Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27811 | 1 Gnome | 1 Ocrfeeder | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | |||||
| CVE-2020-28948 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | |||||
| CVE-2021-37971 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-37970 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-37972 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 5 Ubuntu Linux, Debian Linux, Netty and 2 more | 2022-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | |||||
| CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-43085 | 2022-03-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-29102 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2018-1320 | 4 Apache, Debian, F5 and 1 more | 5 Thrift, Debian Linux, Traffix Sdc and 2 more | 2022-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. | |||||
| CVE-2021-29108 | 1 Esri | 1 Portal For Arcgis | 2022-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account. | |||||
| CVE-2021-29103 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
| CVE-2021-29107 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | |||||
| CVE-2021-29109 | 1 Esri | 1 Portal For Arcgis | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
| CVE-2021-29104 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | |||||
| CVE-2021-29110 | 1 Esri | 1 Portal For Arcgis | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | |||||
| CVE-2021-29106 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
| CVE-2021-29105 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory. | |||||
| CVE-2021-29099 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue. | |||||
| CVE-2021-29100 | 1 Esri | 1 Arcgis Earth | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system. | |||||