• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-21215
2022-02-26
N/A
9.8 CRITICAL
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.
CVE-2022-21214
Alpha5 Smart Loader, Fujielectric
Alpha7_pc_loader_firmware, Alpha7_pc_loader, Alpha5_smart_loader_firmware, Alpha5_smart_loader
2022-04-21
N/A
7.8 HIGH
The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.
CVE-2022-21213
2022-06-28
N/A
7.5 HIGH
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).
CVE-2022-21212
Intel, Wireless-ac 9560 Firmware
Core_i7-6970hq_firmware, Core_i7-6970hq, Core_i7-6920hq_firmware, Core_i7-6920hq, Core_i7-6870hq_firmware, Core_i7-6870hq, Core_i7-6822eq_firmware, Core_i7-6822eq, Core_i7-6820hq_firmware, Core_i7-6820hq
2022-08-22
N/A
6.5 MEDIUM
Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-21211
2022-07-08
N/A
7.5 HIGH
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.
CVE-2022-21210
2022-04-21
N/A
8.8 HIGH
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-2121
2022-07-05
N/A
6.5 MEDIUM
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
CVE-2022-21209
2022-04-25
N/A
7.8 HIGH
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
CVE-2022-21208
2022-08-26
N/A
7.5 HIGH
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
CVE-2022-21205
2022-02-15
N/A
7.5 HIGH
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.
« Previous 1 … 10,794 10,795 10,796 10,797 10,798 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE