Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39729 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A | |||||
| CVE-2021-39727 | 1 Google | 1 Android | 2022-03-23 | 1.9 LOW | 4.1 MEDIUM |
| In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A | |||||
| CVE-2021-39730 | 1 Google | 1 Android | 2022-03-23 | 2.1 LOW | 4.4 MEDIUM |
| In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A | |||||
| CVE-2021-39731 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A | |||||
| CVE-2021-39732 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 7.8 HIGH |
| In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A | |||||
| CVE-2021-39733 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A | |||||
| CVE-2021-39735 | 1 Google | 1 Android | 2022-03-23 | 4.4 MEDIUM | 6.4 MEDIUM |
| In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A | |||||
| CVE-2021-39736 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A | |||||
| CVE-2022-25969 | 1 Kingsoft | 1 Wps Office | 2022-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | |||||
| CVE-2021-39793 | 1 Google | 1 Android | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A | |||||
| CVE-2022-25949 | 1 Kingsoft | 1 Internet Security 9 Plus | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. | |||||
| CVE-2022-26503 | 2 Microsoft, Veeam | 2 Windows, Veeam | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | |||||
| CVE-2022-1000 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. | |||||
| CVE-2022-24759 | 1 Chainsafe | 1 Js-libp2p-noise | 2022-03-23 | 5.8 MEDIUM | 7.4 HIGH |
| `@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds. | |||||
| CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 6.5 MEDIUM | 8.8 HIGH |
| Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | |||||
| CVE-2021-44260 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. | |||||
| CVE-2021-44259 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. | |||||
| CVE-2021-44262 | 1 Netgear | 6 Mbr1517, Mbr1517 Firmware, Wac104 and 3 more | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | |||||
| CVE-2022-24075 | 1 Navercorp | 1 Whale | 2022-03-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. | |||||
| CVE-2022-24074 | 1 Navercorp | 1 Whale | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises. | |||||