|
CVE-2022-22587
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3,... |
Apple |
iOS and iPadOS, macOS |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2021-20038
|
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated... |
SonicWall |
SonicWall SMA100 |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2020-5722
|
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker... |
n/a |
Grandstream UCM6200 Series |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2020-0787
|
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,... |
Microsoft |
Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2017-5689
|
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and... |
Intel Corporation |
Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2014-7169
|
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables,... |
n/a |
n/a |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2014-6271
|
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to... |
n/a |
n/a |
2022-01-28 00:00:00 UTC |
CISA |
|
CVE-2012-0391
|
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling... |
n/a |
n/a |
2022-01-21 00:00:00 UTC |
CISA |
|
CVE-2021-35247
|
Improper Input Validation Vulnerability in Serv-U |
SolarWinds |
Serv-U |
2022-01-21 00:00:00 UTC |
CISA |
|
CVE-2018-8453
|
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k... |
Microsoft |
Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers |
2022-01-21 00:00:00 UTC |
CISA |
|
CVE-2006-1547
|
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a... |
n/a |
n/a |
2022-01-21 00:00:00 UTC |
CISA |
|
CVE-2021-25297
|
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... |
n/a |
n/a |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2020-13927
|
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to... |
n/a |
Apache Airflow |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2020-11978
|
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example... |
Apache Software Foundation |
Apache Airflow |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2020-13671
|
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension... |
Drupal |
Drupal Core |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2020-14864
|
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported... |
Oracle Corporation |
Business Intelligence Enterprise Edition |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-22991
|
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3,... |
n/a |
BIG-IP |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-21315
|
Command Injection Vulnerability |
sebhildebrandt |
systeminformation |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-21975
|
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the... |
n/a |
VMware vRealize Operations |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-33766
|
Microsoft Exchange Server Information Disclosure Vulnerability |
Microsoft |
Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8 |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-40870
|
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which... |
n/a |
n/a |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-25298
|
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... |
n/a |
n/a |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-25296
|
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... |
n/a |
n/a |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-32648
|
Account Takeover in Octobercms |
octobercms |
october |
2022-01-18 00:00:00 UTC |
CISA |
|
CVE-2021-27860
|
Arbitrary file upload vulnerability in FatPipe software |
FatPipe |
WARP, IPVPN, MPVPN |
2022-01-10 00:00:00 UTC |
CISA |