call_dump. | 9.8 |
2022-02-16 | CVE-2021-3242 | Duxcms Project | SQL Injection vulnerability in Duxcms Project Duxcms 3.1.3 DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | 9.8 |
2022-02-16 | CVE-2021-3773 | Linux Fedoraproject Redhat Oracle | A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | 9.8 |
2022-02-16 | CVE-2021-23682 | Appwrite Litespeed JS Project | This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. | 9.8 |
2022-02-16 | CVE-2022-23358 | Easycms | SQL Injection vulnerability in Easycms 1.6 EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. | 9.8 |
2022-02-16 | CVE-2022-0559 | Radare Fedoraproject | Use After Free vulnerability in multiple products Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | 9.8 |
2022-02-16 | CVE-2022-25235 | Libexpat Project Debian Fedoraproject Oracle Siemens | Improper Encoding or Escaping of Output vulnerability in multiple products xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | 9.8 |
2022-02-16 | CVE-2022-25236 | Libexpat Project Debian Oracle Siemens | Exposure of Resource to Wrong Sphere vulnerability in multiple products xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | 9.8 |
2022-02-15 | CVE-2021-33945 | Ricoh | Out-of-bounds Write vulnerability in Ricoh products RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. | 9.8 |
2022-02-15 | CVE-2021-37354 | Xerox | Out-of-bounds Write vulnerability in Xerox Phaser 4622 Firmware 35.013.01.000 Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. | 9.8 |
2022-02-15 | CVE-2021-46262 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac11 Firmware 02.03.01.104Cn Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. | 9.8 |
2022-02-15 | CVE-2021-46263 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac11 Firmware 02.03.01.104Cn Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. | 9.8 |
2022-02-15 | CVE-2021-46264 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac11 Firmware 02.03.01.104Cn Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. | 9.8 |
2022-02-15 | CVE-2021-46265 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac11 Firmware 02.03.01.104Cn Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. | 9.8 |
2022-02-15 | CVE-2021-46321 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac11 Firmware 02.03.01.104Cn Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. | 9.8 |
2022-02-15 | CVE-2021-43049 | Tibco | Unspecified vulnerability in Tibco Businessconnect 1.1.0 The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. | 9.8 |
2022-02-15 | CVE-2022-22770 | Tibco | Unspecified vulnerability in Tibco Auditsafe 1.1.0 The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. | 9.8 |
2022-02-14 | CVE-2021-45005 | Artifex | Out-of-bounds Write vulnerability in Artifex Mujs 1.1.3 Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. | 9.8 |
2022-02-14 | CVE-2021-46461 | Nginx | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nginx NJS njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. | 9.8 |
2022-02-14 | CVE-2021-46463 | F5 | Type Confusion vulnerability in F5 NJS njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | 9.8 |
2022-02-14 | CVE-2021-4201 | Forgerock | Improper Authentication vulnerability in Forgerock Access Management Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. | 9.8 |
2022-02-14 | CVE-2022-0582 | Wireshark Fedoraproject Debian | NULL Pointer Dereference vulnerability in multiple products Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | 9.8 |
2022-02-14 | CVE-2022-23992 | Broadcom | Improper Input Validation vulnerability in Broadcom Xcom Data Transport 11.6 XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | 9.8 |
2022-02-14 | CVE-2022-24704 | Accel PPP | Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0 The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. | 9.8 |
2022-02-14 | CVE-2022-24705 | Accel PPP | Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0 The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. | 9.8 |
2022-02-14 | CVE-2022-25139 | F5 | Use After Free vulnerability in F5 NJS njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | 9.8 |
2022-02-14 | CVE-2022-22295 | Metinfo | SQL Injection vulnerability in Metinfo 7.5.0 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | 9.8 |
2022-02-14 | CVE-2022-23335 | Metinfo | SQL Injection vulnerability in Metinfo 7.5.0 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | 9.8 |
2022-02-14 | CVE-2022-23336 | S CMS | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | 9.8 |
2022-02-14 | CVE-2022-23337 | Dedecms | SQL Injection vulnerability in Dedecms 5.7.87 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | 9.8 |
2022-02-14 | CVE-2022-23389 | Publiccms | OS Command Injection vulnerability in Publiccms 4.0 PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | 9.8 |
2022-02-14 | CVE-2022-23390 | Diyhi | Unrestricted Upload of File with Dangerous Type vulnerability in Diyhi BBS Forum An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | 9.8 |
2022-02-14 | CVE-2022-23902 | Tongda2000 | SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere 11.10 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | 9.8 |
2022-02-14 | CVE-2022-24206 | Tongda2000 | SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere 11.10 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | 9.8 |
2022-02-14 | CVE-2022-24988 | Galois 2P8 Project | Off-by-one Error vulnerability in Galois 2P8 Project Galois 2P8 0.1.0/0.1.1 In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. | 9.8 |
2022-02-14 | CVE-2021-45420 | Emerson | Exposure of Resource to Wrong Sphere vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. | 9.8 |
2022-02-14 | CVE-2022-0570 | Mruby | Unspecified vulnerability in Mruby Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 9.8 |
2022-02-14 | CVE-2022-24977 | Impresscms | Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. | 9.8 |
2022-02-20 | CVE-2022-0686 | URL Parse Project | Unspecified vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | 9.1 |
2022-02-18 | CVE-2021-46063 | Mingsoft | Code Injection vulnerability in Mingsoft Mcms 5.2.5 MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | 9.1 |
2022-02-18 | CVE-2021-26619 | Bigfile | Path Traversal vulnerability in Bigfile Bigfileagent An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. | 9.1 |
2022-02-18 | CVE-2022-0671 | Redhat | Server-Side Request Forgery (SSRF) vulnerability in Redhat Vscode-Xml A flaw was found in vscode-xml in versions prior to 0.19.0. | 9.1 |
2022-02-17 | CVE-2022-0623 | Mruby | Unspecified vulnerability in Mruby Out-of-bounds Read in Homebrew mruby prior to 3.2. | 9.1 |
2022-02-16 | CVE-2021-43302 | Teluu Debian | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. | 9.1 |
2022-02-14 | CVE-2022-24976 | Atheme | Improper Authentication vulnerability in Atheme Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. | 9.1 |
245 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-19 | CVE-2022-23375 | Wikidocs | Unrestricted Upload of File with Dangerous Type vulnerability in Wikidocs 0.1.18 WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. | 8.8 |
2022-02-19 | CVE-2021-44302 | Baicloud CMS Project | SQL Injection vulnerability in Baicloud-Cms Project Baicloud-Cms 2.5.7 BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | 8.8 |
2022-02-18 | CVE-2022-23642 | Sourcegraph | Missing Authorization vulnerability in Sourcegraph Sourcegraph is a code search and navigation engine. | 8.8 |
2022-02-18 | CVE-2022-23650 | Gravitl | Use of Hard-coded Credentials vulnerability in Gravitl Netmaker Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. | 8.8 |
2022-02-18 | CVE-2022-24046 | Sonos | Integer Underflow (Wrap or Wraparound) vulnerability in Sonos S1 and S2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). | 8.8 |
2022-02-18 | CVE-2022-24354 | TP Link | Unspecified vulnerability in Tp-Link Ac1750 Firmware 190726/201029/201030 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. | 8.8 |
