Weekly Vulnerabilities Reports > April 11 to 17, 2022
Overview
638 new vulnerabilities reported during this period, including 90 critical vulnerabilities and 303 high severity vulnerabilities. This weekly summary report vulnerabilities in 496 products from 213 vendors including Google, Cisco, Debian, Fisglobal, and Mariadb. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Improper Input Validation", and "Use After Free".
- 468 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 156 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 397 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 78 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
90 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-04-15 | CVE-2022-20695 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. | 10.0 |
2022-04-14 | CVE-2021-40422 | Swiftsensors | Unspecified vulnerability in Swiftsensors Sg3-1010 Firmware An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. | 10.0 |
2022-04-15 | CVE-2022-27423 | Chamilo | SQL Injection vulnerability in Chamilo LMS Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | 9.8 |
2022-04-15 | CVE-2021-44486 | Yottadb Fisglobal | An issue was discovered in YottaDB through r1.32 and V7.0-000. | 9.8 |
2022-04-15 | CVE-2021-44496 | Fisglobal | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 9.8 |
2022-04-15 | CVE-2022-27157 | PHP | Weak Password Recovery Mechanism for Forgotten Password vulnerability in PHP Pearweb pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. | 9.8 |
2022-04-15 | CVE-2022-27158 | PHP | Deserialization of Untrusted Data vulnerability in PHP Pearweb pearweb < 1.32 suffers from Deserialization of Untrusted Data. | 9.8 |
2022-04-15 | CVE-2021-36205 | Johnsoncontrols | Incomplete Cleanup vulnerability in Johnsoncontrols products Under certain circumstances the session token is not cleared on logout. | 9.8 |
2022-04-15 | CVE-2021-42230 | Seowonintech | Unspecified vulnerability in Seowonintech 130-Slc Firmware Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. | 9.8 |
2022-04-15 | CVE-2022-23865 | Wecul | SQL Injection vulnerability in Wecul Nyron 1.0 Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. | 9.8 |
2022-04-15 | CVE-2022-28044 | Irzip Project Debian | Out-of-bounds Write vulnerability in multiple products Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. | 9.8 |
2022-04-15 | CVE-2021-40386 | Kaseya | Unspecified vulnerability in Kaseya Unitrends Backup Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | 9.8 |
2022-04-15 | CVE-2022-26651 | Digium Debian | SQL Injection vulnerability in multiple products An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. | 9.8 |
2022-04-14 | CVE-2021-40390 | Moxa | Use of Hard-coded Credentials vulnerability in Moxa Mxview 3.2.4 An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. | 9.8 |
2022-04-14 | CVE-2022-28711 | Ardupilot | Out-of-bounds Write vulnerability in Ardupilot Apweb A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. | 9.8 |
2022-04-14 | CVE-2022-27007 | F5 | Use After Free vulnerability in F5 NJS 0.7.2 nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | 9.8 |
2022-04-14 | CVE-2021-43290 | Thoughtworks | Path Traversal vulnerability in Thoughtworks Gocd An issue was discovered in ThoughtWorks GoCD before 21.3.0. | 9.8 |
2022-04-14 | CVE-2022-26507 | ATT Schneider Electric | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. | 9.8 |
2022-04-13 | CVE-2022-24845 | Vyperlang | Integer Overflow or Wraparound vulnerability in Vyperlang Vyper Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. | 9.8 |
2022-04-13 | CVE-2022-24816 | Geosolutionsgroup | Unspecified vulnerability in Geosolutionsgroup Jai-Ext JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. | 9.8 |
2022-04-13 | CVE-2022-24788 | Vyperlang | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Vyperlang Vyper Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. | 9.8 |
2022-04-13 | CVE-2022-27479 | Apache | SQL Injection vulnerability in Apache Superset Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. | 9.8 |
2022-04-13 | CVE-2022-22955 | Vmware | Unspecified vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 9.8 |
2022-04-13 | CVE-2022-22956 | Vmware | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 9.8 |
2022-04-13 | CVE-2021-22794 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. | 9.8 |
2022-04-13 | CVE-2021-22795 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. | 9.8 |
2022-04-13 | CVE-2021-43741 | Cmsimple | Path Traversal vulnerability in Cmsimple 5.4 CMSimple 5.4 is vulnerable to Directory Traversal. | 9.8 |
2022-04-12 | CVE-2022-22561 | Dell | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. | 9.8 |
2022-04-12 | CVE-2022-27139 | Ghost | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 |
2022-04-12 | CVE-2022-27140 | Express Fileupload Project | Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1 An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
2022-04-12 | CVE-2022-27260 | Buttercms | Unrestricted Upload of File with Dangerous Type vulnerability in Buttercms 1.2.8 An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 |
2022-04-12 | CVE-2022-27262 | Sailsjs | Unrestricted Upload of File with Dangerous Type vulnerability in Sailsjs Skipper 0.9.1 An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | 9.8 |
2022-04-12 | CVE-2022-27263 | Strapi | Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.5 An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | 9.8 |
2022-04-12 | CVE-2022-27952 | Payloadcms | Unrestricted Upload of File with Dangerous Type vulnerability in Payloadcms Payload 0.15.0 An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 |
2022-04-12 | CVE-2022-28397 | Ghost | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0 An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. | 9.8 |
2022-04-12 | CVE-2021-31805 | Apache | Expression Language Injection vulnerability in Apache Struts The fix issued for CVE-2020-17530 was incomplete. | 9.8 |
2022-04-12 | CVE-2022-27161 | Cszcms | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers | 9.8 |
2022-04-12 | CVE-2022-27162 | Cszcms | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser | 9.8 |
2022-04-12 | CVE-2022-27163 | Cszcms | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser | 9.8 |
2022-04-12 | CVE-2022-27164 | Cszcms | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers | 9.8 |
2022-04-12 | CVE-2022-27165 | Cszcms | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus | 9.8 |
2022-04-12 | CVE-2022-27472 | Roothub Project | SQL Injection vulnerability in Roothub Project Roothub 2.6.0 SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | 9.8 |
2022-04-12 | CVE-2022-27473 | Roothub Project | SQL Injection vulnerability in Roothub Project Roothub 2.6.0 SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | 9.8 |
2022-04-12 | CVE-2022-28032 | Thedigitalcraft | SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php | 9.8 |
2022-04-12 | CVE-2022-28033 | Thedigitalcraft | SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php | 9.8 |
2022-04-12 | CVE-2022-28034 | Thedigitalcraft | SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0 AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php | 9.8 |
2022-04-12 | CVE-2022-28035 | Thedigitalcraft | SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php | 9.8 |
2022-04-12 | CVE-2022-28036 | Thedigitalcraft | SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php | 9.8 |
2022-04-12 | CVE-2022-0142 | Vfbpro | Unspecified vulnerability in Vfbpro Visual Form Builder The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 9.8 |
2022-04-12 | CVE-2022-23450 | Siemens | Deserialization of Untrusted Data vulnerability in Siemens products A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). | 9.8 |
2022-04-12 | CVE-2022-25752 | Siemens | Use of Insufficiently Random Values vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 9.8 |
2022-04-12 | CVE-2022-28346 | Djangoproject Debian | SQL Injection vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. | 9.8 |
2022-04-12 | CVE-2022-28347 | Djangoproject Debian | SQL Injection vulnerability in multiple products A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. | 9.8 |
2022-04-12 | CVE-2022-29080 | NPM Dependency Versions Project | OS Command Injection vulnerability in Npm-Dependency-Versions Project Npm-Dependency-Versions The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | 9.8 |
2022-04-11 | CVE-2022-24838 | Nextcloud | Injection vulnerability in Nextcloud Calendar Nextcloud Calendar is a calendar application for the nextcloud framework. | 9.8 |
2022-04-11 | CVE-2021-38125 | Microfocus | Unspecified vulnerability in Microfocus Operations Bridge 2021.05/2021.08/2022.11 Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. | 9.8 |
2022-04-11 | CVE-2022-1161 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation products An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. | 9.8 |
2022-04-11 | CVE-2022-22258 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. | 9.8 |
2022-04-11 | CVE-2022-22954 | Vmware | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |
2022-04-11 | CVE-2022-24829 | Garden | Unspecified vulnerability in Garden Garden is an automation platform for Kubernetes development and testing. | 9.8 |
2022-04-11 | CVE-2022-26093 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-26094 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-26095 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-26096 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-26097 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-26098 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | 9.8 | |
2022-04-11 | CVE-2022-27567 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | 9.8 | |
2022-04-11 | CVE-2022-27568 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-27569 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-27570 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-27571 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 9.8 | |
2022-04-11 | CVE-2022-27572 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | 9.8 | |
2022-04-11 | CVE-2021-37291 | Kevinlab | SQL Injection vulnerability in Kevinlab 4ST L-Bems 1.0.0 An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | 9.8 |
2022-04-11 | CVE-2022-0949 | Stopbadbots | SQL Injection vulnerability in Stopbadbots Block and Stop BAD Bots The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | 9.8 |
2022-04-11 | CVE-2022-27115 | Std42 | Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60 In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | 9.8 |
2022-04-11 | CVE-2022-1295 | Fullpage Project | Unspecified vulnerability in Fullpage Project Fullpage Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. | 9.8 |
2022-04-11 | CVE-2021-32157 | Webmin | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | 9.6 |
