Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22667 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-0577 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2022-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | |||||
| CVE-2022-22669 | 1 Apple | 1 Macos | 2022-03-24 | 7.2 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22670 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2022-03-24 | 4.3 MEDIUM | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. | |||||
| CVE-2021-46107 | 1 Ligeo-archives | 1 Ligeo Basics | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. | |||||
| CVE-2021-45040 | 1 Spatie | 1 Laravel Media Library | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | |||||
| CVE-2022-26511 | 1 Kingsoft | 1 Wps Presentation | 2022-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). | |||||
| CVE-2022-26081 | 1 Kingsoft | 1 Wps Office | 2022-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | |||||
| CVE-2022-22609 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. | |||||
| CVE-2022-25139 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | |||||
| CVE-2021-46462 | 1 F5 | 1 Njs | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | |||||
| CVE-2021-46463 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | |||||
| CVE-2021-44087 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | |||||
| CVE-2019-13617 | 1 F5 | 1 Njs | 2022-03-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. | |||||
| CVE-2019-13067 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. | |||||
| CVE-2019-12208 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | |||||
| CVE-2019-12207 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | |||||
| CVE-2019-12206 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | |||||
| CVE-2019-11839 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. | |||||
| CVE-2019-11838 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. | |||||