| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-29501 |
|
|
Exec Code |
2022-05-05 |
2022-09-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. |
|
2 |
CVE-2022-29500 |
668 |
|
|
2022-05-05 |
2022-09-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. |
|
3 |
CVE-2022-24720 |
20 |
|
Exec Code |
2022-03-01 |
2023-02-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. |
|
4 |
CVE-2022-23221 |
94 |
|
Exec Code |
2022-01-19 |
2022-10-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. |
|
5 |
CVE-2022-2068 |
78 |
|
Exec Code |
2022-06-21 |
2023-03-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). |
|
6 |
CVE-2022-1292 |
78 |
|
Exec Code |
2022-05-03 |
2023-02-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). |
|
7 |
CVE-2022-0543 |
|
|
Exec Code |
2022-02-18 |
2022-06-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
|
8 |
CVE-2021-45960 |
682 |
|
|
2022-01-01 |
2022-10-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
|
9 |
CVE-2021-45341 |
120 |
|
Exec Code Overflow |
2022-01-25 |
2022-11-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. |
|
10 |
CVE-2021-44228 |
20 |
|
Exec Code |
2021-12-10 |
2023-02-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
|
11 |
CVE-2021-44142 |
125 |
|
Exec Code |
2022-02-21 |
2022-02-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. |
|
12 |
CVE-2021-42392 |
502 |
|
Exec Code |
2022-01-10 |
2023-02-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. |
|
13 |
CVE-2021-38714 |
190 |
|
Exec Code Overflow |
2021-08-24 |
2022-09-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. |
|
14 |
CVE-2021-37706 |
191 |
|
Exec Code |
2021-12-22 |
2023-02-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. |
|
15 |
CVE-2021-33912 |
787 |
|
Exec Code Overflow |
2022-01-19 |
2022-01-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not. |
|
16 |
CVE-2021-32762 |
190 |
|
Overflow |
2021-10-04 |
2022-10-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. |
|
17 |
CVE-2021-30954 |
843 |
|
Exec Code |
2021-08-24 |
2022-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
18 |
CVE-2021-30934 |
120 |
|
Exec Code Overflow |
2021-08-24 |
2022-02-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
19 |
CVE-2021-27928 |
94 |
|
Exec Code Sql |
2021-03-19 |
2022-05-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. |
|
20 |
CVE-2021-21106 |
416 |
|
|
2021-01-08 |
2021-01-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
|
21 |
CVE-2021-3973 |
122 |
|
Overflow |
2021-11-19 |
2022-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
vim is vulnerable to Heap-based Buffer Overflow |
|
22 |
CVE-2021-3624 |
190 |
|
Exec Code Overflow |
2022-04-18 |
2022-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. |
|
23 |
CVE-2020-26217 |
78 |
|
Exec Code |
2020-11-16 |
2022-10-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. |
|
24 |
CVE-2020-25719 |
362 |
|
|
2022-02-18 |
2022-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. |
|
25 |
CVE-2020-25654 |
284 |
|
Bypass |
2020-11-24 |
2022-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. |
|
26 |
CVE-2020-24916 |
78 |
|
|
2020-09-09 |
2022-12-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. |
|
27 |
CVE-2020-13936 |
|
|
Exec Code |
2021-03-10 |
2022-05-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. |
|
28 |
CVE-2020-12284 |
787 |
|
Overflow |
2020-04-28 |
2022-04-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. |
|
29 |
CVE-2020-10188 |
120 |
|
Exec Code Overflow |
2020-03-06 |
2021-11-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. |
|
30 |
CVE-2020-9273 |
416 |
|
Exec Code |
2020-02-20 |
2021-09-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. |
|
31 |
CVE-2020-8813 |
78 |
|
Exec Code |
2020-02-22 |
2023-02-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. |
|
32 |
CVE-2020-8794 |
125 |
|
Exec Code |
2020-02-25 |
2022-10-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. |
|
33 |
CVE-2020-7247 |
78 |
|
Exec Code |
2020-01-29 |
2022-04-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. |
|
34 |
CVE-2020-7040 |
59 |
|
|
2020-01-21 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) |
|
35 |
CVE-2020-6559 |
416 |
|
|
2020-09-21 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
36 |
CVE-2020-6556 |
787 |
|
Overflow |
2020-09-21 |
2022-06-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
37 |
CVE-2020-6553 |
416 |
|
|
2020-09-21 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
38 |
CVE-2020-6552 |
416 |
|
|
2020-09-21 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
39 |
CVE-2020-6551 |
416 |
|
|
2020-09-21 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
40 |
CVE-2020-6550 |
416 |
|
|
2020-09-21 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
41 |
CVE-2020-6549 |
416 |
|
|
2020-09-21 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
42 |
CVE-2020-6548 |
787 |
|
Overflow |
2020-09-21 |
2021-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
|
43 |
CVE-2020-6524 |
787 |
|
Overflow |
2020-07-22 |
2021-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
44 |
CVE-2020-6523 |
787 |
|
|
2020-07-22 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
45 |
CVE-2020-6520 |
120 |
|
Overflow |
2020-07-22 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
46 |
CVE-2020-6518 |
416 |
|
|
2020-07-22 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page. |
|
47 |
CVE-2020-6517 |
787 |
|
Overflow |
2020-07-22 |
2021-03-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
48 |
CVE-2020-6515 |
416 |
|
|
2020-07-22 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
49 |
CVE-2020-6512 |
843 |
|
|
2020-07-22 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
50 |
CVE-2020-1946 |
78 |
|
|
2021-03-25 |
2022-07-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. |
