Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2240 | 1 Emarketdesign | 1 Request A Quote | 2022-07-29 | N/A | 8.8 HIGH |
| The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it | |||||
| CVE-2021-21952 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges. | |||||
| CVE-2022-2299 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2022-07-29 | N/A | 5.4 MEDIUM |
| The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||
| CVE-2021-21954 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 9.0 HIGH | 9.9 CRITICAL |
| A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. | |||||
| CVE-2021-21951 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 10.0 HIGH | 10.0 CRITICAL |
| An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. | |||||
| CVE-2021-33454 | 1 Tortall | 1 Yasm | 2022-07-29 | N/A | 5.5 MEDIUM |
| An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. | |||||
| CVE-2021-33456 | 1 Tortall | 1 Yasm | 2022-07-29 | N/A | 5.5 MEDIUM |
| An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c. | |||||
| CVE-2021-33455 | 1 Tortall | 1 Yasm | 2022-07-29 | N/A | 5.5 MEDIUM |
| An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. | |||||
| CVE-2021-21950 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 10.0 HIGH | 10.0 CRITICAL |
| An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution. | |||||
| CVE-2021-21941 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 6.8 MEDIUM | 9.0 CRITICAL |
| A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. | |||||
| CVE-2021-21940 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 7.5 HIGH | 10.0 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2022-2340 | 1 W-dalil Project | 1 W-dalil | 2022-07-29 | N/A | 4.8 MEDIUM |
| The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2021-21792 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2022-07-29 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. | |||||
| CVE-2021-21791 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2022-07-29 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. | |||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| chatwoot is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2022-35651 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-07-29 | N/A | 6.1 MEDIUM |
| A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. | |||||
| CVE-2022-33965 | 1 Plugins-market | 1 Wp Visitor Statistics | 2022-07-29 | N/A | 9.8 CRITICAL |
| Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | |||||
| CVE-2022-2341 | 1 Simple Page Transition Project | 1 Simple Page Transition | 2022-07-29 | N/A | 4.8 MEDIUM |
| The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2021-21820 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-21819 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2022-07-29 | 9.0 HIGH | 7.2 HIGH |
| A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||