Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20039 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2022-04-01 9.0 HIGH 8.8 HIGH
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-29241 1 Codesys 11 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 8 more 2022-04-01 5.0 MEDIUM 7.5 HIGH
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVE-2021-41500 2 Cvxopt Project, Fedoraproject 2 Cvxopt, Fedora 2022-04-01 5.0 MEDIUM 7.5 HIGH
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
CVE-2021-46144 2 Debian, Roundcube 2 Debian Linux, Roundcube 2022-04-01 4.3 MEDIUM 6.1 MEDIUM
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
CVE-2021-43579 2 Debian, Htmldoc Project 2 Debian Linux, Htmldoc 2022-04-01 6.8 MEDIUM 7.8 HIGH
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
CVE-2020-29050 2 Debian, Sphinxsearch 2 Debian Linux, Sphinx 2022-04-01 5.0 MEDIUM 7.5 HIGH
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
CVE-2020-12080 1 Flexera 1 Flexnet Publisher 2022-04-01 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.
CVE-2021-40985 2 Debian, Htmldoc Project 2 Debian Linux, Htmldoc 2022-04-01 4.3 MEDIUM 5.5 MEDIUM
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
CVE-2022-21986 2 Fedoraproject, Microsoft 4 Fedora, .net, Visual Studio 2019 and 1 more 2022-04-01 4.3 MEDIUM 7.5 HIGH
.NET Denial of Service Vulnerability.
CVE-2021-44926 1 Gpac 1 Gpac 2022-04-01 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash.
CVE-2021-44919 1 Gpac 1 Gpac 2022-04-01 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash.
CVE-2021-43816 2 Fedoraproject, Linuxfoundation 2 Fedora, Containerd 2022-04-01 6.0 MEDIUM 9.1 CRITICAL
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.
CVE-2021-30937 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2022-04-01 9.3 HIGH 7.8 HIGH
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30942 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2022-04-01 6.8 MEDIUM 7.8 HIGH
Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2022-21917 1 Microsoft 1 Hevc Video Extensions 2022-04-01 9.3 HIGH 7.8 HIGH
HEVC Video Extensions Remote Code Execution Vulnerability.
CVE-2022-24122 3 Fedoraproject, Linux, Netapp 18 Fedora, Linux Kernel, Baseboard Management Controller H300e and 15 more 2022-04-01 6.9 MEDIUM 7.8 HIGH
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
CVE-2022-21718 1 Electronjs 1 Electron 2022-04-01 4.0 MEDIUM 5.0 MEDIUM
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
CVE-2021-45810 1 Globalprotect-openconnect Project 1 Globalprotect-openconnect 2022-04-01 5.0 MEDIUM 7.5 HIGH
Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.
CVE-2022-1030 3 Apple, Linux, Okta 3 Macos, Linux Kernel, Advanced Server Access 2022-04-01 9.3 HIGH 8.8 HIGH
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.
CVE-2020-10108 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-04-01 7.5 HIGH 9.8 CRITICAL
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.