2022-04-15 | CVE-2021-44488 | Yottadb Fisglobal | Out-of-bounds Write vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 9.1 |
2022-04-15 | CVE-2022-26499 | Digium Debian | Server-Side Request Forgery (SSRF) vulnerability in multiple products An SSRF issue was discovered in Asterisk through 19.x. | 9.1 |
2022-04-15 | CVE-2022-26034 | Yokogawa | Improper Authentication vulnerability in Yokogawa B/M9000 VP and Centum VP Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. | 9.1 |
2022-04-11 | CVE-2021-46742 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. | 9.1 |
2022-04-11 | CVE-2022-26099 | NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0 Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. | 9.1 | |
2022-04-11 | CVE-2022-27577 | Sick | Use of Insufficiently Random Values vulnerability in Sick Msc800 Firmware 4.0/4.10 The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. | 9.1 |
2022-04-11 | CVE-2022-1296 | Radare | Unspecified vulnerability in Radare Radare2 Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. | 9.1 |
2022-04-11 | CVE-2022-1297 | Radare | Unspecified vulnerability in Radare Radare2 Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. | 9.1 |
2022-04-11 | CVE-2022-1252 | SIR | Unspecified vulnerability in SIR Gnuboard Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. | 9.1 |
2022-04-13 | CVE-2022-1345 | Organizr | Unspecified vulnerability in Organizr Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. | 9.0 |
2022-04-13 | CVE-2022-1344 | Organizr | Unspecified vulnerability in Organizr Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. | 9.0 |
2022-04-13 | CVE-2022-1346 | Organizr | Unspecified vulnerability in Organizr Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. | 9.0 |
2022-04-13 | CVE-2021-42136 | Vanderbilt | Cross-site Scripting vulnerability in Vanderbilt Redcap A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. | 9.0 |
303 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-04-15 | CVE-2022-29281 | Notable | Path Traversal vulnerability in Notable Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. | 8.8 |
2022-04-15 | CVE-2022-27426 | Chamilo | Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. | 8.8 |
2022-04-15 | CVE-2022-24857 | Django Mfa3 Project | Unspecified vulnerability in Django-Mfa3 Project Django-Mfa3 django-mfa3 is a library that implements multi factor authentication for the django web framework. | 8.8 |
2022-04-15 | CVE-2022-28109 | Selenium | Cross-Site Request Forgery (CSRF) vulnerability in Selenium Grid Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. | 8.8 |
2022-04-15 | CVE-2022-28042 | Nothings Fedoraproject Debian | Use After Free vulnerability in multiple products stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | 8.8 |
2022-04-15 | CVE-2022-28048 | STB Project Fedoraproject | Incorrect Calculation vulnerability in multiple products STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | 8.8 |
2022-04-14 | CVE-2022-24854 | Metabase | Unspecified vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 8.8 |
2022-04-14 | CVE-2020-25150 | Bbraun | Path Traversal vulnerability in Bbraun Datamodule Compactplus and Spacecom A relative path traversal attack in the B. | 8.8 |
2022-04-14 | CVE-2021-21914 | Accusoft | Integer Overflow or Wraparound vulnerability in Accusoft Imagegear 19.10 A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21938 | Accusoft | Off-by-one Error vulnerability in Accusoft Imagegear 19.10 A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21939 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21942 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10 An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21943 | Accusoft | Improper Validation of Specified Quantity in Input vulnerability in Accusoft Imagegear 19.10 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21944 | Accusoft | Unspecified vulnerability in Accusoft Imagegear 19.10 Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21945 | Accusoft | Unspecified vulnerability in Accusoft Imagegear 19.10 Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21946 | Accusoft | Unspecified vulnerability in Accusoft Imagegear 19.10 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21947 | Accusoft | Improper Validation of Array Index vulnerability in Accusoft Imagegear 19.10 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-21949 | Accusoft | Improper Validation of Array Index vulnerability in Accusoft Imagegear 19.10 An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. | 8.8 |
2022-04-14 | CVE-2021-40426 | Libsox Project | Unspecified vulnerability in Libsox Project Libsox 14.4.2 A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. | 8.8 |
2022-04-14 | CVE-2022-21210 | Lansweeper | SQL Injection vulnerability in Lansweeper 9.1.20.2 An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 8.8 |
2022-04-14 | CVE-2022-21234 | Lansweeper | SQL Injection vulnerability in Lansweeper 9.1.20.2 An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 8.8 |
2022-04-14 | CVE-2022-22149 | Lansweeper | SQL Injection vulnerability in Lansweeper 9.1.20.2 A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 8.8 |
2022-04-14 | CVE-2021-43286 | Thoughtworks | Command Injection vulnerability in Thoughtworks Gocd An issue was discovered in ThoughtWorks GoCD before 21.3.0. | 8.8 |
2022-04-13 | CVE-2022-24828 | Getcomposer Tenable Fedoraproject | Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. | 8.8 |
2022-04-13 | CVE-2022-24844 | GIN VUE Admin Project | Unspecified vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. | 8.8 |
2022-04-13 | CVE-2021-44520 | Citrix | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | 8.8 |
2022-04-12 | CVE-2022-29050 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Publish Over FTP A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | 8.8 |
2022-04-12 | CVE-2022-24842 | Minio | Unspecified vulnerability in Minio MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. | 8.8 |
2022-04-12 | CVE-2022-24812 | Grafana | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.8 |
2022-04-12 | CVE-2022-25753 | Siemens | Out-of-bounds Write vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 8.8 |
2022-04-12 | CVE-2022-25754 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 8.8 |
2022-04-12 | CVE-2022-28661 | Siemens | Out-of-bounds Read vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). | 8.8 |
2022-04-11 | CVE-2022-0999 | Myscada | OS Command Injection vulnerability in Myscada Mypro An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | 8.8 |
2022-04-11 | CVE-2022-22572 | Ivanti | Unspecified vulnerability in Ivanti Incapptic Connect A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. | 8.8 |
2022-04-11 | CVE-2021-40219 | Bolt | Code Injection vulnerability in Bolt CMS Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. | 8.8 |
2022-04-11 | CVE-2021-32156 | Webmin | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | 8.8 |
2022-04-11 | CVE-2021-32159 | Webmin | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | 8.8 |
2022-04-11 | CVE-2021-32162 | Webmin | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | 8.8 |
2022-04-15 | CVE-2022-20682 | Cisco | NULL Pointer Dereference vulnerability in Cisco IOS XE A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2022-04-15 | CVE-2022-20683 | Cisco | Out-of-bounds Write vulnerability in Cisco IOS XE A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2022-04-15 | CVE-2022-20697 | Cisco | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS and IOS XE A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
2022-04-15 | CVE-2022-20714 | Cisco | Out-of-bounds Read vulnerability in Cisco IOS XR A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. | 8.6 |
2022-04-13 | CVE-2022-1347 | Organizr | Cross-site Scripting vulnerability in Organizr Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. | 8.4 |
2022-04-14 | CVE-2020-25152 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom A session fixation vulnerability in the B. | 8.1 |
2022-04-12 | CVE-2022-22549 | Dell | Improper Certificate Validation vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. | 8.1 |
2022-04-12 | CVE-2022-28213 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. | 8.1 |
2022-04-12 | CVE-2022-0141 | Vfbpro | Unspecified vulnerability in Vfbpro Visual Form Builder The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | 8.1 |
2022-04-11 | CVE-2022-24827 | Elide | Unspecified vulnerability in Elide 6.1.3 Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. | 8.1 |
2022-04-11 | CVE-2022-24815 | Jhipster | Unspecified vulnerability in Jhipster Generator-Jhipster JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. | 8.1 |
2022-04-11 | CVE-2021-43442 | I3International | Unspecified vulnerability in I3International Ax46 Firmware, Ax68 Firmware and Ax78 Firmware A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | 8.1 |
2022-04-13 | CVE-2022-28052 | Roothub | Path Traversal vulnerability in Roothub 2.6.0 Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution. | 8.0 |
2022-04-11 | CVE-2022-26413 | Zyxel | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | 8.0 |
2022-04-15 | CVE-2022-29072 | 7 ZIP | Out-of-bounds Write vulnerability in 7-Zip 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. | 7.8 |
2022-04-15 | CVE-2022-20681 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. | 7.8 |
2022-04-15 | CVE-2022-20716 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. | 7.8 |
2022-04-15 | CVE-2022-27188 | Yokogawa | OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | 7.8 |
2022-04-14 | CVE-2022-1304 | E2Fsprogs Project Redhat Fedoraproject | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. | 7.8 |
2022-04-14 | CVE-2021-21948 | Chitubox Anycubic | Integer Overflow or Wraparound vulnerability in multiple products A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. | 7.8 |
2022-04-14 | CVE-2021-21956 | Cloudlinux | Deserialization of Untrusted Data vulnerability in Cloudlinux Imunify360 5.10.2/5.8/5.9 A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. | 7.8 |
2022-04-14 | CVE-2021-40398 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10 An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. | 7.8 |
2022-04-14 | CVE-2021-43257 | Mantisbt | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | 7.8 |
2022-04-14 | CVE-2022-21154 | Leadtools | Integer Overflow or Wraparound vulnerability in Leadtools 22.0.0.0.0 An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. | 7.8 |
2022-04-14 | CVE-2022-22187 | Juniper | Unspecified vulnerability in Juniper Identity Management Service An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. | 7.8 |
2022-04-14 | CVE-2022-22189 | Juniper | Unspecified vulnerability in Juniper Contrail Service Orchestration 6.0.0 An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. | 7.8 |
