CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-25012 Argus Surveillance DVR v4.0 employs weak password encryption. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45860 An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45863 tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45864 tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25050 rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25051 An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0577 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-44166 An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to a... | 4.1 | MEDIUM | — | 0 |
| CVE-2022-22301 An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute... | 7.8 | HIGH | — | 0 |
| CVE-2022-22303 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated ... | 2.8 | LOW | — | 0 |
| CVE-2022-0824 Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 | HIGH | — | 0 |
| CVE-2022-0829 Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | 8.1 | HIGH | — | 0 |
| CVE-2022-23395 jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). | 6.1 | MEDIUM | — | 0 |
| CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-23779 Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-24305 Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24306 Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25634 Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. | 7.5 | HIGH | — | 0 |
| CVE-2022-0819 Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | 8.8 | HIGH | — | 0 |
| CVE-2021-38996 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41003 Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 S... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-43070 Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-22350 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25016 Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to e... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-38268 The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly set... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-23878 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25394 Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23640 Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0675 In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist ... | 5.6 | MEDIUM | — | 0 |
| CVE-2022-22944 VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a mal... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-23656 Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attack... | 4.6 | MEDIUM | — | 0 |
| CVE-2022-23953 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-23957 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-23956 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25045 Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-41000 Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, A... | 8.8 | HIGH | — | 0 |
| CVE-2021-41001 An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Ar... | 8.8 | HIGH | — | 0 |
| CVE-2021-41002 Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, A... | 8.1 | HIGH | — | 0 |
| CVE-2021-45074 JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an ac... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-46270 JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | 2.7 | LOW | — | 0 |
| CVE-2022-0711 A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop... | 7.5 | HIGH | — | 0 |
| CVE-2022-23954 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-23955 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-23958 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-23180 A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. | 7.8 | HIGH | — | 0 |
| CVE-2021-23191 A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. | 7.8 | HIGH | — | 0 |
| CVE-2021-23192 A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their o... | 7.5 | HIGH | — | 0 |
| CVE-2022-25115 A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via ... | 7.8 | HIGH | — | 0 |
| CVE-2021-23206 A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | 7.8 | HIGH | — | 0 |
| CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | 5.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.