The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-46323 | Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass. | MEDIUM | Jan 20, 2022 |
| CVE-2021-46322 | Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. | MEDIUM | Jan 20, 2022 |
| CVE-2021-46061 | An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | HIGH | Jan 20, 2022 |
| CVE-2021-46028 | In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted. | MEDIUM | Jan 20, 2022 |
| CVE-2021-46027 | mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | MEDIUM | Jan 20, 2022 |
| CVE-2021-46026 | mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. | LOW | Jan 20, 2022 |
| CVE-2021-46025 | A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background. | LOW | Jan 20, 2022 |
| CVE-2021-45230 | In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has can_create permissions on DAG Runs can create Dag Runs for dags that they don\'t have edit permissions for. | MEDIUM | Jan 20, 2022 |
| CVE-2021-44829 | Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter. | MEDIUM | Jan 20, 2022 |
| CVE-2021-44777 | Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | MEDIUM | Jan 20, 2022 |
| CVE-2021-44738 | Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. | HIGH | Jan 20, 2022 |
| CVE-2021-44737 | PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. | MEDIUM | Jan 20, 2022 |
| CVE-2021-44736 | The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | MEDIUM | Jan 20, 2022 |
| CVE-2021-44735 | Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | HIGH | Jan 20, 2022 |
| CVE-2021-44734 | Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | HIGH | Jan 20, 2022 |
| CVE-2021-44245 | An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | HIGH | Jan 20, 2022 |
| CVE-2021-44244 | An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel\'s Management System 1.0 via the username parameter in login.php. | HIGH | Jan 20, 2022 |
| CVE-2021-44092 | An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. | HIGH | Jan 20, 2022 |
| CVE-2021-44091 | A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. | LOW | Jan 20, 2022 |
| CVE-2021-44090 | An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | HIGH | Jan 20, 2022 |
| CVE-2021-43269 | In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.) | MEDIUM | Jan 20, 2022 |
| CVE-2021-38789 | Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller\'s permission, in which a third-party app could change system settings. | MEDIUM | Jan 20, 2022 |
| CVE-2021-35687 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | MEDIUM | Jan 20, 2022 |
| CVE-2021-35686 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | MEDIUM | Jan 20, 2022 |
| CVE-2021-35683 | Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase Administration Services. While the vulnerability is in Oracle Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Essbase Administration Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | MEDIUM | Jan 20, 2022 |
| CVE-2021-35587 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | HIGH | Jan 20, 2022 |
| CVE-2021-34600 | Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation. | MEDIUM | Jan 20, 2022 |
| CVE-2021-32039 | Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 | LOW | Jan 20, 2022 |
| CVE-2021-29785 | IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169. | MEDIUM | Jan 20, 2022 |
| CVE-2021-26247 | As an unauthenticated remote user, visit http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script> to successfully execute the JavaScript payload present in the ref URL parameter. | MEDIUM | Jan 20, 2022 |
| CVE-2021-23843 | The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\\\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet. | MEDIUM | Jan 20, 2022 |
| CVE-2021-23842 | Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\\\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet. | LOW | Jan 20, 2022 |
| CVE-2021-23225 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the new_username field during creation of a new user via Copy method at user_admin.php. | LOW | Jan 20, 2022 |
| CVE-2021-4143 | Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0. | MEDIUM | Jan 20, 2022 |
| CVE-2021-3816 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via Copy method at user_group_admin.php. | LOW | Jan 20, 2022 |
| CVE-2020-23315 | There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | MEDIUM | Jan 20, 2022 |
| CVE-2022-23772 | Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | HIGH | Jan 21, 2022 |
| CVE-2022-23315 | MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | HIGH | Jan 21, 2022 |
| CVE-2022-23314 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | HIGH | Jan 21, 2022 |
| CVE-2022-22930 | A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. | HIGH | Jan 21, 2022 |
| CVE-2022-22929 | MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | HIGH | Jan 21, 2022 |
| CVE-2022-22928 | MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. | HIGH | Jan 21, 2022 |
| CVE-2022-22895 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. | MEDIUM | Jan 21, 2022 |
| CVE-2022-22894 | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. | MEDIUM | Jan 21, 2022 |
| CVE-2022-22893 | Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. | MEDIUM | Jan 21, 2022 |
| CVE-2022-22892 | There is an Assertion \'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)\' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0. | MEDIUM | Jan 21, 2022 |
| CVE-2022-22891 | Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c. | MEDIUM | Jan 21, 2022 |
| CVE-2022-22890 | There is an Assertion \'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG\' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0. | MEDIUM | Jan 21, 2022 |
| CVE-2022-22888 | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c. | MEDIUM | Jan 21, 2022 |
| CVE-2022-21933 | ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. | HIGH | Jan 21, 2022 |
