Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20039 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-04-01 | 9.0 HIGH | 8.8 HIGH |
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
CVE-2021-29241 | 1 Codesys | 11 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 8 more | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | |||||
CVE-2021-41500 | 2 Cvxopt Project, Fedoraproject | 2 Cvxopt, Fedora | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | |||||
CVE-2021-46144 | 2 Debian, Roundcube | 2 Debian Linux, Roundcube | 2022-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | |||||
CVE-2021-43579 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-04-01 | 6.8 MEDIUM | 7.8 HIGH |
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | |||||
CVE-2020-29050 | 2 Debian, Sphinxsearch | 2 Debian Linux, Sphinx | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. | |||||
CVE-2020-12080 | 1 Flexera | 1 Flexnet Publisher | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. | |||||
CVE-2021-40985 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | |||||
CVE-2022-21986 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, Visual Studio 2019 and 1 more | 2022-04-01 | 4.3 MEDIUM | 7.5 HIGH |
.NET Denial of Service Vulnerability. | |||||
CVE-2021-44926 | 1 Gpac | 1 Gpac | 2022-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. | |||||
CVE-2021-44919 | 1 Gpac | 1 Gpac | 2022-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. | |||||
CVE-2021-43816 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Containerd | 2022-04-01 | 6.0 MEDIUM | 9.1 CRITICAL |
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. | |||||
CVE-2021-30937 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-04-01 | 9.3 HIGH | 7.8 HIGH |
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-30942 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-04-01 | 6.8 MEDIUM | 7.8 HIGH |
Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2022-21917 | 1 Microsoft | 1 Hevc Video Extensions | 2022-04-01 | 9.3 HIGH | 7.8 HIGH |
HEVC Video Extensions Remote Code Execution Vulnerability. | |||||
CVE-2022-24122 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, Baseboard Management Controller H300e and 15 more | 2022-04-01 | 6.9 MEDIUM | 7.8 HIGH |
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | |||||
CVE-2022-21718 | 1 Electronjs | 1 Electron | 2022-04-01 | 4.0 MEDIUM | 5.0 MEDIUM |
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue. | |||||
CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | |||||
CVE-2022-1030 | 3 Apple, Linux, Okta | 3 Macos, Linux Kernel, Advanced Server Access | 2022-04-01 | 9.3 HIGH | 8.8 HIGH |
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. | |||||
CVE-2020-10108 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-04-01 | 7.5 HIGH | 9.8 CRITICAL |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. |