2022-04-14 | CVE-2022-1256 | Mcafee | Link Following vulnerability in Mcafee Agent A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. | 7.8 |
2022-04-14 | CVE-2022-1350 | Artifex | Out-of-bounds Write vulnerability in Artifex Ghostpcl 9.55.0 A vulnerability classified as problematic was found in GhostPCL 9.55.0. | 7.8 |
2022-04-13 | CVE-2022-22960 | Vmware | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | 7.8 |
2022-04-13 | CVE-2022-25795 | Autodesk | Improper Handling of Exceptional Conditions vulnerability in Autodesk Autocad A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. | 7.8 |
2022-04-13 | CVE-2022-25797 | Autodesk | Out-of-bounds Write vulnerability in Autodesk DWG Trueview 2021/2022 A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. | 7.8 |
2022-04-13 | CVE-2019-6834 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0 A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. | 7.8 |
2022-04-13 | CVE-2021-22797 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. | 7.8 |
2022-04-13 | CVE-2021-46167 | Wizplat | Unspecified vulnerability in Wizplat Pd065 Firmware 1.19 An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | 7.8 |
2022-04-13 | CVE-2022-29156 | Linux Netapp | Double Free vulnerability in multiple products drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | 7.8 |
2022-04-12 | CVE-2022-27416 | Broadcom | Double Free vulnerability in Broadcom Tcpreplay 4.4.1 Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. | 7.8 |
2022-04-12 | CVE-2022-27418 | Broadcom | Out-of-bounds Write vulnerability in Broadcom Tcpreplay 4.4.1 Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. | 7.8 |
2022-04-12 | CVE-2022-24411 | Dell | Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. | 7.8 |
2022-04-12 | CVE-2022-24765 | GIT SCM Fedoraproject Apple Debian | Git for Windows is a fork of Git containing Windows-specific patches. | 7.8 |
2022-04-12 | CVE-2022-24767 | Microsoft GIT FOR Windows Project | Uncontrolled Search Path Element vulnerability in multiple products GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | 7.8 |
2022-04-12 | CVE-2021-0694 | Incorrect Authorization vulnerability in Google Android 11.0 In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. | 7.8 | |
2022-04-12 | CVE-2021-0707 | Use After Free vulnerability in Google Android In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. | 7.8 | |
2022-04-12 | CVE-2021-39794 | Incorrect Default Permissions vulnerability in Google Android 11.0/12.0/12.1 In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. | 7.8 | |
2022-04-12 | CVE-2021-39797 | Improper Privilege Management vulnerability in Google Android 12.0/12.1 In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. | 7.8 | |
2022-04-12 | CVE-2021-39798 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 12.0/12.1 In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. | 7.8 | |
2022-04-12 | CVE-2021-39799 | Incorrect Authorization vulnerability in Google Android 12.0/12.1 In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. | 7.8 | |
2022-04-12 | CVE-2021-39801 | Improper Locking vulnerability in Google Android In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. | 7.8 | |
2022-04-12 | CVE-2021-39802 | Incorrect Authorization vulnerability in Google Android In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. | 7.8 | |
2022-04-12 | CVE-2021-39807 | Improper Privilege Management vulnerability in Google Android In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. | 7.8 | |
2022-04-12 | CVE-2021-39808 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. | 7.8 | |
2022-04-12 | CVE-2021-39812 | Use After Free vulnerability in Google Android In TBD of TBD, there is a possible out of bounds read due to a use after free. | 7.8 | |
2022-04-12 | CVE-2022-21214 | Fujielectric | Unspecified vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2 The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. | 7.8 |
2022-04-12 | CVE-2022-21228 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 7.8 |
2022-04-12 | CVE-2022-24383 | Fujielectric | Unspecified vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2 The affected product is vulnerable to an out-of-bounds read, which may result in code execution | 7.8 |
2022-04-12 | CVE-2021-42255 | Blueplanet Works | Exposure of Resource to Wrong Sphere vulnerability in Blueplanet-Works Appguard AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. | 7.8 |
2022-04-12 | CVE-2021-42029 | Siemens | Unspecified vulnerability in Siemens Simatic Step 7 A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). | 7.8 |
2022-04-12 | CVE-2022-23448 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). | 7.8 |
2022-04-12 | CVE-2022-28663 | Siemens | Out-of-bounds Write vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). | 7.8 |
2022-04-11 | CVE-2022-1262 | Dlink | OS Command Injection vulnerability in Dlink products A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | 7.8 |
2022-04-11 | CVE-2022-1316 | Zerotier | Unspecified vulnerability in Zerotier Zerotierone Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. | 7.8 |
2022-04-11 | CVE-2022-22962 | Vmware | Link Following vulnerability in VMWare Horizon VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. | 7.8 |
2022-04-11 | CVE-2022-22964 | Vmware | Unspecified vulnerability in VMWare Horizon VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | 7.8 |
2022-04-11 | CVE-2022-25789 | Autodesk | Use After Free vulnerability in Autodesk products A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. | 7.8 |
2022-04-11 | CVE-2022-25790 | Autodesk | Out-of-bounds Write vulnerability in Autodesk products A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. | 7.8 |
2022-04-11 | CVE-2022-25791 | Autodesk | Out-of-bounds Write vulnerability in Autodesk products A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. | 7.8 |
2022-04-11 | CVE-2022-25792 | Autodesk | Out-of-bounds Write vulnerability in Autodesk products A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. | 7.8 |
2022-04-11 | CVE-2022-25794 | Autodesk | Out-of-bounds Read vulnerability in Autodesk FBX Review An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. | 7.8 |
2022-04-11 | CVE-2022-25796 | Autodesk | Double Free vulnerability in Autodesk Navisworks 2022/2022.1 A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. | 7.8 |
2022-04-11 | CVE-2022-26092 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | 7.8 | |
2022-04-11 | CVE-2022-27528 | Autodesk | Use After Free vulnerability in Autodesk Navisworks 2022/2022.1 A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. | 7.8 |
2022-04-11 | CVE-2022-27578 | Sick | Unspecified vulnerability in Sick Overall Equipment Effectiveness 0.5.1 An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 7.8 |
2022-04-11 | CVE-2022-27826 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-04-11 | CVE-2022-27827 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-04-11 | CVE-2022-27828 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-04-11 | CVE-2022-27829 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-04-11 | CVE-2022-27830 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-04-11 | CVE-2022-27833 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | 7.8 | |
2022-04-11 | CVE-2022-27835 | Out-of-bounds Write vulnerability in Google Android 12.0 Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | 7.8 | |
2022-04-11 | CVE-2022-27836 | Incorrect Authorization vulnerability in Google Android 12.0 Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. | 7.8 | |
2022-04-11 | CVE-2022-27837 | Samsung | Files or Directories Accessible to External Parties vulnerability in Samsung Accessibility 12.5.3.2 A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | 7.8 |
2022-04-11 | CVE-2022-27838 | Samsung | Unspecified vulnerability in Samsung Factorycamera Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | 7.8 |
2022-04-11 | CVE-2022-27842 | Samsung | Uncontrolled Search Path Element vulnerability in Samsung Smart Switch PC DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | 7.8 |
2022-04-11 | CVE-2022-27843 | Samsung | Uncontrolled Search Path Element vulnerability in Samsung Kies 2.3.2.12074/2.3.2.120741313/2.5.0.120942711 DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | 7.8 |
2022-04-11 | CVE-2022-28541 | Samsung | Uncontrolled Search Path Element vulnerability in Samsung Update Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | 7.8 |
2022-04-11 | CVE-2022-28776 | Samsung | Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4 Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | 7.8 |
2022-04-11 | CVE-2022-28779 | Samsung | Uncontrolled Search Path Element vulnerability in Samsung Android USB Driver Windows Installer Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | 7.8 |
2022-04-11 | CVE-2022-27088 | Ivanti | Unquoted Search Path or Element vulnerability in Ivanti DSM Remote Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | 7.8 |
2022-04-11 | CVE-2022-27089 | Fujitsu | Unquoted Search Path or Element vulnerability in Fujitsu Plugfree Network 7.3.0.3 In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | 7.8 |
2022-04-11 | CVE-2022-0556 | Zyxel | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel AP Configurator 1.1.4 A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | 7.8 |
2022-04-11 | CVE-2022-28893 | Linux Netapp Debian | Use After Free vulnerability in multiple products The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | 7.8 |
2022-04-15 | CVE-2022-20679 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.7 |
2022-04-13 | CVE-2015-20107 | Python Netapp Fedoraproject | Command Injection vulnerability in multiple products In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. | 7.6 |
2022-04-15 | CVE-2022-24279 | Springtree | Unspecified vulnerability in Springtree Madlib-Object-Utils The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. | 7.5 |
2022-04-15 | CVE-2021-44481 | Yottadb Fisglobal | Improper Input Validation vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44482 | Yottadb Fisglobal | Improper Input Validation vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44483 | Yottadb Fisglobal | Improper Input Validation vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44484 | Yottadb Fisglobal | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44485 | Yottadb Fisglobal | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44487 | Yottadb Fisglobal | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44489 | Yottadb Fisglobal | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44490 | Yottadb Fisglobal | Incorrect Calculation vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44491 | Yottadb Fisglobal | Incorrect Calculation vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44492 | Yottadb Fisglobal | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44493 | Yottadb Fisglobal | Classic Buffer Overflow vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44494 | Yottadb Fisglobal | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44495 | Yottadb Fisglobal | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. | 7.5 |
