Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30748 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-02-11 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-45281 | 1 Quickbox | 1 Quickbox | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized. | |||||
| CVE-2021-30864 | 1 Apple | 1 Macos | 2022-02-11 | 5.0 MEDIUM | 8.6 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-30811 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2022-02-11 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. | |||||
| CVE-2021-30819 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-02-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2021-3861 | 1 Zephyrproject | 1 Zephyr | 2022-02-11 | 7.2 HIGH | 6.8 MEDIUM |
| The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | |||||
| CVE-2021-30835 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2022-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2022-02-11 | 5.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | |||||
| CVE-2022-22142 | 1 Econosys-system | 1 Php Mailform | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-21805 | 1 Econosys-system | 1 Php Mailform | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-23046 | 1 Phpipam | 1 Phpipam | 2022-02-11 | 6.5 MEDIUM | 7.2 HIGH |
| PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | |||||
| CVE-2021-25077 | 1 Visser | 1 Store Toolkit For Woocommerce | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25029 | 1 Cluevo | 1 Learning Management System | 2022-02-11 | 3.5 LOW | 4.8 MEDIUM |
| The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-45116 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | |||||
| CVE-2021-45452 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2022-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||||
| CVE-2022-22832 | 1 Servisnet | 1 Tessa | 2022-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. | |||||
| CVE-2022-22831 | 1 Servisnet | 1 Tessa | 2022-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. | |||||
| CVE-2021-39280 | 1 Korenix | 12 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 9 more | 2022-02-10 | 9.0 HIGH | 8.8 HIGH |
| Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. | |||||
| CVE-2022-23206 | 1 Apache | 1 Traffic Control | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | |||||
| CVE-2022-0502 | 1 Livehelperchat | 1 Live Helper Chat | 2022-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||