Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21276 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-01-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21281 | 1 Oracle | 1 Primavera Portfolio Management | 2022-01-21 | 4.9 MEDIUM | 4.8 MEDIUM |
| Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2022-22290 | 1 Samsung | 1 Internet | 2022-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2022-22531 | 1 Sap | 1 S\/4hana | 2022-01-21 | 5.5 MEDIUM | 8.1 HIGH |
| The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. | |||||
| CVE-2021-44828 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2022-01-21 | 7.2 HIGH | 7.8 HIGH |
| Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes. | |||||
| CVE-2022-22530 | 1 Sap | 1 S\/4hana | 2022-01-21 | 7.5 HIGH | 8.1 HIGH |
| The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. | |||||
| CVE-2022-23095 | 1 Opendesign | 1 Drawings Software Development Kit | 2022-01-21 | 6.8 MEDIUM | 7.8 HIGH |
| Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-28919 | 1 Tribe29 | 1 Checkmk | 2022-01-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | |||||
| CVE-2021-44706 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-01-21 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-4073 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.8 MEDIUM | 8.1 HIGH |
| The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. | |||||
| CVE-2020-8436 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | |||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | |||||
| CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | |||||
| CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | |||||
| CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | |||||
| CVE-2020-9455 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. | |||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | |||||
| CVE-2021-44713 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-01-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-44710 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-01-21 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-44714 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-01-21 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file. | |||||