2022-02-18 | CVE-2022-24355 | TP Link | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr940N Firmware 3.20.1/62111113.20.1/63.19.1 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. | 8.8 |
2022-02-18 | CVE-2022-24356 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. | 8.8 |
2022-02-18 | CVE-2022-24357 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24358 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24359 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24360 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24361 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24362 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24363 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24364 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24365 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24366 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24367 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24369 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2022-24971 | Foxit | Out-of-bounds Read vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. | 8.8 |
2022-02-18 | CVE-2020-25718 | Samba Fedoraproject | Missing Authorization vulnerability in multiple products A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). | 8.8 |
2022-02-18 | CVE-2020-25722 | Samba Debian Fedoraproject Canonical | Incorrect Authorization vulnerability in multiple products Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. | 8.8 |
2022-02-18 | CVE-2021-4093 | Linux Redhat Fedoraproject Canonical | Out-of-bounds Write vulnerability in multiple products A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). | 8.8 |
2022-02-18 | CVE-2021-41599 | Github | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |
2022-02-17 | CVE-2021-44730 | Canonical Fedoraproject Debian | Link Following vulnerability in multiple products snapd 2.54.2 did not properly validate the location of the snap-confine binary. | 8.8 |
2022-02-16 | CVE-2022-24985 | Jqueryform | Unspecified vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. | 8.8 |
2022-02-16 | CVE-2022-23644 | Joinbookwyrm | Unspecified vulnerability in Joinbookwyrm Bookwyrm BookWyrm is a decentralized social network for tracking reading habits and reviewing books. | 8.8 |
2022-02-16 | CVE-2021-39297 | HP | Unspecified vulnerability in HP products Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. | 8.8 |
2022-02-16 | CVE-2021-39298 | HP | Unspecified vulnerability in HP products A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware. | 8.8 |
2022-02-16 | CVE-2021-39299 | HP | Unspecified vulnerability in HP products Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. | 8.8 |
2022-02-16 | CVE-2021-39300 | HP | Unspecified vulnerability in HP products Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. | 8.8 |
2022-02-16 | CVE-2021-39301 | HP | Unspecified vulnerability in HP products Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. | 8.8 |
2022-02-16 | CVE-2022-24663 | PHP Everywhere Project | Code Injection vulnerability in PHP Everywhere Project PHP Everywhere PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | 8.8 |
2022-02-16 | CVE-2022-24664 | PHP Everywhere Project | Code Injection vulnerability in PHP Everywhere Project PHP Everywhere PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | 8.8 |
2022-02-16 | CVE-2022-24665 | PHP Everywhere Project | Code Injection vulnerability in PHP Everywhere Project PHP Everywhere PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | 8.8 |
2022-02-16 | CVE-2021-26726 | Valmet | Use of Insufficiently Random Values vulnerability in Valmet DNA 2012/2021 A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | 8.8 |
2022-02-16 | CVE-2022-25241 | Filecloud | Cross-Site Request Forgery (CSRF) vulnerability in Filecloud In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF). | 8.8 |
2022-02-16 | CVE-2022-25242 | Filecloud | Cross-Site Request Forgery (CSRF) vulnerability in Filecloud In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). | 8.8 |
2022-02-16 | CVE-2022-0611 | Snipeitapp | Unspecified vulnerability in Snipeitapp Snipe-It Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | 8.8 |
2022-02-15 | CVE-2022-25173 | Jenkins | OS Command Injection vulnerability in Jenkins Pipeline: Groovy Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 |
2022-02-15 | CVE-2022-25174 | Jenkins | OS Command Injection vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 |
2022-02-15 | CVE-2022-25175 | Jenkins | OS Command Injection vulnerability in Jenkins Pipeline: Multibranch Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 |
2022-02-15 | CVE-2022-25181 | Jenkins | Unspecified vulnerability in Jenkins Pipeline:Shared Groovy Libraries A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | 8.8 |
2022-02-15 | CVE-2022-25182 | Jenkins | Unspecified vulnerability in Jenkins Pipeline:Shared Groovy Libraries A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | 8.8 |
2022-02-15 | CVE-2022-25183 | Jenkins | Unspecified vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | 8.8 |
2022-02-15 | CVE-2022-25192 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Snow Commander A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2022-02-15 | CVE-2022-25194 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Autonomiq A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25198 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCP Publisher 1.8 A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25199 | Jenkins | Missing Authorization vulnerability in Jenkins SCP Publisher 1.8 A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25200 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Checkmarx A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2022-02-15 | CVE-2022-25205 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Dbcharts 0.4/0.5.2 A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | 8.8 |
2022-02-15 | CVE-2022-25206 | Jenkins | Missing Authorization vulnerability in Jenkins Dbcharts 0.4/0.5.2 A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25207 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Chef Sinatra A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 |
2022-02-15 | CVE-2022-25208 | Jenkins | Missing Authorization vulnerability in Jenkins Chef Sinatra A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 |
2022-02-15 | CVE-2022-25209 | Jenkins | XXE vulnerability in Jenkins Chef Sinatra Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
2022-02-15 | CVE-2022-25211 | Jenkins | Missing Authorization vulnerability in Jenkins Swamp A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25212 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Swamp A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2021-41552 | Commscope | Command Injection vulnerability in Commscope products CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. | 8.8 |
2022-02-15 | CVE-2022-23384 | Yzmcms | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add | 8.8 |
2022-02-14 | CVE-2022-0580 | Librenms | Unspecified vulnerability in Librenms Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | 8.8 |
2022-02-14 | CVE-2019-16864 | Enterprisedt | Command Injection vulnerability in Enterprisedt Completeftp Server CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. | 8.8 |
2022-02-14 | CVE-2022-22854 | Hospital S Patient Records Management System Project | Missing Authorization vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | 8.8 |
2022-02-14 | CVE-2022-0190 | Acnam | Unspecified vulnerability in Acnam AD Invalid Click Protector The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | 8.8 |
2022-02-18 | CVE-2021-46037 | Mingsoft | Unspecified vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | 8.1 |
2022-02-18 | CVE-2020-25717 | Samba Debian Fedoraproject Redhat Canonical | Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. | 8.1 |
2022-02-16 | CVE-2022-23636 | Bytecodealliance | Unspecified vulnerability in Bytecodealliance Wasmtime Wasmtime is an open source runtime for WebAssembly & WASI. | 8.1 |
