Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1457 | 1 Microsoft | 1 Windows 10 | 2022-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425. | |||||
| CVE-2020-15121 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-01-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. | |||||
| CVE-2020-16094 | 2 Claws-mail, Fedoraproject | 2 Claws-mail, Fedora | 2022-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. | |||||
| CVE-2020-16088 | 1 Openbsd | 1 Openbsd | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. | |||||
| CVE-2021-4118 | 1 Pytorchlightning | 1 Pytorch Lightning | 2022-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| pytorch-lightning is vulnerable to Deserialization of Untrusted Data | |||||
| CVE-2021-24747 | 1 Cleverplugins | 1 Seo Booster | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
| The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections. | |||||
| CVE-2021-29756 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. | |||||
| CVE-2021-29719 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 | |||||
| CVE-2021-20493 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. | |||||
| CVE-2021-20470 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. | |||||
| CVE-2021-24646 | 1 Bookingholdings | 1 Booking.com Banner Creator | 2022-01-04 | 3.5 LOW | 4.8 MEDIUM |
| The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24645 | 1 Bookingholdings | 1 Booking.com Product Helper | 2022-01-04 | 3.5 LOW | 4.8 MEDIUM |
| The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-4048 | 5 Fedoraproject, Julialang, Lapack Project and 2 more | 8 Fedora, Julia, Lapack and 5 more | 2022-01-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. | |||||
| CVE-2021-41063 | 1 Xylem | 1 Aanderaa Geoview | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. | |||||
| CVE-2021-38909 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. | |||||
| CVE-2021-40858 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-01-04 | 6.8 MEDIUM | 4.9 MEDIUM |
| Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | |||||
| CVE-2021-3817 | 1 Wbce | 1 Wbce Cms | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2020-35873 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. | |||||
| CVE-2020-35871 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race. | |||||
| CVE-2020-35869 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | |||||