CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-22824 defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22825 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 | HIGH | — | 0 |
| CVE-2022-22826 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 | HIGH | — | 0 |
| CVE-2022-22827 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 | HIGH | — | 0 |
| CVE-2021-37198 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V... | 8.8 | HIGH | — | 0 |
| CVE-2021-45422 Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-23218 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may r... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23219 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23095 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerabi... | 7.8 | HIGH | — | 0 |
| CVE-2021-0092 Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | 4.4 | MEDIUM | — | 0 |
| CVE-2022-23221 H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a dif... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23808 An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 | HIGH | — | 0 |
| CVE-2021-0093 Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | 4.4 | MEDIUM | — | 0 |
| CVE-2022-21719 GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-21720 GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a... | 4.9 | MEDIUM | — | 0 |
| CVE-2022-23599 Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site sc... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-21659 Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a n... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-0099 Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2024-52701 A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page ban... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-23602 Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating... | 7.7 | HIGH | — | 0 |
| CVE-2022-23603 iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users ... | 9.9 | CRITICAL | — | 0 |
| CVE-2022-21687 gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or tri... | 6.8 | MEDIUM | — | 0 |
| CVE-2022-23596 Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the... | 7.5 | HIGH | — | 0 |
| CVE-2021-0103 Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2022-23597 Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit i... | 8.3 | HIGH | — | 0 |
| CVE-2020-26208 JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-21724 pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attack... | 7.0 | HIGH | — | 0 |
| CVE-2022-21726 Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be ... | 8.1 | HIGH | — | 0 |
| CVE-2021-0107 Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2022-21727 Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the defa... | 7.6 | HIGH | — | 0 |
| CVE-2022-21728 Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read.... | 8.1 | HIGH | — | 0 |
| CVE-2022-21730 Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from out... | 8.1 | HIGH | — | 0 |
| CVE-2022-21731 Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusio... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43044 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-21733 Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer o... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-21736 Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` v... | 7.6 | HIGH | — | 0 |
| CVE-2022-23567 Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based d... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-23568 Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `Tenso... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-25943 Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. | 7.8 | HIGH | — | 0 |
| CVE-2022-21725 Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride a... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21729 Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorF... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21734 Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21735 Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-23569 Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to T... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21737 Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `C... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21738 Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21739 Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21740 Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also ch... | 7.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.