2022-02-15 | CVE-2022-23639 | Crossbeam Project | Unspecified vulnerability in Crossbeam Project Crossbeam crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. | 8.1 |
2022-02-20 | CVE-2022-25372 | Pritunl | Improper Privilege Management vulnerability in Pritunl Pritunl-Client-Electron Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | 7.8 |
2022-02-20 | CVE-2022-0685 | VIM Fedoraproject Debian Apple | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | 7.8 |
2022-02-19 | CVE-2022-0409 | Showdoc | Unspecified vulnerability in Showdoc Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. | 7.8 |
2022-02-19 | CVE-2022-25366 | Cryptomator | Untrusted Search Path vulnerability in Cryptomator Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. | 7.8 |
2022-02-19 | CVE-2022-25365 | Docker | Unspecified vulnerability in Docker Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. | 7.8 |
2022-02-19 | CVE-2021-45082 | Cobbler Project Suse Opensuse Fedoraproject | Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.8 |
2022-02-18 | CVE-2021-46562 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46563 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46564 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46565 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46566 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46567 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46568 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46569 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46570 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46571 | Bentley | Use After Free vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46572 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46573 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46574 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46575 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46576 | Bentley | Out-of-bounds Write vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46577 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46578 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46579 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46580 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46581 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46582 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46583 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46584 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46585 | Bentley | Out-of-bounds Write vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46586 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46587 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46588 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46590 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46591 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46592 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46597 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46598 | Bentley | Out-of-bounds Write vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46601 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46603 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46604 | Bentley | Out-of-bounds Write vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46605 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46606 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46609 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46612 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46613 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46614 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. | 7.8 |
2022-02-18 | CVE-2021-46617 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46619 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46621 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46622 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46625 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46626 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46627 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46631 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46633 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46634 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46635 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46636 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46638 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46639 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46640 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46641 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46643 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46644 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46645 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46646 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46647 | Bentley | Out-of-bounds Write vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46648 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 7.8 |
2022-02-18 | CVE-2021-46652 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46653 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46655 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2021-46656 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. | 7.8 |
2022-02-18 | CVE-2022-24048 | Mariadb Fedoraproject | MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. | 7.8 |
2022-02-18 | CVE-2022-24050 | Mariadb Fedoraproject | MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. | 7.8 |
2022-02-18 | CVE-2022-24051 | Mariadb Fedoraproject | MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. | 7.8 |
2022-02-18 | CVE-2022-24052 | Mariadb Fedoraproject | MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. | 7.8 |
2022-02-18 | CVE-2022-24056 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 7.8 |
2022-02-18 | CVE-2022-24057 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 7.8 |
2022-02-18 | CVE-2022-24058 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 7.8 |
2022-02-18 | CVE-2022-24059 | Santesoft | Out-of-bounds Write vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 7.8 |
2022-02-18 | CVE-2022-24062 | Santesoft | Use After Free vulnerability in Santesoft Dicom Viewer PRO This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. | 7.8 |
2022-02-18 | CVE-2022-24063 | Santesoft | Out-of-bounds Write vulnerability in Santesoft Dicom Viewer PRO This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. | 7.8 |
2022-02-18 | CVE-2022-24064 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.8 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. | 7.8 |
2022-02-18 | CVE-2021-44968 | Iobit | Use After Free vulnerability in Iobit Advanced Systemcare 15 A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). | 7.8 |
2022-02-18 | CVE-2022-0646 | Linux Netapp | Use After Free vulnerability in multiple products A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. | 7.8 |
2022-02-18 | CVE-2020-8107 | Bitdefender | Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. | 7.8 |
2022-02-17 | CVE-2021-44731 | Canonical Fedoraproject Debian | Race Condition vulnerability in multiple products A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. | 7.8 |
2022-02-17 | CVE-2021-4120 | Canonical Fedoraproject | Improper Input Validation vulnerability in multiple products snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. | 7.8 |
2022-02-17 | CVE-2021-46368 | Trigonesoft | Unquoted Search Path or Element vulnerability in Trigonesoft Remote System Monitor 3.61 TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. | 7.8 |
2022-02-17 | CVE-2022-0629 | VIM Fedoraproject Apple Debian | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-02-16 | CVE-2022-25265 | Linux Netapp | Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). | 7.8 |
2022-02-16 | CVE-2021-3560 | Polkit Project Debian Canonical Redhat | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. | 7.8 |
2022-02-16 | CVE-2021-3578 | Isync Project Fedoraproject Debian | Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. | 7.8 |
