Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23136 1 Gallagher 1 Command Centre 2022-04-26 4.0 MEDIUM 6.5 MEDIUM
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
CVE-2021-26541 1 Gitlog Project 1 Gitlog 2022-04-26 7.5 HIGH 9.8 CRITICAL
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.
CVE-2021-26539 1 Apostrophecms 1 Sanitize-html 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
CVE-2021-26276 1 Godaddy 1 Node-config-shield 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.
CVE-2021-21289 3 Debian, Fedoraproject, Mechanize Project 3 Debian Linux, Fedora, Mechanize 2022-04-26 7.6 HIGH 8.3 HIGH
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.
CVE-2022-26914 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2022-04-26 4.6 MEDIUM 7.8 HIGH
Win32k Elevation of Privilege Vulnerability.
CVE-2021-21275 2 Oracle, Report Project 3 Communications Cloud Native Core Network Slice Selection Function, Communications Pricing Design Center, Report 2022-04-26 4.3 MEDIUM 4.3 MEDIUM
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
CVE-2022-26911 1 Microsoft 2 Lync Server, Skype For Business Server 2022-04-26 4.0 MEDIUM 6.5 MEDIUM
Skype for Business Information Disclosure Vulnerability.
CVE-2022-26910 1 Microsoft 1 Skype For Business Server 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
Skype for Business and Lync Spoofing Vulnerability.
CVE-2021-21144 2 Fedoraproject, Google 2 Fedora, Chrome 2022-04-26 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21146 2 Fedoraproject, Google 2 Fedora, Chrome 2022-04-26 6.8 MEDIUM 9.6 CRITICAL
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21145 2 Fedoraproject, Google 2 Fedora, Chrome 2022-04-26 6.8 MEDIUM 8.8 HIGH
Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-20987 2 Hilscher, Pepperl-fuchs 23 Ethernet\/ip Adapter, Ethernet\/ip Adapter Firmware, Pcv100-f200-b25-v1d-6011 and 20 more 2022-04-26 7.8 HIGH 8.6 HIGH
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
CVE-2022-26907 1 Microsoft 1 Azure Sdk For .net 2022-04-26 4.0 MEDIUM 6.5 MEDIUM
Azure SDK for .NET Information Disclosure Vulnerability.
CVE-2022-26904 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-04-26 4.4 MEDIUM 7.0 HIGH
Windows User Profile Service Elevation of Privilege Vulnerability.
CVE-2021-20986 2 Hilscher, Pepperl-fuchs 73 Profinet Io Device, Profinet Io Device Firmware, Ohv-f230-b17 and 70 more 2022-04-26 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
CVE-2021-21147 2 Fedoraproject, Google 2 Fedora, Chrome 2022-04-26 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-27927 1 Zabbix 1 Zabbix 2022-04-26 6.8 MEDIUM 8.8 HIGH
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.
CVE-2021-26562 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2022-04-26 6.8 MEDIUM 8.1 HIGH
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26560 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2022-04-26 5.8 MEDIUM 7.4 HIGH
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.