Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4100 | 1 Google | 1 Chrome | 2022-02-18 | 6.8 MEDIUM | 8.8 HIGH |
| Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4099 | 1 Google | 1 Chrome | 2022-02-18 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-24916 | 1 Optimism | 1 Eth-optimism\/l2geth | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. | |||||
| CVE-2021-44111 | 1 S-cart | 1 S-cart | 2022-02-18 | 2.1 LOW | 4.4 MEDIUM |
| A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. | |||||
| CVE-2021-4046 | 1 Tcman | 1 Gim | 2022-02-18 | 3.5 LOW | 5.4 MEDIUM |
| The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. | |||||
| CVE-2021-30326 | 1 Qualcomm | 106 Ar8035, Ar8035 Firmware, Qca6390 and 103 more | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-4098 | 1 Google | 1 Chrome | 2022-02-18 | 4.3 MEDIUM | 7.4 HIGH |
| Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-4101 | 1 Google | 1 Chrome | 2022-02-18 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-39688 | 1 Google | 1 Android | 2022-02-18 | 2.1 LOW | 5.5 MEDIUM |
| In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A | |||||
| CVE-2021-38022 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-38021 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-0524 | 1 Google | 1 Android | 2022-02-18 | 2.1 LOW | 5.5 MEDIUM |
| In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334 | |||||
| CVE-2021-30325 | 1 Qualcomm | 318 Apq8096au, Apq8096au Firmware, Ar8031 and 315 more | 2022-02-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2010-3886 | 1 Microsoft | 1 Internet Explorer | 2022-02-18 | 4.3 MEDIUM | N/A |
| The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. | |||||
| CVE-2021-34235 | 1 Tsg-solutions | 1 Tokheim Profleet Dialog | 2022-02-18 | 10.0 HIGH | 9.8 CRITICAL |
| Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. | |||||
| CVE-2021-45385 | 1 Ffjpeg Project | 1 Ffjpeg | 2022-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. | |||||
| CVE-2021-22824 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | |||||
| CVE-2021-22823 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | |||||
| CVE-2021-22805 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2022-24445 | 2022-02-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||