2022-04-15 | CVE-2021-44497 | Fisglobal | Use After Free vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44498 | Fisglobal | NULL Pointer Dereference vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44499 | Fisglobal | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44500 | Fisglobal | Divide By Zero vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44501 | Fisglobal | NULL Pointer Dereference vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44502 | Fisglobal | Allocation of Resources Without Limits or Throttling vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44503 | Fisglobal | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44504 | Fisglobal | Incorrect Calculation vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44505 | Yottadb | NULL Pointer Dereference vulnerability in Yottadb Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44506 | Yottadb | NULL Pointer Dereference vulnerability in Yottadb Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44507 | Fisglobal | NULL Pointer Dereference vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44508 | Fisglobal | NULL Pointer Dereference vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44509 | Fisglobal | Integer Underflow (Wrap or Wraparound) vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2021-44510 | Fisglobal | Incorrect Calculation of Buffer Size vulnerability in Fisglobal Gt.M An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). | 7.5 |
2022-04-15 | CVE-2022-27257 | Hubzilla | Unspecified vulnerability in Hubzilla A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | 7.5 |
2022-04-15 | CVE-2022-27849 | Plugin Planet | Unspecified vulnerability in Plugin-Planet Simple Ajax Chat Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 7.5 |
2022-04-15 | CVE-2022-21159 | MZ Automation | Infinite Loop vulnerability in Mz-Automation Libiec61850 1.5.0 A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. | 7.5 |
2022-04-15 | CVE-2022-20622 | Cisco | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Aironet Access Point Software A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. | 7.5 |
2022-04-15 | CVE-2022-20678 | Cisco | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XE A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
2022-04-15 | CVE-2022-20726 | Cisco | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.5 |
2022-04-15 | CVE-2022-27043 | Yearning | Path Traversal vulnerability in Yearning 2.3.1/2.3.2 Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal. | 7.5 |
2022-04-15 | CVE-2022-28345 | Signal | Injection vulnerability in Signal The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. | 7.5 |
2022-04-15 | CVE-2022-26498 | Digium Debian | Resource Exhaustion vulnerability in multiple products An issue was discovered in Asterisk through 19.x. | 7.5 |
2022-04-14 | CVE-2020-25162 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom A XPath injection vulnerability in the B. | 7.5 |
2022-04-14 | CVE-2020-25164 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom A vulnerability in the B. | 7.5 |
2022-04-14 | CVE-2021-28505 | Arista | Incorrect Authorization vulnerability in Arista EOS On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | 7.5 |
2022-04-14 | CVE-2021-40392 | Moxa | Cleartext Transmission of Sensitive Information vulnerability in Moxa Mxview 3.2.4 An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. | 7.5 |
2022-04-14 | CVE-2021-40400 | Gerbv Project | Out-of-bounds Read vulnerability in Gerbv Project Gerbv 2.7.0 An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). | 7.5 |
2022-04-14 | CVE-2021-40402 | Gerbv Project | Out-of-bounds Read vulnerability in Gerbv Project Gerbv 2.7.0/2.7.1/2.8.0 An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. | 7.5 |
2022-04-14 | CVE-2021-44354 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2021-44355 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2021-44356 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2021-44357 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2021-44366 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2021-44375 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2021-44394 | Reolink | Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. | 7.5 |
2022-04-14 | CVE-2022-22183 | Juniper | Unspecified vulnerability in Juniper Junos OS Evolved An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. | 7.5 |
2022-04-14 | CVE-2022-22185 | Juniper | Unspecified vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. | 7.5 |
2022-04-14 | CVE-2022-22188 | Juniper | Unspecified vulnerability in Juniper Junos 20.2 An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). | 7.5 |
2022-04-14 | CVE-2022-22190 | Juniper | Authorization Bypass Through User-Controlled Key vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. | 7.5 |
2022-04-14 | CVE-2022-22194 | Juniper | Unspecified vulnerability in Juniper Junos OS Evolved An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
2022-04-14 | CVE-2022-22195 | Juniper | Unspecified vulnerability in Juniper Junos OS Evolved An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). | 7.5 |
2022-04-14 | CVE-2022-22197 | Juniper | Unspecified vulnerability in Juniper Junos and Junos OS Evolved An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). | 7.5 |
2022-04-14 | CVE-2022-22198 | Juniper | Access of Uninitialized Pointer vulnerability in Juniper Junos 20.4/21.1/21.2 An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). | 7.5 |
2022-04-14 | CVE-2022-27008 | F5 | Classic Buffer Overflow vulnerability in F5 NJS 0.7.2 nginx njs 0.7.2 is vulnerable to Buffer Overflow. | 7.5 |
2022-04-14 | CVE-2021-43289 | Thoughtworks | Path Traversal vulnerability in Thoughtworks Gocd An issue was discovered in ThoughtWorks GoCD before 21.3.0. | 7.5 |
2022-04-14 | CVE-2022-27444 | Mariadb | Unspecified vulnerability in Mariadb MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | 7.5 |
2022-04-14 | CVE-2022-27445 | Mariadb Debian | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | 7.5 |
2022-04-14 | CVE-2022-27446 | Mariadb | Unspecified vulnerability in Mariadb MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | 7.5 |
2022-04-14 | CVE-2022-27447 | Mariadb Debian | Use After Free vulnerability in multiple products MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | 7.5 |
2022-04-14 | CVE-2022-27448 | Mariadb Debian | Reachable Assertion vulnerability in multiple products There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | 7.5 |
2022-04-14 | CVE-2022-27449 | Mariadb Debian | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | 7.5 |
2022-04-14 | CVE-2022-27451 | Mariadb | Unspecified vulnerability in Mariadb MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | 7.5 |
2022-04-14 | CVE-2022-27452 | Mariadb Debian | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | 7.5 |
2022-04-14 | CVE-2022-27455 | Mariadb | Use After Free vulnerability in Mariadb MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. | 7.5 |
2022-04-14 | CVE-2022-27456 | Mariadb Debian | Use After Free vulnerability in multiple products MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | 7.5 |
2022-04-14 | CVE-2022-27457 | Mariadb | Use After Free vulnerability in Mariadb MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. | 7.5 |
2022-04-14 | CVE-2021-43287 | Thoughtworks | Information Exposure vulnerability in Thoughtworks Gocd An issue was discovered in ThoughtWorks GoCD before 21.3.0. | 7.5 |
2022-04-14 | CVE-2022-1279 | Ebics Java Project | Unspecified vulnerability in Ebics Java Project Ebics Java A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. | 7.5 |
2022-04-13 | CVE-2022-24843 | GIN VUE Admin Project | Path Traversal vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. | 7.5 |
2022-04-13 | CVE-2021-41119 | Wire | Resource Exhaustion vulnerability in Wire Wire-Server 20210816 Wire-server is the system server for the wire back-end services. | 7.5 |
2022-04-13 | CVE-2022-1339 | Pimcore | Unspecified vulnerability in Pimcore SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. | 7.5 |
2022-04-12 | CVE-2022-27376 | Mariadb Debian | Use After Free vulnerability in multiple products MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27377 | Mariadb Debian | Use After Free vulnerability in multiple products MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27378 | Mariadb Debian | SQL Injection vulnerability in multiple products An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27379 | Mariadb Debian | SQL Injection vulnerability in multiple products An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27380 | Mariadb Debian | SQL Injection vulnerability in multiple products An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27381 | Mariadb Debian | SQL Injection vulnerability in multiple products An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27382 | Mariadb | Reachable Assertion vulnerability in Mariadb MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. | 7.5 |
2022-04-12 | CVE-2022-27383 | Mariadb Debian | Use After Free vulnerability in multiple products MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27384 | Mariadb Debian | SQL Injection vulnerability in multiple products An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27385 | Mariadb | SQL Injection vulnerability in Mariadb An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-27386 | Mariadb Debian | SQL Injection vulnerability in multiple products MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | 7.5 |
2022-04-12 | CVE-2022-27387 | Mariadb Debian | Classic Buffer Overflow vulnerability in multiple products MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. | 7.5 |
2022-04-12 | CVE-2022-22559 | Dell | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell EMC Powerscale Onefs 9.3.0 Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. | 7.5 |
2022-04-12 | CVE-2022-22562 | Dell | Unspecified vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. | 7.5 |
2022-04-12 | CVE-2022-23161 | Dell | Improper Handling of Exceptional Conditions vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. | 7.5 |
2022-04-12 | CVE-2022-24070 | Apache Debian Fedoraproject Apple | Use After Free vulnerability in multiple products Subversion's mod_dav_svn is vulnerable to memory corruption. | 7.5 |
2022-04-12 | CVE-2022-24412 | Dell | Unspecified vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. | 7.5 |
2022-04-12 | CVE-2021-39809 | Out-of-bounds Read vulnerability in Google Android In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2022-04-12 | CVE-2021-41004 | HPE | Unspecified vulnerability in HPE products A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 7.5 |