2022-02-16 | CVE-2021-3760 | Linux Fedoraproject Debian Netapp | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel. | 7.8 |
2022-02-16 | CVE-2022-25255 | QT | Unspecified vulnerability in QT In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | 7.8 |
2022-02-16 | CVE-2020-6917 | HP | Unspecified vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | 7.8 |
2022-02-16 | CVE-2020-6918 | HP | Unspecified vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | 7.8 |
2022-02-16 | CVE-2020-6919 | HP | Unspecified vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | 7.8 |
2022-02-16 | CVE-2020-6921 | HP | Unspecified vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | 7.8 |
2022-02-16 | CVE-2020-6922 | HP | Unspecified vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | 7.8 |
2022-02-16 | CVE-2021-21958 | Hancom | Out-of-bounds Write vulnerability in Hancom Office 2020 11.0.0.2353 A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. | 7.8 |
2022-02-16 | CVE-2021-22042 | Vmware | Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. | 7.8 |
2022-02-16 | CVE-2021-3551 | Dogtagpki Fedoraproject Oracle Redhat | Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. | 7.8 |
2022-02-16 | CVE-2021-4106 | Snowsoftware | Unspecified vulnerability in Snowsoftware Snow Inventory Java Scanner 1.0 A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. | 7.8 |
2022-02-16 | CVE-2022-22945 | Vmware | OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center VMware NSX Edge contains a CLI shell injection vulnerability. | 7.8 |
2022-02-16 | CVE-2022-23188 | Adobe | Unspecified vulnerability in Adobe Illustrator Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2022-02-16 | CVE-2022-23203 | Adobe | Unspecified vulnerability in Adobe Photoshop Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2022-02-16 | CVE-2022-23803 | Kicad Fedoraproject Debian | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. | 7.8 |
2022-02-16 | CVE-2022-23804 | Kicad Fedoraproject Debian | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. | 7.8 |
2022-02-15 | CVE-2021-42713 | Splashtop | Exposure of Resource to Wrong Sphere vulnerability in Splashtop 3.4.6.1 Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. | 7.8 |
2022-02-15 | CVE-2021-42714 | Splashtop | Exposure of Resource to Wrong Sphere vulnerability in Splashtop 3.4.8.3 Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | 7.8 |
2022-02-15 | CVE-2021-43050 | Tibco | Unspecified vulnerability in Tibco Businessconnect 1.1.0 The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. | 7.8 |
2022-02-15 | CVE-2021-42712 | Splashtop | Exposure of Resource to Wrong Sphere vulnerability in Splashtop Streamer 3.3.8.0 Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | 7.8 |
2022-02-15 | CVE-2021-43940 | Atlassian | Uncontrolled Search Path Element vulnerability in Atlassian Confluence Data Center Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. | 7.8 |
2022-02-14 | CVE-2022-23410 | Axis | Uncontrolled Search Path Element vulnerability in Axis IP Utility 4.17.0 AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. | 7.8 |
2022-02-14 | CVE-2022-25150 | Malwarebytes | Improper Privilege Management vulnerability in Malwarebytes Binisoft Windows Firewall Control In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | 7.8 |
2022-02-14 | CVE-2021-45444 | ZSH Fedoraproject Debian Apple | In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. | 7.8 |
2022-02-14 | CVE-2022-0572 | VIM Fedoraproject Debian Apple | Out-of-bounds Write vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-02-19 | CVE-2016-20013 | Sha256Crypt Project Sha512Crypt Project | Allocation of Resources Without Limits or Throttling vulnerability in multiple products sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. | 7.5 |
2022-02-19 | CVE-2022-24980 | Kitodo | Server-Side Request Forgery (SSRF) vulnerability in Kitodo Kitodo.Presentation 3.1.2 An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. | 7.5 |
2022-02-18 | CVE-2017-0371 | Mediawiki | Unspecified vulnerability in Mediawiki MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. | 7.5 |
2022-02-18 | CVE-2022-23228 | Pexip | Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity Pexip Infinity before 27.0 has improper WebRTC input validation. | 7.5 |
2022-02-18 | CVE-2021-46082 | Moxa | Memory Leak vulnerability in Moxa products Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. | 7.5 |
2022-02-18 | CVE-2021-38935 | IBM | Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2 IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
2022-02-18 | CVE-2021-4091 | Port389 Redhat | Double Free vulnerability in multiple products A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. | 7.5 |
2022-02-18 | CVE-2022-0138 | Airspan | Deserialization of Untrusted Data vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created. | 7.5 |
2022-02-18 | CVE-2022-21176 | Airspan | SQL Injection vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information. | 7.5 |
2022-02-18 | CVE-2022-23982 | Quadlayers | Information Exposure vulnerability in Quadlayers Perfect Brands for Woocommerce The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | 7.5 |
2022-02-18 | CVE-2022-25335 | Rigoblock | Incorrect Authorization vulnerability in Rigoblock Drago RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. | 7.5 |
2022-02-18 | CVE-2022-0666 | Microweber | Unspecified vulnerability in Microweber CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | 7.5 |
2022-02-18 | CVE-2022-25298 | Webcc Project | Path Traversal vulnerability in Webcc Project Webcc 0.2.0 This affects the package sprinfall/webcc before 0.3.0. | 7.5 |
2022-02-18 | CVE-2022-25299 | Cesanta | Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose This affects the package cesanta/mongoose before 7.6. | 7.5 |
2022-02-18 | CVE-2022-0660 | Microweber | Unspecified vulnerability in Microweber Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | 7.5 |
2022-02-18 | CVE-2022-25314 | Libexpat Project Debian Fedoraproject Oracle Siemens | Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | 7.5 |
2022-02-17 | CVE-2022-22914 | Ovidentia | Path Traversal vulnerability in Ovidentia 6.0.0 An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. | 7.5 |
2022-02-17 | CVE-2022-23646 | Vercel | Unspecified vulnerability in Vercel Next.Js Next.js is a React framework. | 7.5 |
2022-02-17 | CVE-2021-46247 | Asus | Use of Hard-coded Credentials vulnerability in Asus Cmax6000 Firmware 1.02.00 The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | 7.5 |
2022-02-17 | CVE-2021-39034 | IBM | Unspecified vulnerability in IBM MQ IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. | 7.5 |
2022-02-17 | CVE-2022-24683 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | 7.5 |
2022-02-17 | CVE-2022-20653 | Cisco | Unspecified vulnerability in Cisco Asyncos A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
2022-02-17 | CVE-2022-20750 | Cisco | Improper Input Validation vulnerability in Cisco Redundancy Configuration Manager A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. | 7.5 |
2022-02-17 | CVE-2022-23632 | Traefik Oracle | Traefik is an HTTP reverse proxy and load balancer. | 7.5 |
2022-02-16 | CVE-2022-25271 | Drupal Fedoraproject | Improper Input Validation vulnerability in multiple products Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 7.5 |
2022-02-16 | CVE-2022-24983 | Jqueryform | Path Traversal vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. | 7.5 |
2022-02-16 | CVE-2021-22043 | Vmware | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi and Fusion VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. | 7.5 |
2022-02-16 | CVE-2021-22050 | Vmware | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7 ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. | 7.5 |
2022-02-16 | CVE-2022-0513 | Veronalabs | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. | 7.5 |
2022-02-16 | CVE-2022-22792 | Mobisoft Mobiplus Project | Unspecified vulnerability in Mobisoft - Mobiplus Project Mobisoft - Mobiplus MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. | 7.5 |
