Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20547 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-04-15 | 5.8 MEDIUM | 8.1 HIGH |
| There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. | |||||
| CVE-2021-31784 | 2 Opendesign, Siemens | 2 Drawings Sdk, Comos | 2022-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | |||||
| CVE-2021-32946 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2022-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | |||||
| CVE-2021-32944 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2022-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. | |||||
| CVE-2021-32950 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2022-04-15 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. | |||||
| CVE-2022-1284 | 1 Radare | 1 Radare2 | 2022-04-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | |||||
| CVE-2021-39126 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-04-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | |||||
| CVE-2022-1283 | 1 Radare | 1 Radare2 | 2022-04-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash). | |||||
| CVE-2021-42721 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2022-04-15 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23974 | 1 Apache | 1 Pinot | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0 | |||||
| CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||||
| CVE-2021-46162 | 1 Siemens | 1 Simcenter Femap | 2022-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) | |||||
| CVE-2022-22410 | 1 Ibm | 1 Watson Query | 2022-04-15 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763. | |||||
| CVE-2022-27152 | 1 Roku | 11 Express, Express 4k\+, Roku Os and 8 more | 2022-04-15 | 2.7 LOW | 5.7 MEDIUM |
| Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | |||||
| CVE-2021-43517 | 1 Foscam | 2 Fi9805e, Fi9805e Firmware | 2022-04-15 | 10.0 HIGH | 9.8 CRITICAL |
| FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | |||||
| CVE-2022-1287 | 1 School Club Application System Project | 1 School Club Application System | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-25569 | 1 Bettinivideo | 1 Sgsetup | 2022-04-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. | |||||
| CVE-2022-27047 | 1 Moguit | 1 Mogu Blog Cms | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | |||||
| CVE-2022-22339 | 1 Ibm | 1 Planning Analytics | 2022-04-15 | 6.5 MEDIUM | 7.3 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. | |||||
| CVE-2022-24819 | 1 Xwiki | 1 Xwiki | 2022-04-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | |||||