Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24985 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 6.0 MEDIUM | 8.8 HIGH |
| Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server. | |||||
| CVE-2022-24984 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked. | |||||
| CVE-2021-0092 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2022-02-25 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2022-24983 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique ID field is contained in the POST response upon submitting a form. | |||||
| CVE-2022-24982 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials. | |||||
| CVE-2022-24981 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php. | |||||
| CVE-2021-46368 | 1 Trigonesoft | 1 Remote System Monitor | 2022-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. | |||||
| CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2022-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2021-44868 | 1 Mingsoft | 1 Mcms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do | |||||
| CVE-2022-23319 | 1 Pcf2bdf Project | 1 Pcf2bdf | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components. | |||||
| CVE-2022-0638 | 1 Microweber | 1 Microweber | 2022-02-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-23318 | 1 Pcf2bdf Project | 1 Pcf2bdf | 2022-02-24 | 5.8 MEDIUM | 7.1 HIGH |
| A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact. | |||||
| CVE-2022-22901 | 1 Jerryscript | 1 Jerryscript | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. | |||||
| CVE-2022-24059 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-15098. | |||||
| CVE-2022-24056 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15076. | |||||
| CVE-2022-24057 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15077. | |||||
| CVE-2022-24055 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14972. | |||||
| CVE-2021-46110 | 1 Online Shopping Portal Project | 1 Online Shopping Portal | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | |||||
| CVE-2021-40841 | 1 Liveconfig | 1 Liveconfig | 2022-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server. | |||||
| CVE-2022-0623 | 1 Mruby | 1 Mruby | 2022-02-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | |||||