Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37720 2 Arubanetworks, Siemens 4 Arubaos, Sd-wan, Scalance W1750d and 1 more 2022-04-22 9.0 HIGH 7.2 HIGH
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
CVE-2022-24855 1 Metabase 1 Metabase 2022-04-22 3.5 LOW 5.4 MEDIUM
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.
CVE-2021-37718 2 Arubanetworks, Siemens 4 Arubaos, Sd-wan, Scalance W1750d and 1 more 2022-04-22 9.0 HIGH 7.2 HIGH
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
CVE-2021-37717 2 Arubanetworks, Siemens 4 Arubaos, Sd-wan, Scalance W1750d and 1 more 2022-04-22 9.0 HIGH 7.2 HIGH
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
CVE-2021-25162 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2022-04-22 9.3 HIGH 8.1 HIGH
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2021-25161 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2022-04-22 4.3 MEDIUM 6.1 MEDIUM
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2022-24484 1 Microsoft 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more 2022-04-22 2.1 LOW 5.5 MEDIUM
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24538, CVE-2022-26784.
CVE-2021-25159 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2022-04-22 8.5 HIGH 6.5 MEDIUM
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2022-24483 1 Microsoft 8 Windows 10, Windows 11, Windows 8.1 and 5 more 2022-04-22 4.9 MEDIUM 5.5 MEDIUM
Windows Kernel Information Disclosure Vulnerability.
CVE-2021-25157 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2022-04-22 4.0 MEDIUM 4.9 MEDIUM
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2022-24486 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2022-04-22 4.6 MEDIUM 7.8 HIGH
Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544.
CVE-2022-24485 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-04-22 5.1 MEDIUM 7.5 HIGH
Win32 File Enumeration Remote Code Execution Vulnerability.
CVE-2021-25156 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2022-04-22 4.0 MEDIUM 4.9 MEDIUM
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2021-25155 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2022-04-22 8.5 HIGH 6.5 MEDIUM
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2022-1279 1 Ebics Java Project 1 Ebics Java 2022-04-22 5.0 MEDIUM 7.5 HIGH
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.
CVE-2022-24845 1 Vyper Project 1 Vyper 2022-04-22 7.5 HIGH 9.8 CRITICAL
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.
CVE-2022-24488 1 Microsoft 4 Windows 10, Windows 11, Windows Server 2016 and 1 more 2022-04-22 4.6 MEDIUM 7.8 HIGH
Windows Desktop Bridge Elevation of Privilege Vulnerability.
CVE-2022-24487 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2022-04-22 7.5 HIGH 8.8 HIGH
Windows Local Security Authority (LSA) Remote Code Execution Vulnerability.
CVE-2021-44491 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2022-04-22 5.0 MEDIUM 7.5 HIGH
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation.
CVE-2021-44490 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2022-04-22 5.0 MEDIUM 7.5 HIGH
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.