Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26925 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | |||||
| CVE-2018-19206 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2022-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | |||||
| CVE-2018-19205 | 1 Roundcube | 1 Webmail | 2022-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. | |||||
| CVE-2021-42951 | 1 Algorithmia | 1 Msol | 2022-03-10 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. | |||||
| CVE-2020-12775 | 1 Moica | 1 Hicos | 2022-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. | |||||
| CVE-2021-46453 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. | |||||
| CVE-2021-46454 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. | |||||
| CVE-2022-0743 | 1 Getgrav | 1 Grav | 2022-03-10 | 3.5 LOW | 4.6 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | |||||
| CVE-2021-45414 | 1 Datarobot | 1 Datarobot | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | |||||
| CVE-2017-7536 | 1 Redhat | 7 Enterprise Linux, Hibernate Validator, Jboss Enterprise Application Platform and 4 more | 2022-03-10 | 4.4 MEDIUM | 7.0 HIGH |
| In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | |||||
| CVE-2022-23956 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2022-03-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | |||||
| CVE-2022-23953 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2022-03-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | |||||
| CVE-2022-25220 | 1 Petereport Project | 1 Petereport | 2022-03-09 | 3.5 LOW | 4.8 MEDIUM |
| PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. | |||||
| CVE-2022-25138 | 1 Axelor | 1 Open Suite | 2022-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. | |||||
| CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | |||||
| CVE-2021-46230 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | |||||
| CVE-2020-14403 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2022-03-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14402 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2022-03-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14401 | 4 Debian, Libvncserver Project, Opensuse and 1 more | 15 Debian Linux, Libvncserver, Leap and 12 more | 2022-03-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | |||||
| CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | |||||