2022-02-16 | CVE-2021-45391 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. | 7.5 |
2022-02-15 | CVE-2021-35380 | Solari | Path Traversal vulnerability in Solari Termtalk Server 3.24.0.2 A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore). | 7.5 |
2022-02-15 | CVE-2022-21698 | Prometheus Fedoraproject RDO Project | Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. | 7.5 |
2022-02-15 | CVE-2022-24226 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | 7.5 |
2022-02-15 | CVE-2021-43734 | Keking | Path Traversal vulnerability in Keking Kkfileview 4.0.0 kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. | 7.5 |
2022-02-15 | CVE-2022-23317 | Helpsystems | Improper Authentication vulnerability in Helpsystems Cobalt Strike CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | 7.5 |
2022-02-14 | CVE-2021-46462 | F5 | Unspecified vulnerability in F5 NJS njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | 7.5 |
2022-02-14 | CVE-2022-0581 | Wireshark Fedoraproject Debian | Use After Free vulnerability in multiple products Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | 7.5 |
2022-02-14 | CVE-2022-0583 | Wireshark Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | 7.5 |
2022-02-14 | CVE-2022-0586 | Wireshark Fedoraproject Debian | Infinite Loop vulnerability in multiple products Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | 7.5 |
2022-02-14 | CVE-2019-25057 | R3 | Unspecified vulnerability in R3 Corda 4.0 In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. | 7.5 |
2022-02-14 | CVE-2021-45348 | Attendance Management System Project | Unspecified vulnerability in Attendance Management System Project Attendance Management System 1.0 An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). | 7.5 |
2022-02-14 | CVE-2021-45347 | Zzcms | Improper Authentication vulnerability in Zzcms 8.2 An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | 7.5 |
2022-02-14 | CVE-2021-45392 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. | 7.5 |
2022-02-14 | CVE-2021-46371 | Antd Admin Project | Missing Authentication for Critical Function vulnerability in Antd-Admin Project Antd-Admin 5.5.0 antd-admin 5.5.0 is affected by an incorrect access control vulnerability. | 7.5 |
2022-02-14 | CVE-2021-45421 | Emerson | Information Exposure vulnerability in Emerson Dixell Xweb-500 Firmware Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. | 7.5 |
2022-02-14 | CVE-2022-0214 | Custom Popup Builder Project | Improper Validation of Specified Quantity in Input vulnerability in Custom Popup Builder Project Custom Popup Builder The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog | 7.5 |
2022-02-18 | CVE-2021-20322 | Linux Fedoraproject Debian Netapp Oracle | Use of Insufficiently Random Values vulnerability in multiple products A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. | 7.4 |
2022-02-18 | CVE-2020-25719 | Samba Debian Fedoraproject Canonical Redhat | Race Condition vulnerability in multiple products A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. | 7.2 |
2022-02-18 | CVE-2020-8242 | Expressionengine | SQL Injection vulnerability in Expressionengine Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. | 7.2 |
2022-02-15 | CVE-2022-23604 | X26 Cogs Project | Unspecified vulnerability in X26-Cogs Project X26-Cogs x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. | 7.2 |
2022-02-20 | CVE-2021-45083 | Cobbler Project Fedoraproject | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.1 |
2022-02-19 | CVE-2022-0630 | Mruby | Unspecified vulnerability in Mruby Out-of-bounds Read in Homebrew mruby prior to 3.2. | 7.1 |
2022-02-18 | CVE-2021-46062 | Mingsoft | Unspecified vulnerability in Mingsoft Mcms 5.2.5 MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | 7.1 |
2022-02-18 | CVE-2021-4090 | Linux Netapp | Out-of-bounds Write vulnerability in multiple products An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. | 7.1 |
2022-02-17 | CVE-2022-23318 | Pcf2Bdf Project | Out-of-bounds Write vulnerability in Pcf2Bdf Project Pcf2Bdf 1.04/1.05 A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. | 7.1 |
2022-02-16 | CVE-2021-3752 | Linux Redhat Fedoraproject Netapp Debian Oracle | Race Condition vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. | 7.1 |
2022-02-16 | CVE-2022-23202 | Adobe | Unspecified vulnerability in Adobe Creative Cloud Desktop Application 2.4/2.5/2.7.0.13 Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. | 7.0 |
187 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-16 | CVE-2021-22040 | Vmware | Use After Free vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. | 6.7 |
2022-02-16 | CVE-2021-22041 | Vmware | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. | 6.7 |
2022-02-20 | CVE-2021-46701 | Premid | Origin Validation Error vulnerability in Premid 2.2.0 PreMiD 2.2.0 allows unintended access via the websocket transport. | 6.5 |
2022-02-20 | CVE-2021-45007 | Plesk | Cross-Site Request Forgery (CSRF) vulnerability in Plesk 18.0.37 Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. | 6.5 |
2022-02-19 | CVE-2021-46700 | Libsixel Project | Double Free vulnerability in Libsixel Project Libsixel 1.8.6 In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. | 6.5 |
2022-02-18 | CVE-2021-40841 | Liveconfig | Path Traversal vulnerability in Liveconfig A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server. | 6.5 |
2022-02-18 | CVE-2022-24368 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. | 6.5 |
2022-02-18 | CVE-2022-24370 | Foxit | Unspecified vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. | 6.5 |
2022-02-18 | CVE-2021-3930 | Qemu Redhat Debian | Off-by-one Error vulnerability in multiple products An off-by-one error was found in the SCSI device emulation in QEMU. | 6.5 |
2022-02-18 | CVE-2022-0585 | Wireshark Fedoraproject Debian | Excessive Iteration vulnerability in multiple products Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file | 6.5 |
2022-02-18 | CVE-2022-0673 | Eclipse | Path Traversal vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 6.5 |
2022-02-18 | CVE-2022-21800 | Airspan | Inadequate Encryption Strength vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. | 6.5 |
2022-02-18 | CVE-2022-0451 | Dart | Incorrect Authorization vulnerability in Dart Software Development KIT Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. | 6.5 |
2022-02-18 | CVE-2022-25313 | Libexpat Project Debian Fedoraproject Oracle Siemens | Uncontrolled Recursion vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 6.5 |
2022-02-17 | CVE-2022-0633 | Updraftplus | Incorrect Authorization vulnerability in Updraftplus The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup. | 6.5 |
2022-02-17 | CVE-2022-25270 | Drupal | Incorrect Authorization vulnerability in Drupal The Quick Edit module does not properly check entity access in some circumstances. | 6.5 |
2022-02-16 | CVE-2022-24982 | Jqueryform | Insufficiently Protected Credentials vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. | 6.5 |
2022-02-16 | CVE-2019-4291 | IBM | Inadequate Encryption Strength vulnerability in IBM Maximo Anywhere 7.6.4.0 IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. | 6.5 |
2022-02-16 | CVE-2021-3557 | Argoproj Redhat | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in argocd. | 6.5 |
2022-02-16 | CVE-2022-0613 | URI JS Project Fedoraproject | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | 6.5 |
2022-02-15 | CVE-2021-46249 | Scratchoauth2 Project | Authorization Bypass Through User-Controlled Key vulnerability in Scratchoauth2 Project Scratchoauth2 An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps. | 6.5 |
2022-02-15 | CVE-2021-46252 | Scratch Wiki | Cross-Site Request Forgery (CSRF) vulnerability in Scratch-Wiki Scratch Confirmaccount V3 A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. | 6.5 |
2022-02-15 | CVE-2022-23643 | Sourcegraph | Information Exposure Through Discrepancy vulnerability in Sourcegraph Sourcegraph is a code search and navigation engine. | 6.5 |
