Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43464 | 1 Intelliants | 1 Subrion Cms | 2022-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). | |||||
| CVE-2018-20031 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2018-20034 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2019-0757 | 4 Apple, Microsoft, Mono-project and 1 more | 10 Macos, .net Core, .net Core Sdk and 7 more | 2022-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. | |||||
| CVE-2018-20032 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2021-43478 | 1 Hoosk | 1 Hoosk | 2022-04-11 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. | |||||
| CVE-2022-1189 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | |||||
| CVE-2020-6396 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0709 | 1 Saasproject | 1 Booking Package | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. | |||||
| CVE-2021-27223 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2022-04-11 | 2.1 LOW | 5.5 MEDIUM |
| A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS | |||||
| CVE-2021-30065 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401. | |||||
| CVE-2021-30063 | 2 Belden, Schneider-electric | 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | |||||
| CVE-2021-30062 | 2 Belden, Schneider-electric | 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | |||||
| CVE-2021-30061 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2022-04-08 | 7.2 HIGH | 6.8 MEDIUM |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | |||||
| CVE-2021-27501 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | |||||
| CVE-2022-27534 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | |||||
| CVE-2022-27049 | 1 Raidrive | 1 Raidrive | 2022-04-08 | 1.9 LOW | 2.0 LOW |
| Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. | |||||
| CVE-2021-23331 | 1 Squareup | 1 Connect Java Software Development Kit | 2022-04-08 | 2.1 LOW | 3.3 LOW |
| This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version. | |||||
| CVE-2016-5335 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2022-04-08 | 7.2 HIGH | 7.8 HIGH |
| VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. | |||||
| CVE-2017-5101 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2022-04-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | |||||