Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46564 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15023. | |||||
| CVE-2021-46563 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14990. | |||||
| CVE-2021-46562 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14987. | |||||
| CVE-2022-21800 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords. | |||||
| CVE-2022-21215 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1. | |||||
| CVE-2022-21196 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | |||||
| CVE-2022-21176 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information. | |||||
| CVE-2022-21143 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands. | |||||
| CVE-2021-46579 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15373. | |||||
| CVE-2022-21141 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | |||||
| CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2022-02-25 | 6.4 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | |||||
| CVE-2007-1377 | 4 Adobe, Mozilla, Netscape and 1 more | 4 Acrobat Reader, Firefox, Navigator and 1 more | 2022-02-25 | 5.0 MEDIUM | N/A |
| AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | |||||
| CVE-2007-2274 | 1 Opera | 1 Opera Browser | 2022-02-25 | 7.8 HIGH | N/A |
| The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain. | |||||
| CVE-2007-2809 | 1 Opera | 1 Opera Browser | 2022-02-25 | 9.3 HIGH | N/A |
| Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. | |||||
| CVE-2007-4367 | 1 Opera | 1 Opera Browser | 2022-02-25 | 9.3 HIGH | N/A |
| Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | |||||
| CVE-2007-3929 | 1 Opera | 1 Opera Browser | 2022-02-25 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | |||||
| CVE-2022-0673 | 1 Eclipse | 1 Lemminx | 2022-02-25 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | |||||
| CVE-2022-0672 | 1 Eclipse | 1 Lemminx | 2022-02-25 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. | |||||
| CVE-2022-0671 | 1 Redhat | 1 Vscode-xml | 2022-02-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | |||||
| CVE-2021-46082 | 1 Moxa | 12 Mgate 5101-pbm-mn, Mgate 5101-pbm-mn-t, Mgate 5101-pbm-mn-t Firmware and 9 more | 2022-02-25 | 7.8 HIGH | 7.5 HIGH |
| Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. | |||||