2022-02-15 | CVE-2022-23641 | Discourse | Infinite Loop vulnerability in Discourse Discourse is an open source discussion platform. | 6.5 |
2022-02-15 | CVE-2022-25176 | Jenkins | Link Following vulnerability in Jenkins Pipeline: Groovy Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 |
2022-02-15 | CVE-2022-25177 | Jenkins | Link Following vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 |
2022-02-15 | CVE-2022-25178 | Jenkins | Path Traversal vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 |
2022-02-15 | CVE-2022-25179 | Jenkins | Link Following vulnerability in Jenkins Pipeline: Multibranch Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 |
2022-02-15 | CVE-2022-25184 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Pipeline: Build Step Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | 6.5 |
2022-02-15 | CVE-2022-25186 | Jenkins | Unspecified vulnerability in Jenkins Hashicorp Vault Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. | 6.5 |
2022-02-15 | CVE-2022-25187 | Jenkins | Improper Cross-boundary Removal of Sensitive Data vulnerability in Jenkins Support Core Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | 6.5 |
2022-02-15 | CVE-2022-25193 | Jenkins | Missing Authorization vulnerability in Jenkins Snow Commander Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-02-15 | CVE-2022-25197 | Jenkins | Unspecified vulnerability in Jenkins Hashicorp Vault Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | 6.5 |
2022-02-15 | CVE-2022-25201 | Jenkins | Missing Authorization vulnerability in Jenkins Checkmarx Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-02-15 | CVE-2022-25210 | Jenkins | Improper Synchronization vulnerability in Jenkins Convertigo Mobile Platform 1.0/1.1 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | 6.5 |
2022-02-15 | CVE-2021-44960 | Svgpp | NULL Pointer Dereference vulnerability in Svgpp 1.3.0 In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function. | 6.5 |
2022-02-15 | CVE-2022-24684 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. | 6.5 |
2022-02-15 | CVE-2022-0587 | Librenms | Unspecified vulnerability in Librenms Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | 6.5 |
2022-02-15 | CVE-2022-0588 | Librenms | Unspecified vulnerability in Librenms Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | 6.5 |
2022-02-15 | CVE-2021-43941 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. | 6.5 |
2022-02-14 | CVE-2022-0579 | Snipeitapp | Unspecified vulnerability in Snipeitapp Snipe-It Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | 6.5 |
2022-02-14 | CVE-2021-39080 | IBM | Unspecified vulnerability in IBM Cognos Analytics Mobile Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. | 6.5 |
2022-02-14 | CVE-2022-24110 | Accellion | Unspecified vulnerability in Accellion Managed File Transfer Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. | 6.5 |
2022-02-14 | CVE-2021-25115 | WP Photo Album Plus Project | Unspecified vulnerability in WP Photo Album Plus Project WP Photo Album Plus The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). | 6.4 |
2022-02-14 | CVE-2022-0565 | Pimcore | Unspecified vulnerability in Pimcore Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. | 6.4 |
2022-02-18 | CVE-2021-3948 | Konveyor Redhat | Incorrect Default Permissions vulnerability in multiple products An incorrect default permissions vulnerability was found in the mig-controller. | 6.3 |
2022-02-20 | CVE-2022-22126 | Nasa | Unspecified vulnerability in Nasa Openmct Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. | 6.1 |
2022-02-20 | CVE-2022-23053 | Nasa | Unspecified vulnerability in Nasa Openmct Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. | 6.1 |
2022-02-20 | CVE-2022-23054 | Nasa | Unspecified vulnerability in Nasa Openmct Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. | 6.1 |
2022-02-19 | CVE-2022-0690 | Microweber | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | 6.1 |
2022-02-19 | CVE-2022-23376 | Wikidocs | Cross-site Scripting vulnerability in Wikidocs 0.1.18 WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. | 6.1 |
2022-02-19 | CVE-2022-0678 | Microweber | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | 6.1 |
2022-02-19 | CVE-2022-25256 | SAS | Cross-site Scripting vulnerability in SAS web Report Studio 4.4 SAS Web Report Studio 4.4 allows XSS. | 6.1 |
2022-02-18 | CVE-2021-20315 | Gnome Centos | Improper Locking vulnerability in multiple products A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. | 6.1 |
2022-02-18 | CVE-2021-30650 | Broadcom | Cross-site Scripting vulnerability in Broadcom Layer7 API Management Oauth Toolkit 4.4 A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. | 6.1 |
2022-02-18 | CVE-2022-25323 | Zerof | Cross-site Scripting vulnerability in Zerof web Server 2.0 ZEROF Web Server 2.0 allows /admin.back XSS. | 6.1 |
2022-02-18 | CVE-2022-23647 | Prismjs | Unspecified vulnerability in Prismjs Prism Prism is a syntax highlighting library. | 6.1 |
2022-02-18 | CVE-2022-25317 | Cerebrate Project | Cross-site Scripting vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 6.1 |
2022-02-18 | CVE-2022-25321 | Cerebrate Project | Cross-site Scripting vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 6.1 |
2022-02-17 | CVE-2014-8597 | PHP Fusion | Cross-site Scripting vulnerability in PHP-Fusion PHPfusion 7.02.07 A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | 6.1 |
2022-02-17 | CVE-2022-20659 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
2022-02-16 | CVE-2022-24981 | Jqueryform | Cross-site Scripting vulnerability in Jqueryform A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php. | 6.1 |
2022-02-15 | CVE-2021-46251 | Scratchoauth2 Project | Cross-site Scripting vulnerability in Scratchoauth2 Project Scratchoauth2 A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 6.1 |
2022-02-15 | CVE-2022-24589 | Burden Project | Cross-site Scripting vulnerability in Burden Project Burden 3.0 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. | 6.1 |
2022-02-15 | CVE-2022-24227 | Boltwire | Cross-site Scripting vulnerability in Boltwire 7.10/8.00 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | 6.1 |
2022-02-15 | CVE-2022-0597 | Microweber | Unspecified vulnerability in Microweber Open Redirect in Packagist microweber/microweber prior to 1.2.11. | 6.1 |
2022-02-14 | CVE-2022-23391 | Pybbs Project | Cross-site Scripting vulnerability in Pybbs Project Pybbs 6.0 A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | 6.1 |
2022-02-14 | CVE-2022-23638 | SVG Sanitizer Project | Unspecified vulnerability in Svg-Sanitizer Project Svg-Sanitizer svg-sanitizer is a SVG/XML sanitizer written in PHP. | 6.1 |
2022-02-14 | CVE-2021-43106 | Compassplus | Improper Encoding or Escaping of Output vulnerability in Compassplus products A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. | 6.1 |
2022-02-14 | CVE-2022-23367 | Fulusso Project | Cross-site Scripting vulnerability in Fulusso Project Fulusso 1.1 Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. | 6.1 |
2022-02-14 | CVE-2021-24874 | Brevo | Unspecified vulnerability in Brevo Newsletter, Smtp, Email Marketing and Subscribe The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | 6.1 |
2022-02-14 | CVE-2021-25033 | Noptin | Unspecified vulnerability in Noptin The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | 6.1 |
2022-02-14 | CVE-2021-25107 | Accesspressthemes | Unspecified vulnerability in Accesspressthemes Form Store to DB The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | 6.1 |
2022-02-14 | CVE-2022-0176 | Wpbeaveraddons | Unspecified vulnerability in Wpbeaveraddons Powerpack Lite for Beaver Builder The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-14 | CVE-2022-0193 | Really Simple Plugins | Unspecified vulnerability in Really-Simple-Plugins Complianz The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-14 | CVE-2022-0201 | Permalink Manager Lite Project Permalink Manager Project | The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-02-14 | CVE-2022-0206 | Newstatpress Project | Unspecified vulnerability in Newstatpress Project Newstatpress The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | 6.1 |
