Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21653 | 1 Typelevel | 1 Jawn | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection. | |||||
| CVE-2021-38918 | 1 Ibm | 1 Powervm Hypervisor | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. | |||||
| CVE-2022-21651 | 1 Shopware | 1 Shopware | 2022-01-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. | |||||
| CVE-2021-22567 | 1 Dart | 1 Dart Software Development Kit | 2022-01-12 | 3.5 LOW | 3.5 LOW |
| Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | |||||
| CVE-2022-0121 | 1 Hoppscotch | 1 Hoppscotch | 2022-01-12 | 6.0 MEDIUM | 8.0 HIGH |
| hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2022-21652 | 1 Shopware | 1 Shopware | 2022-01-12 | 5.5 MEDIUM | 8.1 HIGH |
| Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue. | |||||
| CVE-2021-46079 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-12 | 6.5 MEDIUM | 7.2 HIGH |
| An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. | |||||
| CVE-2021-45832 | 1 Hdfgroup | 1 Hdf5 | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). | |||||
| CVE-2021-30283 | 1 Qualcomm | 38 Qca6391, Qca6391 Firmware, Qcm6490 and 35 more | 2022-01-12 | 2.1 LOW | 5.5 MEDIUM |
| Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-45833 | 1 Hdfgroup | 1 Hdf5 | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent). | |||||
| CVE-2021-46044 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent). | |||||
| CVE-2021-46043 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service. | |||||
| CVE-2021-46042 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. | |||||
| CVE-2021-46041 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. | |||||
| CVE-2020-27428 | 1 Mit | 1 Scratch-svg-renderer | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | |||||
| CVE-2021-45388 | 2022-01-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-45608. Reason: This candidate is a reservation duplicate of CVE-2021-45608. Notes: All CVE users should reference CVE-2021-45608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-46040 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). | |||||
| CVE-2021-23574 | 1 Js-data | 1 Js-data | 2022-01-12 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655). | |||||
| CVE-2021-46039 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent). | |||||
| CVE-2021-30269 | 1 Qualcomm | 234 Ar8031, Ar8031 Firmware, Ar8035 and 231 more | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
| Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||