Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24328 | 1 Jetbrains | 1 Hub | 2022-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | |||||
| CVE-2021-38994 | 1 Ibm | 2 Aix, Vios | 2022-03-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072. | |||||
| CVE-2021-38995 | 1 Ibm | 2 Aix, Vios | 2022-03-03 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073. | |||||
| CVE-2022-25401 | 1 Cuppacms | 1 Cuppacms | 2022-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | |||||
| CVE-2022-25101 | 1 Wbce | 1 Wbce Cms | 2022-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-25099 | 1 Wbce | 1 Wbce Cms | 2022-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-44663 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | |||||
| CVE-2022-25098 | 1 Ectouch | 1 Ectouch | 2022-03-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. | |||||
| CVE-2021-35689 | 1 Oracle | 1 Talent Acquisition Cloud | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle. | |||||
| CVE-2022-0654 | 1 Node-request-retry Project | 1 Node-request-retry | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. | |||||
| CVE-2022-0721 | 1 Microweber | 1 Microweber | 2022-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2021-27796 | 1 Broadcom | 1 Fabric Operating System | 2022-03-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries. | |||||
| CVE-2021-41842 | 1 Insyde | 1 Insydeh2o | 2022-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. | |||||
| CVE-2011-2001 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." | |||||
| CVE-2016-1239 | 1 Debian | 1 Duck | 2022-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| duck before 0.10 did not properly handle loading of untrusted code from the current directory. | |||||
| CVE-2022-21988 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability. | |||||
| CVE-2007-5276 | 1 Opera | 1 Opera Browser | 2022-03-01 | 4.3 MEDIUM | N/A |
| Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80. | |||||
| CVE-2011-2000 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." | |||||
| CVE-2011-1999 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." | |||||
| CVE-2021-37994 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||