Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44960 | 1 Svgpp | 1 Svgpp | 2022-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function. | |||||
| CVE-2022-24976 | 1 Atheme | 1 Atheme | 2022-02-23 | 5.8 MEDIUM | 9.1 CRITICAL |
| Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. | |||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2022-02-23 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2021-44141 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Storage, Samba | 2022-02-23 | 3.5 LOW | 4.3 MEDIUM |
| All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. | |||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | |||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9. | |||||
| CVE-2021-45347 | 1 Zzcms | 1 Zzcms | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | |||||
| CVE-2022-24586 | 1 Pluxml | 1 Pluxml | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | |||||
| CVE-2022-24227 | 1 Boltwire | 1 Boltwire | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | |||||
| CVE-2022-24226 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | |||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2022-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | |||||
| CVE-2022-0580 | 1 Librenms | 1 Librenms | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2021-43106 | 1 Compassplus | 2 Tranzware Online, Tranzware Online Financial Institution Maintenance Interface | 2022-02-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions. | |||||
| CVE-2021-45392 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-02-22 | 7.8 HIGH | 7.5 HIGH |
| A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. | |||||
| CVE-2021-39080 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. | |||||
| CVE-2022-0576 | 1 Librenms | 1 Librenms | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2022-0575 | 1 Librenms | 1 Librenms | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2021-25110 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address. | |||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 2.7 LOW |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | |||||
| CVE-2021-25107 | 1 Accesspressthemes | 1 Form Store To Db | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | |||||