Vulnerabilities (CVE)

Total 13957 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17545 1 Osgeo 1 Gdal 2022-01-12 7.5 HIGH 9.8 CRITICAL
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2021-3907 1 Cloudflare 1 Octorpki 2022-01-12 7.5 HIGH 9.8 CRITICAL
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
CVE-2022-21969 2022-01-12 N/A 9.0 CRITICAL
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855.
CVE-2022-21901 2022-01-12 N/A 9.0 CRITICAL
Windows Hyper-V Elevation of Privilege Vulnerability.
CVE-2020-7883 2 Microsoft, Wowsoft 2 Windows, Printchaser 2022-01-11 7.5 HIGH 9.8 CRITICAL
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.
CVE-2021-37128 1 Huawei 1 Harmonyos 2022-01-11 7.5 HIGH 9.8 CRITICAL
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file.
CVE-2021-37116 1 Huawei 1 Harmonyos 2022-01-11 6.4 MEDIUM 9.1 CRITICAL
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.
CVE-2021-45957 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c).
CVE-2021-45956 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply).
CVE-2021-45955 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c).
CVE-2021-45954 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth).
CVE-2021-45953 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c).
CVE-2021-45952 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp).
CVE-2021-45951 1 Thekelleys 1 Dnsmasq 2022-01-11 7.5 HIGH 9.8 CRITICAL
Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard).
CVE-2021-31917 2 Infinispan, Redhat 2 Infinispan-server-rest, Data Grid 2022-01-11 7.5 HIGH 9.8 CRITICAL
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-45427 1 Emerson 2 Xweb300d Evo, Xweb300d Evo Firmware 2022-01-11 7.5 HIGH 9.8 CRITICAL
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
CVE-2022-0080 1 Mruby 1 Mruby 2022-01-11 7.5 HIGH 9.8 CRITICAL
mruby is vulnerable to Heap-based Buffer Overflow
CVE-2021-36722 1 Emuse - Eservices \/ Envoice Project 1 Emuse - Eservices \/ Envoice 2022-01-11 10.0 HIGH 9.8 CRITICAL
Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host.
CVE-2021-45428 1 Telesquare 2 Tlr-2005ksh, Tlr-2005ksh Firmware 2022-01-11 7.5 HIGH 9.8 CRITICAL
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
CVE-2021-31890 1 Siemens 17 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 14 more 2022-01-11 6.4 MEDIUM 9.1 CRITICAL
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)