2022-04-12 | CVE-2022-21155 | Fernhillsoftware | Improper Handling of Exceptional Conditions vulnerability in Fernhillsoftware Scada Server 3.77 A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. | 7.5 |
2022-04-12 | CVE-2022-23703 | HPE | Unspecified vulnerability in HPE Nimbleos A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. | 7.5 |
2022-04-12 | CVE-2022-27261 | Express Fileupload Project | Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1 An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | 7.5 |
2022-04-12 | CVE-2022-27667 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
2022-04-12 | CVE-2022-27669 | SAP | Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. | 7.5 |
2022-04-12 | CVE-2022-28772 | SAP | Out-of-bounds Write vulnerability in SAP Netweaver and web Dispatcher By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. | 7.5 |
2022-04-12 | CVE-2022-28773 | SAP | Unspecified vulnerability in SAP Netweaver and web Dispatcher Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | 7.5 |
2022-04-12 | CVE-2022-21803 | Nconf Project | Unspecified vulnerability in Nconf Project Nconf This affects the package nconf before 0.11.4. | 7.5 |
2022-04-12 | CVE-2021-32040 | Mongodb | Out-of-bounds Write vulnerability in Mongodb It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. | 7.5 |
2022-04-12 | CVE-2022-25622 | Siemens | Resource Exhaustion vulnerability in Siemens products The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. | 7.5 |
2022-04-12 | CVE-2022-25751 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 7.5 |
2022-04-12 | CVE-2022-25755 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 7.5 |
2022-04-12 | CVE-2022-26334 | Siemens | Classic Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 7.5 |
2022-04-12 | CVE-2022-26335 | Siemens | Classic Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 7.5 |
2022-04-12 | CVE-2022-26380 | Siemens | Out-of-bounds Read vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 7.5 |
2022-04-12 | CVE-2022-27194 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). | 7.5 |
2022-04-12 | CVE-2022-27241 | Mendix | Information Exposure vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). | 7.5 |
2022-04-12 | CVE-2022-27480 | Siemens | Forced Browsing vulnerability in Siemens products A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). | 7.5 |
2022-04-12 | CVE-2022-28328 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). | 7.5 |
2022-04-12 | CVE-2022-1302 | MZ Automation | Unspecified vulnerability in Mz-Automation Libiec61850 In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | 7.5 |
2022-04-11 | CVE-2022-24836 | Nokogiri Fedoraproject Debian Apple | Nokogiri is an open source XML and HTML library for Ruby. | 7.5 |
2022-04-11 | CVE-2022-24839 | Nekohtml Project Oracle | org.cyberneko.html is an html parser written in Java. | 7.5 |
2022-04-11 | CVE-2021-40065 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-04-11 | CVE-2021-46740 | Huawei | Improper Authentication vulnerability in Huawei Emui and Harmonyos The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-04-11 | CVE-2021-4047 | Redhat | Unspecified vulnerability in Redhat Openshift 4.9 The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. | 7.5 |
2022-04-11 | CVE-2022-22253 | Huawei | Improper Validation of Integrity Check Value vulnerability in Huawei Emui, Harmonyos and Magic UI The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. | 7.5 |
2022-04-11 | CVE-2022-22254 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-04-11 | CVE-2022-22255 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. | 7.5 |
2022-04-11 | CVE-2022-22256 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-04-11 | CVE-2022-22257 | Huawei | Improper Privilege Management vulnerability in Huawei Emui, Harmonyos and Magic UI The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | 7.5 |
2022-04-11 | CVE-2022-27844 | Wpvivid | Path Traversal vulnerability in Wpvivid Migration, Backup, Staging Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | 7.5 |
2022-04-11 | CVE-2021-38929 | IBM | Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0 IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. | 7.5 |
2022-04-11 | CVE-2021-38930 | IBM | Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0 IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. | 7.5 |
2022-04-11 | CVE-2022-0828 | Wpdownloadmanager | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | 7.5 |
2022-04-11 | CVE-2022-0920 | Salonbookingsystem | Unspecified vulnerability in Salonbookingsystem Salon Booking System The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | 7.5 |
2022-04-11 | CVE-2022-0989 | Nsthemes | Unspecified vulnerability in Nsthemes NS Watermark for Woocommerce 2.11.3 An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | 7.5 |
2022-04-11 | CVE-2022-27041 | Os4Ed | SQL Injection vulnerability in Os4Ed Opensis 8.0 Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | 7.5 |
2022-04-15 | CVE-2022-27048 | Moxa | Unspecified vulnerability in Moxa products A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. | 7.4 |
2022-04-15 | CVE-2022-20739 | Cisco | Improper Privilege Management vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. | 7.3 |
2022-04-12 | CVE-2021-39796 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. | 7.3 | |
2022-04-12 | CVE-2022-23449 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens products A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). | 7.3 |
2022-04-15 | CVE-2022-27421 | Chamilo | Improper Input Validation vulnerability in Chamilo LMS Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | 7.2 |
2022-04-15 | CVE-2022-28113 | Fantec | Reliance on Cookies without Validation and Integrity Checking vulnerability in Fantec Mwid25-Ds Firmware 2.000.030 An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. | 7.2 |
2022-04-15 | CVE-2022-27365 | Chshcms | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. | 7.2 |
2022-04-15 | CVE-2022-27366 | Chshcms | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. | 7.2 |
2022-04-15 | CVE-2022-27367 | Chshcms | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. | 7.2 |
2022-04-15 | CVE-2022-27368 | Chshcms | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. | 7.2 |
2022-04-15 | CVE-2022-27369 | Chshcms | SQL Injection vulnerability in Chshcms Cscms 4.2 Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. | 7.2 |
2022-04-15 | CVE-2022-20693 | Cisco | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
2022-04-15 | CVE-2022-20718 | Cisco | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
2022-04-15 | CVE-2022-20719 | Cisco | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
2022-04-15 | CVE-2022-20720 | Cisco | Link Following vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
2022-04-15 | CVE-2022-20723 | Cisco | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
2022-04-15 | CVE-2022-27474 | Salesagility | Unspecified vulnerability in Salesagility Suitecrm 7.11.23 SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. | 7.2 |
2022-04-14 | CVE-2022-24846 | Geoserver | Deserialization of Untrusted Data vulnerability in Geoserver Geowebcache GeoWebCache is a tile caching server implemented in Java. | 7.2 |
2022-04-14 | CVE-2020-25156 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom Active debug code in the B. | 7.2 |
2022-04-14 | CVE-2022-22966 | Vmware | Unspecified vulnerability in VMWare Vcloud Director 10.1.0 An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. | 7.2 |
2022-04-14 | CVE-2022-1258 | Mcafee | SQL Injection vulnerability in Mcafee Agent A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | 7.2 |
2022-04-13 | CVE-2022-24847 | Osgeo | Expression Language Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 7.2 |
2022-04-13 | CVE-2022-24818 | Geotools | Expression Language Injection vulnerability in Geotools GeoTools is an open source Java library that provides tools for geospatial data. | 7.2 |
2022-04-13 | CVE-2022-22957 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
2022-04-13 | CVE-2022-22958 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
2022-04-13 | CVE-2022-26151 | Citrix | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. | 7.2 |
2022-04-11 | CVE-2022-27573 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | 7.2 | |
2022-04-11 | CVE-2022-27574 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | 7.2 | |
2022-04-11 | CVE-2021-37292 | Kevinlab | Unspecified vulnerability in Kevinlab 4ST L-Bems 1.0.0 An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. | 7.2 |
2022-04-11 | CVE-2022-1006 | Elbtide | Unspecified vulnerability in Elbtide Advanced Booking Calendar The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | 7.2 |
2022-04-11 | CVE-2022-1008 | Ocdi | Unspecified vulnerability in Ocdi ONE Click Demo Import The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | 7.2 |
2022-04-11 | CVE-2022-1023 | Secondlinethemes | Unspecified vulnerability in Secondlinethemes Podcast Importer Secondline The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | 7.2 |
2022-04-14 | CVE-2020-25166 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom An improper verification of the cryptographic signature of firmware updates of the B. | 7.1 |
2022-04-13 | CVE-2022-27523 | Autodesk | Out-of-bounds Read vulnerability in Autodesk DWG Trueview A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. | 7.1 |
2022-04-13 | CVE-2022-27524 | Autodesk | Out-of-bounds Read vulnerability in Autodesk DWG Trueview An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. | 7.1 |
2022-04-11 | CVE-2022-27823 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 7.1 | |
2022-04-11 | CVE-2022-27824 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | 7.1 | |
2022-04-11 | CVE-2022-27825 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 7.1 | |
2022-04-14 | CVE-2022-25165 | Amazon | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 7.0 |
2022-04-12 | CVE-2022-0915 | Logitech | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Logitech Sync There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. | 7.0 |
2022-04-11 | CVE-2022-27834 | Use After Free vulnerability in Google Android 10.0/11.0/12.0 Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | 7.0 |
229 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-04-15 | CVE-2022-20694 | Cisco | Reachable Assertion vulnerability in Cisco IOS XE A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. | 6.8 |
2022-04-15 | CVE-2022-20731 | Cisco | Improper Initialization vulnerability in Cisco products Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. | 6.8 |
2022-04-15 | CVE-2022-20758 | Cisco | Unspecified vulnerability in Cisco IOS XR A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 6.8 |
