Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46480 | 1 Jsish | 1 Jsish | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46478 | 1 Jsish | 1 Jsish | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46474 | 1 Jsish | 1 Jsish | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46475 | 1 Jsish | 1 Jsish | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2022-22553 | 1 Dell | 1 Emc Appsync | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | |||||
| CVE-2022-22552 | 1 Dell | 1 Emc Appsync | 2022-01-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. | |||||
| CVE-2021-46477 | 1 Jsish | 1 Jsish | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2022-22551 | 1 Dell | 1 Emc Appsync | 2022-01-27 | 5.8 MEDIUM | 8.8 HIGH |
| DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. | |||||
| CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2022-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | |||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | |||||
| CVE-2020-4877 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | |||||
| CVE-2022-23807 | 1 Phpmyadmin | 1 Phpmyadmin | 2022-01-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | |||||
| CVE-2022-23365 | 1 Hms Project | 1 Hms | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | |||||
| CVE-2022-23364 | 1 Hms Project | 1 Hms | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | |||||
| CVE-2021-39480 | 1 Bingrep Project | 1 Bingrep | 2022-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). | |||||
| CVE-2022-23363 | 1 Online Banking System Project | 1 Online Banking System | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | |||||
| CVE-2022-21701 | 1 Istio | 1 Istio | 2022-01-27 | 6.0 MEDIUM | 8.8 HIGH |
| Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create other resources that they may not have access to, such as `Pod`. This vulnerability impacts only an Alpha level feature, the Kubernetes Gateway API. This is not the same as the Istio Gateway type (gateways.networking.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Remove the gateways.gateway.networking.k8s.io CustomResourceDefinition, set PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER=true environment variable in Istiod, or remove CREATE permissions for gateways.gateway.networking.k8s.io objects from untrusted users. | |||||
| CVE-2022-21679 | 1 Istio | 1 Istio | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12.1. Istio 1.12 supports the hosts and notHosts fields in authorization policy with a new Envoy API shipped with the 1.12 data plane. A bug in the 1.12.0 and 1.12.1 incorrectly uses the new Envoy API with the 1.11 data plane. This will cause the hosts and notHosts fields to be always matched regardless of the actual value of the host header when mixing 1.12.0/1.12.1 control plane and 1.11 data plane. Users are advised to upgrade or to not mix the 1.12.0/1.12.1 control plane with 1.11 data plane if using hosts or notHosts field in authorization policy. | |||||
| CVE-2022-0326 | 1 Mruby | 1 Mruby | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in Homebrew mruby prior to 3.2. | |||||
| CVE-2021-44121 | 2022-01-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||