Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4875 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. | |||||
| CVE-2021-40855 | 1 Europa | 1 Technical Specifications For Digital Covid Certificates | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production. | |||||
| CVE-2020-23315 | 1 Microsoft | 1 Chakracore | 2022-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | |||||
| CVE-2021-35004 | 1 Tp-link | 2 Tl-wa1201, Tl-wa1201 Firmware | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. | |||||
| CVE-2021-35003 | 1 Tp-link | 2 Archer C90, Archer C90 Firmware | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. | |||||
| CVE-2022-23220 | 4 Canonical, Debian, Gentoo and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2022-01-27 | 7.2 HIGH | 7.8 HIGH |
| USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | |||||
| CVE-2021-46309 | 1 Employee And Visitor Gate Pass Logging System Project | 1 Employee And Visitor Gate Pass Logging System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | |||||
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | |||||
| CVE-2021-44994 | 1 Jerryscript | 1 Jerryscript | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. | |||||
| CVE-2021-44993 | 1 Jerryscript | 1 Jerryscript | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. | |||||
| CVE-2021-44992 | 1 Jerryscript | 1 Jerryscript | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0. | |||||
| CVE-2021-22045 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2022-01-27 | 6.9 MEDIUM | 7.8 HIGH |
| VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. | |||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | |||||
| CVE-2021-46201 | 1 Online Resort Management System Project | 1 Online Resort Management System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||||
| CVE-2021-46323 | 1 Espruino | 1 Espruino | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass. | |||||
| CVE-2021-46324 | 1 Espruino | 1 Espruino | 2022-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. | |||||
| CVE-2021-46325 | 1 Espruino | 1 Espruino | 2022-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf. | |||||
| CVE-2021-46198 | 1 Courier Management System Project | 1 Courier Management System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | |||||
| CVE-2021-25073 | 1 Webmaster-source | 1 Wp125 | 2022-01-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2021-25062 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2022-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||