Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23426 | 1 Google | 1 Android | 2022-02-18 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | |||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2022-02-18 | 2.1 LOW | 3.3 LOW |
| A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2019-19208 | 1 Codiad | 1 Codiad | 2022-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| Codiad Web IDE through 2.8.4 allows PHP Code injection. | |||||
| CVE-2008-4250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2022-02-09 | 10.0 HIGH | N/A |
| The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." | |||||
| CVE-2021-44978 | 1 Idreamsoft | 1 Icms | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | |||||
| CVE-2009-3302 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2022-02-07 | 9.3 HIGH | N/A |
| filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." | |||||
| CVE-2022-21686 | 1 Prestashop | 1 Prestashop | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. | |||||
| CVE-2021-46114 | 1 Jpress | 1 Jpress | 2022-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-46118 | 1 Jpress | 1 Jpress | 2022-02-02 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-46117 | 1 Jpress | 1 Jpress | 2022-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-45029 | 1 Apache | 1 Shenyu | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | |||||
| CVE-2022-23120 | 2 Linux, Trendmicro | 2 Linux Kernel, Deep Security Agent | 2022-01-27 | 6.9 MEDIUM | 7.8 HIGH |
| A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability. | |||||
| CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | |||||
| CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2022-01-18 | 9.3 HIGH | 7.8 HIGH |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | |||||
| CVE-2022-22270 | 1 Google | 1 Android | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | |||||
| CVE-2021-39979 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | |||||
| CVE-2020-26124 | 1 Openmediavault | 1 Openmediavault | 2022-01-06 | 9.0 HIGH | 8.8 HIGH |
| openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | |||||
| CVE-2021-37097 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-15 | 7.8 HIGH | 7.5 HIGH |
| There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | |||||