2022-04-11 | CVE-2022-24832 | Thoughtworks | Unspecified vulnerability in Thoughtworks Gocd GoCD is an open source a continuous delivery server. | 6.8 |
2022-04-11 | CVE-2022-25832 | Improper Authentication vulnerability in Google Android 11.0/12.0 Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | 6.8 | |
2022-04-11 | CVE-2022-26091 | Improper Authentication vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. | 6.8 | |
2022-04-15 | CVE-2022-20676 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. | 6.7 |
2022-04-15 | CVE-2022-20677 | Cisco | Inadequate Encryption Strength vulnerability in Cisco IOS 17.6.1 Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.7 |
2022-04-15 | CVE-2022-20727 | Cisco | Path Traversal vulnerability in Cisco products Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.7 |
2022-04-14 | CVE-2020-16238 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom A vulnerability in the configuration import mechanism of the B. | 6.7 |
2022-04-12 | CVE-2022-22550 | Dell | Insufficiently Protected Credentials vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. | 6.7 |
2022-04-12 | CVE-2021-39814 | Out-of-bounds Write vulnerability in Google Android In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2022-04-12 | CVE-2022-23702 | HPE | Unspecified vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. | 6.7 |
2022-04-11 | CVE-2022-20062 | Use After Free vulnerability in Google Android 11.0/12.0 In mdp, there is a possible memory corruption due to a use after free. | 6.7 | |
2022-04-11 | CVE-2022-20064 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. | 6.7 | |
2022-04-11 | CVE-2022-20065 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In ccci, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2022-04-11 | CVE-2022-20067 | Out-of-bounds Write vulnerability in Google Android In mdp, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2022-04-11 | CVE-2022-20068 | Link Following vulnerability in Google Android 10.0/11.0/12.0 In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. | 6.7 | |
2022-04-11 | CVE-2022-20070 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In ssmr, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2022-04-11 | CVE-2022-20071 | Improper Certificate Validation vulnerability in Google Android 11.0/12.0 In ccu, there is a possible escalation of privilege due to a missing certificate validation. | 6.7 | |
2022-04-11 | CVE-2022-20072 | Incorrect Comparison vulnerability in Google Android 11.0/12.0 In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. | 6.7 | |
2022-04-11 | CVE-2022-20075 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 In ged, there is a possible out of bounds write due to an integer overflow. | 6.7 | |
2022-04-11 | CVE-2022-20069 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 In preloader (usb), there is a possible out of bounds write due to an integer overflow. | 6.6 | |
2022-04-11 | CVE-2022-20073 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 10.0/11.0/12.0 In preloader (usb), there is a possible out of bounds write due to a integer underflow. | 6.6 | |
2022-04-11 | CVE-2022-20074 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In preloader (partition), there is a possible out of bounds write due to a missing bounds check. | 6.6 | |
2022-04-15 | CVE-2022-1365 | Cross Fetch Project | Incorrect Authorization vulnerability in Cross-Fetch Project Cross-Fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | 6.5 |
2022-04-15 | CVE-2022-20684 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. | 6.5 |
2022-04-15 | CVE-2022-20692 | Cisco | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. | 6.5 |
2022-04-15 | CVE-2022-20735 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
2022-04-15 | CVE-2022-20747 | Cisco | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. | 6.5 |
2022-04-15 | CVE-2022-20761 | Cisco | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. | 6.5 |
2022-04-15 | CVE-2022-28041 | Nothings Fedoraproject Debian | Integer Overflow or Wraparound vulnerability in multiple products stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. | 6.5 |
2022-04-14 | CVE-2022-24849 | Aitsys | Unspecified vulnerability in Aitsys Discatsharp 9.8.5/9.8.6/9.9.0 DisCatSharp is a Discord API wrapper for .NET. | 6.5 |
2022-04-14 | CVE-2021-40405 | Reolink | Improper Resource Shutdown or Release vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102 A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. | 6.5 |
2022-04-14 | CVE-2021-40424 | Webroot | Out-of-bounds Read vulnerability in Webroot Secureanywhere 21.4 An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. | 6.5 |
2022-04-14 | CVE-2021-40425 | Webroot | Out-of-bounds Read vulnerability in Webroot Secureanywhere 21.4 An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. | 6.5 |
2022-04-14 | CVE-2022-22186 | Juniper | Unspecified vulnerability in Juniper Junos Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. | 6.5 |
2022-04-14 | CVE-2022-22191 | Juniper | Resource Exhaustion vulnerability in Juniper Junos A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. | 6.5 |
2022-04-14 | CVE-2022-22196 | Juniper | Unspecified vulnerability in Juniper Junos and Junos OS Evolved An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). | 6.5 |
2022-04-13 | CVE-2022-1333 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Playbooks Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. | 6.5 |
2022-04-13 | CVE-2022-1337 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | 6.5 |
2022-04-13 | CVE-2022-26589 | Pluck CMS | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | 6.5 |
2022-04-12 | CVE-2022-23159 | Dell | Memory Leak vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. | 6.5 |
2022-04-12 | CVE-2021-39803 | Use After Free vulnerability in Google Android In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. | 6.5 | |
2022-04-12 | CVE-2021-39804 | NULL Pointer Dereference vulnerability in Google Android 11.0/12.0/12.1 In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. | 6.5 | |
2022-04-12 | CVE-2021-39805 | Out-of-bounds Read vulnerability in Google Android 12.0/12.1 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. | 6.5 | |
2022-04-12 | CVE-2021-41005 | HPE | Unspecified vulnerability in HPE products A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 6.5 |
2022-04-12 | CVE-2022-22541 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. | 6.5 |
2022-04-12 | CVE-2022-26106 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
2022-04-12 | CVE-2022-26107 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
2022-04-12 | CVE-2022-26108 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
2022-04-12 | CVE-2022-26109 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
2022-04-12 | CVE-2022-27654 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
2022-04-12 | CVE-2022-27655 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
2022-04-12 | CVE-2022-27670 | SAP | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | 6.5 |
2022-04-12 | CVE-2022-27671 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 6.5 |
2022-04-12 | CVE-2022-28795 | Avira | Unspecified vulnerability in Avira Password Manager A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. | 6.5 |
2022-04-12 | CVE-2022-0878 | Combined Charging System Project | Missing Authentication for Critical Function vulnerability in Combined Charging System Project Combined Charging System Firmware Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. | 6.5 |
2022-04-12 | CVE-2022-24247 | Ritecms | Path Traversal vulnerability in Ritecms RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. | 6.5 |
2022-04-12 | CVE-2022-24248 | Ritecms | Path Traversal vulnerability in Ritecms RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. | 6.5 |
2022-04-12 | CVE-2022-25650 | Mendix | Unspecified vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). | 6.5 |
2022-04-12 | CVE-2022-28329 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). | 6.5 |
2022-04-12 | CVE-2022-28662 | Siemens | Out-of-bounds Write vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). | 6.5 |
2022-04-11 | CVE-2022-1067 | Lifepoint | Improper Authentication vulnerability in Lifepoint Patient Portal Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. | 6.5 |
2022-04-11 | CVE-2022-20052 | Use After Free vulnerability in Google Android 11.0/12.0 In mdp, there is a possible memory corruption due to a use after free. | 6.5 | |
2022-04-11 | CVE-2022-20063 | Out-of-bounds Write vulnerability in Google Android 10.0/9.0 In atf (spm), there is a possible out of bounds write due to a missing bounds check. | 6.5 | |
2022-04-11 | CVE-2021-37293 | Kevinlab | Path Traversal vulnerability in Kevinlab 4ST L-Bems 1.0.0 A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. | 6.5 |
2022-04-11 | CVE-2022-0914 | Atlasgondal | Unspecified vulnerability in Atlasgondal Export ALL Urls The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example | 6.5 |
2022-04-11 | CVE-2022-20077 | Race Condition vulnerability in Google Android 10.0/11.0 In vow, there is a possible memory corruption due to a race condition. | 6.4 | |
2022-04-11 | CVE-2022-20078 | Race Condition vulnerability in Google Android 11.0/12.0 In vow, there is a possible memory corruption due to a race condition. | 6.4 | |
2022-04-11 | CVE-2022-20080 | Race Condition vulnerability in Google Android In SUB2AF, there is a possible memory corruption due to a race condition. | 6.4 | |
2022-04-11 | CVE-2022-0447 | Pickplugins | Unspecified vulnerability in Pickplugins Post Grid The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting | 6.4 |
2022-04-14 | CVE-2020-25160 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom Improper access controls in the B. | 6.3 |
2022-04-13 | CVE-2022-1280 | Linux Redhat | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. | 6.3 |
2022-04-16 | CVE-2022-29020 | Forestblog Project | Cross-site Scripting vulnerability in Forestblog Project Forestblog 20190404 ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. | 6.1 |
2022-04-15 | CVE-2022-27422 | Chamilo | Cross-site Scripting vulnerability in Chamilo LMS A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. | 6.1 |
2022-04-15 | CVE-2022-27425 | Chamilo | Cross-site Scripting vulnerability in Chamilo Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. | 6.1 |
2022-04-15 | CVE-2022-27852 | Wpchill | Unspecified vulnerability in Wpchill KB Support Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. | 6.1 |
2022-04-15 | CVE-2022-26594 | Liferay | Cross-site Scripting vulnerability in Liferay Portal 7.3.5/7.3.6/7.4.0 Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder. | 6.1 |
2022-04-15 | CVE-2022-27258 | Hubzilla | Cross-site Scripting vulnerability in Hubzilla 7.0.3 Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | 6.1 |
2022-04-15 | CVE-2022-1231 | Plantuml Fedoraproject | Cross-site Scripting vulnerability in multiple products XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. | 6.1 |
