Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21987 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-02-14 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability. | |||||
| CVE-2017-18214 | 2 Momentjs, Tenable | 2 Moment, Nessus | 2022-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | |||||
| CVE-2018-16301 | 1 Tcpdump | 1 Tcpdump | 2022-02-14 | 4.4 MEDIUM | 7.8 HIGH |
| The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. | |||||
| CVE-2022-21968 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Microsoft SharePoint Server Security Feature BypassVulnerability. | |||||
| CVE-2022-21965 | 1 Microsoft | 1 Teams | 2022-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Teams Denial of Service Vulnerability. | |||||
| CVE-2022-21957 | 1 Microsoft | 1 Dynamics 365 | 2022-02-14 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. | |||||
| CVE-2020-25686 | 4 Arista, Debian, Fedoraproject and 1 more | 4 Eos, Debian Linux, Fedora and 1 more | 2022-02-14 | 4.3 MEDIUM | 3.7 LOW |
| A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2020-25684 | 4 Arista, Debian, Fedoraproject and 1 more | 4 Eos, Debian Linux, Fedora and 1 more | 2022-02-14 | 4.3 MEDIUM | 3.7 LOW |
| A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2021-37990 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. | |||||
| CVE-2021-37989 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. | |||||
| CVE-2021-37988 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-37987 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-37986 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-37985 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-23263 | 1 Microsoft | 1 Edge Chromium | 2022-02-11 | 4.4 MEDIUM | 7.7 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. | |||||
| CVE-2022-23262 | 1 Microsoft | 1 Edge Chromium | 2022-02-11 | 6.8 MEDIUM | 6.3 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. | |||||
| CVE-2022-23261 | 1 Microsoft | 1 Edge Chromium | 2022-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Tampering Vulnerability. | |||||
| CVE-2021-38010 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2021-46360 | 1 Ocproducts | 1 Composr | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | |||||
| CVE-2021-40837 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2022-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | |||||