Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14773 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2022-03-29 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-14769 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2022-03-29 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-14760 1 Oracle 1 Mysql 2022-03-29 7.5 HIGH 5.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2020-14672 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2022-03-29 6.8 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-13734 8 Canonical, Debian, Fedoraproject and 5 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2022-03-29 6.8 MEDIUM 8.8 HIGH
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-18804 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 5.0 MEDIUM 7.5 HIGH
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
CVE-2021-35448 2 Microsoft, Remotemouse 2 Windows, Emote Interactive Studio 2022-03-29 7.2 HIGH 7.8 HIGH
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.
CVE-2021-38772 1 Tendacn 2 Ac10, Ac10 Firmware 2022-03-29 7.8 HIGH 7.5 HIGH
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVE-2022-26243 1 Tendacn 2 Ac10, Ac10 Firmware 2022-03-29 7.8 HIGH 7.5 HIGH
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
CVE-2021-27471 1 Rockwellautomation 1 Connected Components Workbench 2022-03-29 6.8 MEDIUM 8.6 HIGH
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
CVE-2021-27470 1 Rockwellautomation 1 Factorytalk Assetcentre 2022-03-29 7.5 HIGH 9.8 CRITICAL
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVE-2019-15145 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 4.3 MEDIUM 5.5 MEDIUM
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15144 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 4.3 MEDIUM 5.5 MEDIUM
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-15143 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 4.3 MEDIUM 5.5 MEDIUM
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15142 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2022-03-29 4.3 MEDIUM 5.5 MEDIUM
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
CVE-2021-27472 1 Rockwellautomation 1 Factorytalk Assetcentre 2022-03-29 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
CVE-2018-18623 1 Grafana 1 Grafana 2022-03-29 4.3 MEDIUM 6.1 MEDIUM
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
CVE-2021-38278 1 Tendacn 2 Ac10, Ac10 Firmware 2022-03-29 7.5 HIGH 9.8 CRITICAL
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
CVE-2021-42008 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, H300e and 17 more 2022-03-29 6.9 MEDIUM 7.8 HIGH
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2022-24293 1 Hp 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more 2022-03-29 10.0 HIGH 9.8 CRITICAL
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.