2022-04-14 | CVE-2020-25154 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom An open redirect vulnerability in the administrative interface of the B. | 6.1 |
2022-04-14 | CVE-2020-25158 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom A reflected cross-site scripting (XSS) vulnerability in the B. | 6.1 |
2022-04-14 | CVE-2022-22182 | Juniper | Unspecified vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. | 6.1 |
2022-04-13 | CVE-2021-43154 | Cmsmadesimple | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | 6.1 |
2022-04-13 | CVE-2022-27503 | Citrix | Cross-site Scripting vulnerability in Citrix Storefront Server Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | 6.1 |
2022-04-13 | CVE-2022-27505 | Citrix | Cross-site Scripting vulnerability in Citrix products Reflected cross site scripting (XSS) | 6.1 |
2022-04-13 | CVE-2022-26144 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in MantisBT before 2.25.3. | 6.1 |
2022-04-13 | CVE-2022-27256 | Hubzilla | Open Redirect vulnerability in Hubzilla A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | 6.1 |
2022-04-13 | CVE-2020-29653 | Froxlor | Cross-site Scripting vulnerability in Froxlor Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. | 6.1 |
2022-04-13 | CVE-2022-27475 | Hotel Management System Project | Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 1.0 Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. | 6.1 |
2022-04-12 | CVE-2021-36914 | Claderaform | Cross-Site Request Forgery (CSRF) vulnerability in Claderaform Calderawp License Manager 1.2.11 Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | 6.1 |
2022-04-12 | CVE-2022-26105 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. | 6.1 |
2022-04-12 | CVE-2022-28216 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. | 6.1 |
2022-04-12 | CVE-2022-28770 | SAP | Unspecified vulnerability in SAP Sapui5 Library Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. | 6.1 |
2022-04-12 | CVE-2022-25756 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. | 6.1 |
2022-04-11 | CVE-2022-24833 | Privatebin | Unspecified vulnerability in Privatebin PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. | 6.1 |
2022-04-11 | CVE-2021-24986 | Pickplugins | Unspecified vulnerability in Pickplugins Post Grid The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form | 6.1 |
2022-04-11 | CVE-2021-24987 | Heateor | Cross-site Scripting vulnerability in Heateor Super Socializer The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. | 6.1 |
2022-04-11 | CVE-2022-0271 | Thimpress | Unspecified vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-04-11 | CVE-2022-0314 | Presscustomizr | Unspecified vulnerability in Presscustomizr Nimble Page Builder The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-04-11 | CVE-2022-0471 | Realfavicongenerator | Unspecified vulnerability in Realfavicongenerator Favicon BY Realfavicongenerator The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-04-11 | CVE-2022-0531 | Wpvivid | Unspecified vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting | 6.1 |
2022-04-11 | CVE-2022-0892 | Atlasgondal | Unspecified vulnerability in Atlasgondal Export ALL Urls The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-04-11 | CVE-2022-1007 | Elbtide | Unspecified vulnerability in Elbtide Advanced Booking Calendar The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-04-11 | CVE-2021-32158 | Webmin | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | 6.1 |
2022-04-11 | CVE-2021-32160 | Webmin | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | 6.1 |
2022-04-11 | CVE-2021-32161 | Webmin | Cross-site Scripting vulnerability in Webmin 1.973 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | 6.1 |
2022-04-14 | CVE-2021-21967 | Sealevel | Classic Buffer Overflow vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. | 5.9 |
2022-04-13 | CVE-2022-0023 | Paloaltonetworks | Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. | 5.9 |
2022-04-11 | CVE-2022-0552 | Redhat | Unspecified vulnerability in Redhat Origin-Aggregated-Logging 3.11 A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. | 5.9 |
2022-04-11 | CVE-2022-20081 | Improper Certificate Validation vulnerability in Google Android 10.0/11.0/12.0 In A-GPS, there is a possible man in the middle attack due to improper certificate validation. | 5.9 | |
2022-04-16 | CVE-2022-28966 | Wasm3 Project | Out-of-bounds Write vulnerability in Wasm3 Project Wasm3 0.5.0 Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c). | 5.5 |
2022-04-15 | CVE-2022-20717 | Cisco | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Sd-Wan Vedge Router 20.7 A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. | 5.5 |
2022-04-15 | CVE-2022-28049 | F5 | NULL Pointer Dereference vulnerability in F5 NJS 0.7.2 NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | 5.5 |
2022-04-14 | CVE-2022-22193 | Juniper | Unspecified vulnerability in Juniper Junos and Junos OS Evolved An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). | 5.5 |
2022-04-14 | CVE-2022-1257 | Mcafee | Insecure Storage of Sensitive Information vulnerability in Mcafee Agent Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. | 5.5 |
2022-04-13 | CVE-2022-0221 | Schneider Electric | XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. | 5.5 |
2022-04-13 | CVE-2022-24308 | Automox | Unspecified vulnerability in Automox Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | 5.5 |
2022-04-12 | CVE-2022-0436 | Gruntjs | Unspecified vulnerability in Gruntjs Grunt Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | 5.5 |
2022-04-12 | CVE-2022-27419 | RTL 433 Project | Out-of-bounds Write vulnerability in RTL 433 Project RTL 433 21.12 rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. | 5.5 |
2022-04-12 | CVE-2022-22560 | Dell | Use of Hard-coded Credentials vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. | 5.5 |
2022-04-12 | CVE-2022-23163 | Dell | Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. | 5.5 |
2022-04-12 | CVE-2021-39800 | Use After Free vulnerability in Google Android In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. | 5.5 | |
2022-04-12 | CVE-2022-21168 | Fujielectric | Unspecified vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2 The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. | 5.5 |
2022-04-12 | CVE-2022-21202 | Fujielectric | Unspecified vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2 The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. | 5.5 |
2022-04-11 | CVE-2022-0835 | Aveva | Cleartext Storage of Sensitive Information vulnerability in Aveva System Platform 2020 AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. | 5.5 |
2022-04-11 | CVE-2022-27821 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. | 5.5 | |
2022-04-11 | CVE-2022-27822 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0 Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | 5.5 | |
2022-04-11 | CVE-2022-28542 | Samsung | Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | 5.5 |
2022-04-11 | CVE-2022-28543 | Samsung | Path Traversal vulnerability in Samsung Flow 4.8.03.5/4.8.5.0 Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. | 5.5 |
2022-04-11 | CVE-2022-28544 | Samsung | Path Traversal vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | 5.5 |
2022-04-11 | CVE-2022-26414 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. | 5.5 |
2022-04-16 | CVE-2022-1380 | Snipeitapp | Cross-site Scripting vulnerability in Snipeitapp Snipe-It Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. | 5.4 |
2022-04-14 | CVE-2022-24855 | Metabase | Unspecified vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 5.4 |
2022-04-14 | CVE-2022-22181 | Juniper | Unspecified vulnerability in Juniper Junos A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. | 5.4 |
2022-04-14 | CVE-2021-45227 | Coins Global | Cross-site Scripting vulnerability in Coins-Global Coins Construction Cloud 11.12 An issue was discovered in COINS Construction Cloud 11.12. | 5.4 |
2022-04-14 | CVE-2021-45228 | Coins Global | Cross-site Scripting vulnerability in Coins-Global Coins Construction Cloud 11.12 An XSS issue was discovered in COINS Construction Cloud 11.12. | 5.4 |
2022-04-14 | CVE-2021-43288 | Thoughtworks | Cross-site Scripting vulnerability in Thoughtworks Gocd An issue was discovered in ThoughtWorks GoCD before 21.3.0. | 5.4 |
2022-04-14 | CVE-2021-43633 | Messaging WEB Application Project | Cross-site Scripting vulnerability in Messaging web Application Project Messaging web Application 1.0 Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. | 5.4 |
2022-04-14 | CVE-2022-1351 | Pimcore | Unspecified vulnerability in Pimcore Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. | 5.4 |
2022-04-13 | CVE-2021-43742 | Cmsimple | Cross-site Scripting vulnerability in Cmsimple 5.4 CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. | 5.4 |
2022-04-12 | CVE-2022-1330 | Fullpage Project | Unspecified vulnerability in Fullpage Project Fullpage stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. | 5.4 |
2022-04-12 | CVE-2022-29036 | Jenkins | Cross-site Scripting vulnerability in Jenkins Credentials Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29037 | Jenkins | Cross-site Scripting vulnerability in Jenkins CVS Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29038 | Jenkins | Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29039 | Jenkins | Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29040 | Jenkins | Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29041 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jira Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29042 | Jenkins | Cross-site Scripting vulnerability in Jenkins JOB Generator Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29043 | Jenkins | Cross-site Scripting vulnerability in Jenkins Mask Passwords Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29044 | Jenkins | Cross-site Scripting vulnerability in Jenkins Node and Label Parameter Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29045 | Jenkins | Cross-site Scripting vulnerability in Jenkins Promoted Builds Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29046 | Jenkins Apple | Cross-site Scripting vulnerability in multiple products Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-04-12 | CVE-2022-29049 | Jenkins | Cross-site Scripting vulnerability in Jenkins Promoted Builds Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. | 5.4 |
2022-04-11 | CVE-2021-39068 | IBM | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.11.0/8.0.1 IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. | 5.4 |
2022-04-11 | CVE-2021-25090 | Wpsofts | Unspecified vulnerability in Wpsofts Portfolio Gallery, Product Catalog - Grid KIT Portfolio The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. | 5.4 |
