The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-39254 | A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
| CVE-2021-39251 | A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
| CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
| CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
| CVE-2021-39256 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
| CVE-2021-39261 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
| CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
| CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 |
| CVE-2018-20809 | A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | MEDIUM | Jul 3, 2019 |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 |
| CVE-2020-35538 | A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. | LOW | Aug 31, 2022 |
| CVE-2022-2547 | A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
| CVE-2022-2337 | A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
| CVE-2022-1069 | A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
| CVE-2022-2335 | A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
| CVE-2021-23862 | A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | HIGH | Dec 9, 2021 |
| CVE-2022-31741 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | -- | Dec 22, 2022 |
| CVE-2017-18154 | A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | HIGH | Jun 6, 2018 |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 |
| CVE-2022-45139 | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | -- | Feb 27, 2023 |
| CVE-2023-42833 | A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | -- | Jan 11, 2024 |
| CVE-2022-32923 | A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | -- | Nov 4, 2022 |
| CVE-2022-22662 | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. | MEDIUM | May 27, 2022 |
| CVE-2018-4293 | A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | MEDIUM | Apr 5, 2019 |
| CVE-2019-19661 | A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | MEDIUM | Feb 11, 2020 |
| CVE-2019-17001 | A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. | MEDIUM | Jan 13, 2020 |
| CVE-2020-10715 | A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. | MEDIUM | Sep 16, 2020 |
| CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. | -- | Sep 26, 2023 |
| CVE-2018-2434 | A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. | MEDIUM | Jul 10, 2018 |
| CVE-2022-4145 | A content spoofing flaw was found in OpenShift\'s OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | -- | Oct 5, 2023 |
| CVE-2017-7808 | A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. | MEDIUM | Jun 12, 2018 |
| CVE-2020-15647 | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. | MEDIUM | Aug 12, 2020 |
| CVE-2020-6796 | A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. | MEDIUM | Mar 12, 2020 |
| CVE-2019-6222 | A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. | MEDIUM | Dec 18, 2019 |
| CVE-2018-4352 | A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12. | LOW | Apr 8, 2019 |
| CVE-2018-4313 | A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | LOW | Apr 4, 2019 |
| CVE-2019-8793 | A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator. | LOW | Dec 23, 2019 |
| CVE-2021-22252 | A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers | MEDIUM | Aug 24, 2021 |
| CVE-2018-1999038 | A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. | MEDIUM | Aug 1, 2018 |
| CVE-2021-31380 | A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. | -- | Oct 19, 2021 |
| CVE-2021-31381 | A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. | MEDIUM | Oct 19, 2021 |
| CVE-2023-6154 | A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\'s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. | -- | Apr 1, 2024 |
| CVE-2019-8834 | A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. | MEDIUM | Oct 30, 2020 |
| CVE-2018-4433 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system. | LOW | Oct 30, 2020 |
| CVE-2022-32877 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. | -- | Nov 3, 2022 |
| CVE-2023-40434 | A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user\'s Photos Library. | -- | Oct 3, 2023 |
| CVE-2017-13911 | A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2. | HIGH | Apr 4, 2019 |
| CVE-2018-4342 | A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. | LOW | Apr 5, 2019 |
| CVE-2018-4353 | A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. | HIGH | Apr 8, 2019 |
| CVE-2018-4355 | A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | MEDIUM | Apr 5, 2019 |