2022-02-14 | CVE-2022-0208 | Mappresspro | Unspecified vulnerability in Mappresspro Mappress The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-02-14 | CVE-2022-0212 | 10Web | Unspecified vulnerability in 10Web Spidercalendar The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. | 6.1 |
2022-02-14 | CVE-2022-0571 | Phoronix Media Fedoraproject | Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. | 6.1 |
2022-02-14 | CVE-2022-0576 | Librenms | Unspecified vulnerability in Librenms Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | 6.1 |
2022-02-20 | CVE-2021-45081 | Cobbler Project | Cleartext Transmission of Sensitive Information vulnerability in Cobbler Project Cobbler An issue was discovered in Cobbler through 3.3.1. | 5.9 |
2022-02-18 | CVE-2016-2124 | Samba Debian Fedoraproject Redhat Canonical | Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. | 5.9 |
2022-02-18 | CVE-2021-39026 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Guardium Data Encryption 5.0.0.2/5.0.0.3 IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2022-02-14 | CVE-2022-24686 | Hashicorp | Race Condition vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. | 5.9 |
2022-02-20 | CVE-2022-25375 | Linux Debian | Improper Validation of Specified Quantity in Input vulnerability in multiple products An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. | 5.5 |
2022-02-19 | CVE-2022-0632 | Mruby | Unspecified vulnerability in Mruby NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 5.5 |
2022-02-18 | CVE-2022-23645 | Swtpm Project Redhat Fedoraproject | swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. | 5.5 |
2022-02-18 | CVE-2021-46589 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46593 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46594 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46595 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46596 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46610 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46611 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46615 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46616 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46618 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46620 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46623 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46624 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46628 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46629 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46630 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46632 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46637 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46642 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2021-46649 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46650 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46651 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 5.5 |
2022-02-18 | CVE-2021-46654 | Bentley | Unspecified vulnerability in Bentley Microstation and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. | 5.5 |
2022-02-18 | CVE-2022-24055 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 5.5 |
2022-02-18 | CVE-2022-24060 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 5.5 |
2022-02-18 | CVE-2022-24061 | Santesoft | Unspecified vulnerability in Santesoft Dicom Viewer PRO 11.8.7 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. | 5.5 |
2022-02-18 | CVE-2021-20320 | Linux Fedoraproject Redhat | A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. | 5.5 |
2022-02-18 | CVE-2021-3947 | Qemu | Out-of-bounds Read vulnerability in Qemu 6.0.0/6.1.0/6.2.0 A stack-buffer-overflow was found in QEMU in the NVME component. | 5.5 |
2022-02-18 | CVE-2022-0672 | Eclipse | Information Exposure vulnerability in Eclipse Lemminx A flaw was found in LemMinX in versions prior to 0.19.0. | 5.5 |
2022-02-17 | CVE-2021-3155 | Canonical | Incorrect Default Permissions vulnerability in Canonical Snapd snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. | 5.5 |
2022-02-17 | CVE-2022-23319 | Pcf2Bdf Project | Improper Validation of Specified Quantity in Input vulnerability in Pcf2Bdf Project Pcf2Bdf 1.04/1.05 A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. | 5.5 |
2022-02-17 | CVE-2022-22899 | Coreftp | Out-of-bounds Write vulnerability in Coreftp Core FTP 2.0 Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service. | 5.5 |
2022-02-17 | CVE-2022-22901 | Jerryscript | Reachable Assertion vulnerability in Jerryscript There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. | 5.5 |
2022-02-16 | CVE-2020-6920 | HP | Unspecified vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | 5.5 |
2022-02-16 | CVE-2022-0617 | Linux Debian | NULL Pointer Dereference vulnerability in multiple products A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. | 5.5 |
2022-02-16 | CVE-2022-0614 | Mruby | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mruby Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. | 5.5 |
2022-02-14 | CVE-2021-44879 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | 5.5 |
2022-02-18 | CVE-2021-40840 | Liveconfig | Cross-site Scripting vulnerability in Liveconfig 2.12.2 A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2. | 5.4 |
2022-02-18 | CVE-2021-46372 | Erudika | Cross-site Scripting vulnerability in Erudika Scoold 1.47.2 Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. | 5.4 |
2022-02-18 | CVE-2021-46108 | Dlink | Cross-site Scripting vulnerability in Dlink Dsl-2730E Firmware Ct20131125 D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | 5.4 |
2022-02-16 | CVE-2022-22853 | Hospital S Patient Records Management System Project | Cross-site Scripting vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field. | 5.4 |
2022-02-16 | CVE-2022-0612 | Livehelperchat | Unspecified vulnerability in Livehelperchat Live Helper Chat Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | 5.4 |
2022-02-15 | CVE-2022-25185 | Jenkins | Cross-site Scripting vulnerability in Jenkins Generic Webhook Trigger Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-02-15 | CVE-2022-25189 | Jenkins | Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter 1.0/1.1 Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-02-15 | CVE-2022-25191 | Jenkins | Cross-site Scripting vulnerability in Jenkins Agent Server Parameter 1.0 Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-02-15 | CVE-2022-25196 | Jenkins | Open Redirect vulnerability in Jenkins Gitlab Authentication Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | 5.4 |
2022-02-15 | CVE-2022-25203 | Jenkins | Cross-site Scripting vulnerability in Jenkins Team Views 0.9.0 Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | 5.4 |
2022-02-15 | CVE-2022-25204 | Jenkins | Unspecified vulnerability in Jenkins Doktor Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | 5.4 |
2022-02-15 | CVE-2022-24585 | Pluxml | Cross-site Scripting vulnerability in Pluxml 5.8.7 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | 5.4 |
2022-02-15 | CVE-2022-24587 | Pluxml | Cross-site Scripting vulnerability in Pluxml 5.8.7 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | 5.4 |
2022-02-15 | CVE-2022-24588 | Flatpress | Cross-site Scripting vulnerability in Flatpress 1.2.1 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | 5.4 |
2022-02-15 | CVE-2022-24590 | Backdropcms | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.21.1 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | 5.4 |
2022-02-15 | CVE-2022-24586 | Pluxml | Cross-site Scripting vulnerability in Pluxml 5.8.7 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | 5.4 |
2022-02-15 | CVE-2021-46557 | Vicidial | Cross-site Scripting vulnerability in Vicidial 2.14783A Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. | 5.4 |
