CVEDB API

Vulnerabilities

Vulnerable Software

Security Vulnerabilities - Known exploited

CVE-2022-0543

Known exploited

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CVSS Score

10.0

EPSS Score

0.944

Published

2022-02-18

CVE-2021-45382

Known exploited

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.

CVSS Score

9.8

EPSS Score

0.942

Published

2022-02-17

CVE-2021-3560

Known exploited

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS Score

7.8

EPSS Score

0.109

Published

2022-02-16

CVE-2022-24086

Known exploited

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

CVSS Score

9.8

EPSS Score

0.938

Published

2022-02-16

CVE-2021-4102

Known exploited

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Score

8.8

EPSS Score

0.055

Published

2022-02-11

CVE-2022-0185

Known exploited

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

CVSS Score

8.4

EPSS Score

0.012

Published

2022-02-11

CVE-2022-24112

Known exploited

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.

CVSS Score

9.8

EPSS Score

0.944

Published

2022-02-11

CVE-2022-20700

Known exploited

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Score

10.0

EPSS Score

0.217

Published

2022-02-10

CVE-2022-20701

Known exploited

CVSS Score

10.0

EPSS Score

0.061

Published

2022-02-10

CVE-2022-20703

Known exploited

CVSS Score

10.0

EPSS Score

0.02

Published

2022-02-10

Prev Next

Page 62

Vulnerabilities

Vulnerable Software

Security Vulnerabilities - Known exploited

Products

Pricing

Contact Us