The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2021-34595 | A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | MEDIUM | Oct 28, 2021 |
CVE-2021-40438 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | MEDIUM | Sep 16, 2021 |
CVE-2021-34596 | A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | MEDIUM | Oct 28, 2021 |
CVE-2021-31559 | A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | MEDIUM | May 6, 2022 |
CVE-2021-39257 | A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39255 | A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39259 | A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39263 | A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39258 | A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
CVE-2021-39253 | A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39252 | A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39260 | A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39262 | A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39254 | A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39251 | A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
CVE-2021-39256 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2021-39261 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | MEDIUM | Aug 31, 2021 |
CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 |
CVE-2024-28759 | A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. | MEDIUM | May 14, 2024 |
CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | MEDIUM | Aug 13, 2021 |
CVE-2018-20809 | A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | MEDIUM | Jul 3, 2019 |
CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 |
CVE-2020-35538 | A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. | LOW | Aug 31, 2022 |
CVE-2022-2547 | A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
CVE-2022-2337 | A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
CVE-2022-1069 | A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
CVE-2022-2335 | A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | -- | Aug 19, 2022 |
CVE-2021-23862 | A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | HIGH | Dec 9, 2021 |
CVE-2022-31741 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | -- | Dec 22, 2022 |
CVE-2017-18154 | A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | HIGH | Jun 6, 2018 |
CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 |
CVE-2022-45139 | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | -- | Feb 27, 2023 |
CVE-2024-23236 | A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files. | -- | May 14, 2024 |
CVE-2023-42833 | A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | -- | Jan 11, 2024 |
CVE-2022-32923 | A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | -- | Nov 4, 2022 |
CVE-2022-22662 | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. | MEDIUM | May 27, 2022 |
CVE-2018-4293 | A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | MEDIUM | Apr 5, 2019 |
CVE-2019-19661 | A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | MEDIUM | Feb 11, 2020 |
CVE-2019-17001 | A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. | MEDIUM | Jan 13, 2020 |
CVE-2020-10715 | A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. | MEDIUM | Sep 16, 2020 |
CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. | -- | Sep 26, 2023 |
CVE-2018-2434 | A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. | MEDIUM | Jul 10, 2018 |
CVE-2022-4145 | A content spoofing flaw was found in OpenShift\'s OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | -- | Oct 5, 2023 |
CVE-2017-7808 | A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. | MEDIUM | Jun 12, 2018 |
CVE-2020-15647 | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. | MEDIUM | Aug 12, 2020 |
CVE-2020-6796 | A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. | MEDIUM | Mar 12, 2020 |
CVE-2019-6222 | A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. | MEDIUM | Dec 18, 2019 |