The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-0361 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 |
CVE-2022-0359 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 2, 2022 |
CVE-2022-0352 | Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | MEDIUM | Feb 2, 2022 |
CVE-2022-0348 | Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. | LOW | Feb 2, 2022 |
CVE-2022-0203 | Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | MEDIUM | Feb 2, 2022 |
CVE-2022-0135 | An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. | -- | Feb 2, 2022 |
CVE-2021-46517 | There is an Assertion `mjs_stack_size(&mjs->scopes) > 0\' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | MEDIUM | Feb 2, 2022 |
CVE-2021-46515 | There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len\' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | MEDIUM | Feb 2, 2022 |
CVE-2021-46514 | There is an Assertion \'ppos != NULL && mjs_is_number(*ppos)\' failed at src/mjs_core.c in Cesanta MJS v2.20.0. | MEDIUM | Feb 2, 2022 |
CVE-2021-46511 | There is an Assertion `m->len >= sizeof(v)\' failed at src/mjs_core.c in Cesanta MJS v2.20.0. | MEDIUM | Feb 2, 2022 |
CVE-2021-46508 | There is an Assertion `i < parts_cnt\' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. | MEDIUM | Feb 2, 2022 |
CVE-2021-46507 | Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. | MEDIUM | Feb 2, 2022 |
CVE-2021-46505 | Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. | MEDIUM | Feb 2, 2022 |
CVE-2021-46504 | There is an Assertion \'vp != resPtr\' failed at jsiEval.c in Jsish v3.5.0. | MEDIUM | Feb 2, 2022 |
CVE-2021-46503 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46502 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46501 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46500 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46499 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46498 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46497 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46496 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46495 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46494 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46492 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46491 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46490 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46489 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46488 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46487 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46486 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46485 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46484 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | MEDIUM | Feb 2, 2022 |
CVE-2021-46448 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | HIGH | Feb 2, 2022 |
CVE-2021-46447 | A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. | LOW | Feb 2, 2022 |
CVE-2021-46446 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | HIGH | Feb 2, 2022 |
CVE-2021-46445 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | HIGH | Feb 2, 2022 |
CVE-2021-46444 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | HIGH | Feb 2, 2022 |
CVE-2021-46428 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | HIGH | Feb 2, 2022 |
CVE-2021-46427 | An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | HIGH | Feb 2, 2022 |
CVE-2021-46386 | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | HIGH | Feb 2, 2022 |
CVE-2021-46383 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | MEDIUM | Feb 2, 2022 |
CVE-2021-46377 | There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | HIGH | Feb 2, 2022 |
CVE-2021-46118 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | MEDIUM | Feb 2, 2022 |
CVE-2021-46116 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | MEDIUM | Feb 2, 2022 |
CVE-2021-46097 | Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | MEDIUM | Feb 2, 2022 |
CVE-2021-46093 | eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. | HIGH | Feb 2, 2022 |
CVE-2021-46088 | Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the Zabbix Admin role is able to run custom shell script on the application server in the context of the application user. | MEDIUM | Feb 2, 2022 |
CVE-2021-46065 | A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | LOW | Feb 2, 2022 |
CVE-2021-45975 | In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges. | MEDIUM | Feb 2, 2022 |