Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43174 | 2 Debian, Nlnetlabs | 2 Debian Linux, Routinator | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element. | |||||
| CVE-2022-23903 | 1 Pearadmin | 1 Pear Admin Think | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | |||||
| CVE-2021-3761 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. | |||||
| CVE-2020-13949 | 2 Apache, Oracle | 4 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 1 more | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | |||||
| CVE-2020-1963 | 1 Apache | 1 Ignite | 2022-04-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. | |||||
| CVE-2020-12693 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2022-04-04 | 5.1 MEDIUM | 8.1 HIGH |
| Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | |||||
| CVE-2020-1945 | 5 Apache, Canonical, Fedoraproject and 2 more | 50 Ant, Ubuntu Linux, Fedora and 47 more | 2022-04-04 | 3.3 LOW | 6.3 MEDIUM |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | |||||
| CVE-2021-44127 | 1 Dlink | 2 Dap-1360, Dap-1360f1 Firmware | 2022-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. | |||||
| CVE-2022-26252 | 1 Aapanel | 1 Aapanel | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). | |||||
| CVE-2021-44751 | 1 F-secure | 1 Safe | 2022-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. | |||||
| CVE-2022-0227 | 2022-04-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-46443 | 2022-04-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-46439 | 2022-04-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation show | |||||
| CVE-2022-27306 | 2022-04-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-23273 | 1 Broadcom | 1 Tcpreplay | 2022-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. | |||||
| CVE-2020-18976 | 1 Broadcom | 1 Tcpreplay | 2022-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. | |||||
| CVE-2018-20553 | 1 Broadcom | 1 Tcpreplay | 2022-04-01 | 6.8 MEDIUM | 7.8 HIGH |
| Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. | |||||
| CVE-2018-20552 | 1 Broadcom | 1 Tcpreplay | 2022-04-01 | 6.8 MEDIUM | 7.8 HIGH |
| Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. | |||||
| CVE-2018-18408 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-18407 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. | |||||