2022-02-15 | CVE-2021-46558 | Issabel | Cross-site Scripting vulnerability in Issabel PBX 20200102 Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | 5.4 |
2022-02-15 | CVE-2022-0589 | Librenms | Unspecified vulnerability in Librenms Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | 5.4 |
2022-02-14 | CVE-2022-23637 | K Link | Cross-site Scripting vulnerability in K-Link K-Box K-Box is a web-based application to manage documents, images, videos and geodata. | 5.4 |
2022-02-14 | CVE-2021-39079 | IBM | Cross-site Scripting vulnerability in IBM Cognos Analytics Mobile IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. | 5.4 |
2022-02-14 | CVE-2021-24446 | Wpchill | Unspecified vulnerability in Wpchill Remove Footer Credit The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation | 5.4 |
2022-02-14 | CVE-2021-25018 | Najeebmedia | Unspecified vulnerability in Najeebmedia Ppom for Woocommerce The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. | 5.4 |
2022-02-14 | CVE-2022-0200 | Themify | Unspecified vulnerability in Themify Portfolio Post 1.1.6 Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting | 5.4 |
2022-02-14 | CVE-2022-0575 | Librenms | Unspecified vulnerability in Librenms Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | 5.4 |
2022-02-19 | CVE-2022-0689 | Microweber | Unspecified vulnerability in Microweber Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | 5.3 |
2022-02-19 | CVE-2022-24979 | Mittwald | Authorization Bypass Through User-Controlled Key vulnerability in Mittwald Varnishcache An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. | 5.3 |
2022-02-18 | CVE-2022-25358 | Awful Salmonella TAR Project | Path Traversal vulnerability in Awful-Salmonella-Tar Project Awful-Salmonella-Tar 0.0.2/0.0.3 A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. | 5.3 |
2022-02-18 | CVE-2022-25336 | Ibexa | Authorization Bypass Through User-Controlled Key vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | 5.3 |
2022-02-18 | CVE-2022-25319 | Cerebrate Project | Unspecified vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 5.3 |
2022-02-18 | CVE-2022-25320 | Cerebrate Project | Unspecified vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 5.3 |
2022-02-17 | CVE-2022-0639 | URL Parse Project | Unspecified vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | 5.3 |
2022-02-17 | CVE-2022-24953 | Pear | Argument Injection or Modification vulnerability in Pear Crypt GPG The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. | 5.3 |
2022-02-17 | CVE-2022-0622 | Snipeitapp | Unspecified vulnerability in Snipeitapp Snipe-It Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | 5.3 |
2022-02-16 | CVE-2021-21966 | TI | Use of Uninitialized Resource vulnerability in TI products An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. | 5.3 |
2022-02-14 | CVE-2021-45310 | Sangoma | Information Exposure vulnerability in Sangoma Switchvox 102409 Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. | 5.3 |
2022-02-14 | CVE-2022-0512 | URL Parse Project | Unspecified vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | 5.3 |
2022-02-14 | CVE-2022-0188 | Niteothemes | Missing Authentication for Critical Function vulnerability in Niteothemes CMP The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout. | 5.3 |
2022-02-20 | CVE-2022-0688 | Microweber | Unspecified vulnerability in Microweber Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. | 4.9 |
2022-02-16 | CVE-2021-4134 | Radykal | SQL Injection vulnerability in Radykal Fancy Product Designer The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4. | 4.9 |
2022-02-15 | CVE-2022-25202 | Jenkins | Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) 1.7/1.8/1.9 Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 |
2022-02-14 | CVE-2021-24904 | Lenderd | Unspecified vulnerability in Lenderd Mortgage Calculators WP The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-02-14 | CVE-2021-25050 | Wpchill | Unspecified vulnerability in Wpchill Remove Footer Credit The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 4.8 |
2022-02-18 | CVE-2021-20321 | Linux Redhat Debian | Race Condition vulnerability in multiple products A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. | 4.7 |
2022-02-16 | CVE-2021-3753 | Linux Redhat Netapp | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). | 4.7 |
2022-02-16 | CVE-2022-25258 | Linux Fedoraproject Debian Netapp | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. | 4.6 |
2022-02-16 | CVE-2019-4351 | IBM | Unspecified vulnerability in IBM Maximo Anywhere 7.6.4.0 IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. | 4.6 |
2022-02-18 | CVE-2022-23981 | Quadlayers | Unspecified vulnerability in Quadlayers Perfect Brands for Woocommerce The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | 4.3 |
2022-02-18 | CVE-2022-25318 | Cerebrate Project | Incorrect Authorization vulnerability in Cerebrate-Project Cerebrate An issue was discovered in Cerebrate through 1.4. | 4.3 |
2022-02-17 | CVE-2022-0638 | Microweber | Unspecified vulnerability in Microweber Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | 4.3 |
2022-02-15 | CVE-2022-25180 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Pipeline: Groovy Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | 4.3 |
2022-02-15 | CVE-2022-25188 | Jenkins | Path Traversal vulnerability in Jenkins Fortify Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker. | 4.3 |
2022-02-15 | CVE-2022-25190 | Jenkins | Missing Authorization vulnerability in Jenkins Conjur Secrets A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2022-02-15 | CVE-2022-25195 | Jenkins | Missing Authorization vulnerability in Jenkins Autonomiq A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2022-02-15 | CVE-2022-0596 | Microweber | Unspecified vulnerability in Microweber Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11. | 4.3 |
2022-02-15 | CVE-2021-43948 | Atlassian | Unspecified vulnerability in Atlassian Jira Service Management Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. | 4.3 |
2022-02-15 | CVE-2021-43950 | Atlassian | Unspecified vulnerability in Atlassian Jira Service Management Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. | 4.3 |
2022-02-15 | CVE-2021-43953 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. | 4.3 |
2022-02-15 | CVE-2021-43952 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. | 4.3 |
2022-02-14 | CVE-2021-45346 | Sqlite Netapp | Memory Leak vulnerability in multiple products A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. | 4.3 |
2022-02-14 | CVE-2021-25110 | Futuriowp | Unspecified vulnerability in Futuriowp Futurio Extra The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address. | 4.3 |
2022-02-14 | CVE-2022-0569 | Snipeitapp | Unspecified vulnerability in Snipeitapp Snipe-It Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-02-14 | CVE-2021-25014 | Vowelweb | Unspecified vulnerability in Vowelweb Ibtana The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue. | 3.5 |
2022-02-18 | CVE-2022-23649 | Sigstore | Unspecified vulnerability in Sigstore Cosign Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. | 3.3 |
2022-02-18 | CVE-2021-46599 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 3.3 |
2022-02-18 | CVE-2021-46600 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 3.3 |
2022-02-18 | CVE-2021-46602 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 3.3 |
2022-02-18 | CVE-2021-46607 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 3.3 |
2022-02-18 | CVE-2021-46608 | Bentley | Unspecified vulnerability in Bentley Microstation, Microstation Connect and View This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. | 3.3 |
2022-02-14 | CVE-2021-25109 | Futuriowp | SQL Injection vulnerability in Futuriowp Futurio Extra The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | 2.7 |
2022-02-16 | CVE-2019-4352 | IBM | Unspecified vulnerability in IBM Maximo Anywhere 7.6.4.0 IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. | 2.4 |