Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0087 | 1 Keystonejs | 1 Keystone | 2022-01-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-30353 | 1 Qualcomm | 220 Ar8031, Ar8031 Firmware, Ar8035 and 217 more | 2022-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-30330 | 1 Qualcomm | 220 Apq8009, Apq8009 Firmware, Apq8009w and 217 more | 2022-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-30319 | 1 Qualcomm | 268 Apq8009, Apq8009 Firmware, Apq8017 and 265 more | 2022-01-18 | 7.2 HIGH | 7.8 HIGH |
| Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-30314 | 1 Qualcomm | 148 Qca6390, Qca6390 Firmware, Qca6391 and 145 more | 2022-01-18 | 2.1 LOW | 5.5 MEDIUM |
| Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-30313 | 1 Qualcomm | 360 Apq8096au, Apq8096au Firmware, Ar8031 and 357 more | 2022-01-18 | 4.4 MEDIUM | 6.4 MEDIUM |
| Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30311 | 1 Qualcomm | 134 Ar8035, Ar8035 Firmware, Qca6390 and 131 more | 2022-01-18 | 7.2 HIGH | 7.8 HIGH |
| Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30308 | 1 Qualcomm | 172 Aqt1000, Aqt1000 Firmware, Ar8035 and 169 more | 2022-01-18 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-28376 | 1 Chronoengine | 1 Chronoforums | 2022-01-18 | 4.0 MEDIUM | 2.7 LOW |
| ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. | |||||
| CVE-2021-23218 | 1 Mirantis | 1 Mirantis Container Runtime | 2022-01-18 | 4.3 MEDIUM | 7.5 HIGH |
| When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service. | |||||
| CVE-2022-22847 | 1 Formpipe | 1 Lasernet | 2022-01-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). | |||||
| CVE-2022-22846 | 1 Dnslib Project | 1 Dnslib | 2022-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. | |||||
| CVE-2021-46012 | 2022-01-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. | |||||
| CVE-2021-46145 | 1 Honda | 1 Civic 2012 | 2022-01-18 | 2.9 LOW | 5.3 MEDIUM |
| The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization. | |||||
| CVE-2022-22845 | 1 Qxip | 1 Homer Webapp | 2022-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations. | |||||
| CVE-2021-0211 | 1 Juniper | 87 Ex2200, Ex2200-c, Ex2200-vc and 84 more | 2022-01-18 | 6.4 MEDIUM | 10.0 CRITICAL |
| An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO. | |||||
| CVE-2021-23425 | 1 Trim-off-newlines Project | 1 Trim-off-newlines | 2022-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | |||||
| CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2022-01-18 | 3.3 LOW | 6.5 MEDIUM |
| Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | |||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2022-01-18 | 9.3 HIGH | 7.8 HIGH |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | |||||
| CVE-2020-10137 | 1 Silabs | 2 700 Series Firmware, Uzb-7 | 2022-01-18 | 3.3 LOW | 6.5 MEDIUM |
| Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. | |||||