2022-04-11 | CVE-2022-27111 | Jflyfox | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | 5.4 |
2022-04-11 | CVE-2022-27156 | Thedaylightstudio | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | 5.4 |
2022-04-11 | CVE-2022-0936 | Autolabproject | Unspecified vulnerability in Autolabproject Autolab Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. | 5.4 |
2022-04-11 | CVE-2022-1045 | Trudesk Project | Unspecified vulnerability in Trudesk Project Trudesk Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | 5.4 |
2022-04-16 | CVE-2022-26653 | Zohocorp | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 5.3 |
2022-04-16 | CVE-2022-26777 | Zohocorp | Forced Browsing vulnerability in Zohocorp Manageengine Remote Access Plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 5.3 |
2022-04-15 | CVE-2022-20724 | Cisco | Race Condition vulnerability in Cisco products Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 5.3 |
2022-04-14 | CVE-2022-24824 | Discourse | Unspecified vulnerability in Discourse Discourse is an open source platform for community discussion. | 5.3 |
2022-04-14 | CVE-2022-24853 | Metabase | Information Exposure vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 5.3 |
2022-04-14 | CVE-2022-1328 | Mutt Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | 5.3 |
2022-04-14 | CVE-2022-22968 | Vmware Netapp Oracle | Improper Handling of Case Sensitivity vulnerability in multiple products In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. | 5.3 |
2022-04-13 | CVE-2022-22961 | Vmware | Information Exposure vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. | 5.3 |
2022-04-13 | CVE-2022-26643 | Johnsoncontrols | Unspecified vulnerability in Johnsoncontrols Easyio CPT Graphics 0.8 An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. | 5.3 |
2022-04-12 | CVE-2022-29047 | Jenkins | Incorrect Authorization vulnerability in Jenkins Pipeline: Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 5.3 |
2022-04-12 | CVE-2022-0140 | Vfbpro | Missing Authentication for Critical Function vulnerability in Vfbpro Visual Form Builder The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. | 5.3 |
2022-04-12 | CVE-2022-27481 | Siemens | Race Condition vulnerability in Siemens products A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). | 5.3 |
2022-04-11 | CVE-2022-24837 | Hedgedoc | Unrestricted Upload of File with Dangerous Type vulnerability in Hedgedoc 1.9.1/1.9.2 HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. | 5.3 |
2022-04-11 | CVE-2021-22055 | Vmware | Injection vulnerability in VMWare Photon OS The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. | 5.3 |
2022-04-11 | CVE-2021-43177 | Tinfoilsecurity | Unspecified vulnerability in Tinfoilsecurity Devise-Two-Factor As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. | 5.3 |
2022-04-11 | CVE-2022-24804 | Discourse | Incorrect Default Permissions vulnerability in Discourse Discourse is an open source platform for community discussion. | 5.3 |
2022-04-11 | CVE-2022-0919 | Salonbookingsystem | Unspecified vulnerability in Salonbookingsystem Salon Booking System The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. | 5.3 |
2022-04-14 | CVE-2022-25166 | Amazon | Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0 An issue was discovered in Amazon AWS VPN Client 2.0.0. | 5.0 |
2022-04-16 | CVE-2022-29287 | Kentico | Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. | 4.9 |
2022-04-15 | CVE-2022-20721 | Cisco | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.9 |
2022-04-15 | CVE-2022-20722 | Cisco | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.9 |
2022-04-13 | CVE-2022-22279 | Sonicwall | Path Traversal vulnerability in Sonicwall products A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions | 4.9 |
2022-04-11 | CVE-2022-0246 | Webence | Unspecified vulnerability in Webence IQ Block Country The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. | 4.9 |
2022-04-15 | CVE-2022-24851 | Ldap Account Manager Debian | Cross-site Scripting vulnerability in multiple products LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. | 4.8 |
2022-04-15 | CVE-2021-36828 | WP Maintenance Project | Unspecified vulnerability in WP Maintenance Project WP Maintenance Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions. | 4.8 |
2022-04-15 | CVE-2022-20725 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.8 |
2022-04-14 | CVE-2022-27848 | Webnus | Cross-site Scripting vulnerability in Webnus Modern Events Calendar Lite Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | 4.8 |
2022-04-14 | CVE-2022-21145 | Lansweeper | Cross-site Scripting vulnerability in Lansweeper 9.1.20.2 A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. | 4.8 |
2022-04-11 | CVE-2021-36846 | Premio | Cross-site Scripting vulnerability in Premio Chaty Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | 4.8 |
2022-04-11 | CVE-2021-36848 | Sharethis | Cross-site Scripting vulnerability in Sharethis Social Media Feather Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 4.8 |
2022-04-11 | CVE-2021-36893 | Wpdarko | Cross-site Scripting vulnerability in Wpdarko Responsive Tabs Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | 4.8 |
2022-04-11 | CVE-2021-36896 | W3Eden | Cross-site Scripting vulnerability in W3Eden Pricing Table 1.5.2 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | 4.8 |
2022-04-11 | CVE-2021-36910 | WP Appbox Project | Cross-site Scripting vulnerability in Wp-Appbox Project Wp-Appbox 4.3.20 Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | 4.8 |
2022-04-11 | CVE-2022-22571 | Ivanti | Cross-site Scripting vulnerability in Ivanti Incapptic Connect An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | 4.8 |
2022-04-11 | CVE-2022-27845 | Plausible | Cross-site Scripting vulnerability in Plausible Analytics Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 | 4.8 |
2022-04-11 | CVE-2022-0728 | Pootlepress | Unspecified vulnerability in Pootlepress Easy Smooth Scroll Links The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-04-11 | CVE-2022-0840 | Cybernetikz | Unspecified vulnerability in Cybernetikz Easy Social Icons The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | 4.8 |
2022-04-11 | CVE-2022-0969 | Vertistudio | Unspecified vulnerability in Vertistudio Image Optimization & Lazy Load BY Optimole The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-04-12 | CVE-2022-28215 | SAP | Unspecified vulnerability in SAP Netweaver Abap 740/750/787 SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
2022-04-15 | CVE-2022-20661 | Cisco | Improper Initialization vulnerability in Cisco IOS Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. | 4.6 |
2022-04-11 | CVE-2022-25831 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | 4.6 | |
2022-04-14 | CVE-2022-27817 | Waycrate | Exposure of Resource to Wrong Sphere vulnerability in Waycrate Swhkd 1.1.5 SWHKD 1.1.5 consumes the keyboard events of unintended users. | 4.4 |
2022-04-11 | CVE-2022-20066 | Improper Handling of Exceptional Conditions vulnerability in Google Android 11.0/12.0 In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. | 4.4 | |
2022-04-11 | CVE-2022-20076 | Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0 In ged, there is a possible memory corruption due to an incorrect error handling. | 4.4 | |
2022-04-11 | CVE-2022-20079 | Use of Uninitialized Resource vulnerability in Google Android 10.0/11.0 In vow, there is a possible read of uninitialized data due to a improper input validation. | 4.4 | |
2022-04-11 | CVE-2022-27831 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. | 4.4 | |
2022-04-11 | CVE-2022-27840 | Samsung | Incorrect Default Permissions vulnerability in Samsung Recovery Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | 4.4 |
2022-04-15 | CVE-2022-27850 | Plugin Planet | Unspecified vulnerability in Plugin-Planet Simple Ajax Chat Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 4.3 |
2022-04-15 | CVE-2022-27851 | Dineshkarki | Unspecified vulnerability in Dineshkarki USE ANY Font Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | 4.3 |
2022-04-15 | CVE-2022-28868 | F Secure | Unspecified vulnerability in F-Secure Safe An Address bar spoofing vulnerability was discovered in Safe Browser for Android. | 4.3 |
2022-04-15 | CVE-2022-28869 | F Secure | Unspecified vulnerability in F-Secure Safe A vulnerability affecting F-Secure SAFE browser was discovered. | 4.3 |
2022-04-15 | CVE-2022-28870 | F Secure | Unspecified vulnerability in F-Secure Safe A vulnerability affecting F-Secure SAFE browser was discovered. | 4.3 |
2022-04-14 | CVE-2022-24850 | Discourse | Unspecified vulnerability in Discourse Discourse is an open source platform for community discussion. | 4.3 |
2022-04-14 | CVE-2022-22391 | IBM | Unspecified vulnerability in IBM products IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. | 4.3 |
2022-04-13 | CVE-2022-1332 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | 4.3 |
2022-04-13 | CVE-2022-22959 | Vmware | Cross-Site Request Forgery (CSRF) vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. | 4.3 |
2022-04-13 | CVE-2022-27846 | Yooslider | Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. | 4.3 |
2022-04-13 | CVE-2022-27847 | Yooslider | Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. | 4.3 |
2022-04-12 | CVE-2022-29048 | Jenkins Apple | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 |
2022-04-12 | CVE-2022-29051 | Jenkins | Missing Authorization vulnerability in Jenkins Publish Over FTP Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | 4.3 |
2022-04-12 | CVE-2022-29052 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Google Compute Engine Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 4.3 |
2022-04-12 | CVE-2021-28544 | Apache Debian Fedoraproject Apple | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. | 4.3 |
2022-04-12 | CVE-2022-23160 | Dell | Improper Privilege Management vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. | 4.3 |
2022-04-11 | CVE-2022-1193 | Gitlab | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | 4.3 |
2022-04-11 | CVE-2022-25614 | Stylemixthemes | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | 4.3 |
2022-04-11 | CVE-2022-25615 | Stylemixthemes | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | 4.3 |
2022-04-11 | CVE-2022-27841 | Samsung | Improper Handling of Exceptional Conditions vulnerability in Samsung Pass 3.0.02.4 Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | 4.3 |
2022-04-11 | CVE-2022-27839 | Samsung | Improper Authentication vulnerability in Samsung Internet Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | 4.0 |
16 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-04-12 | CVE-2022-22565 | Dell | Unspecified vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. | 3.8 |
2022-04-12 | CVE-2022-24413 | Dell | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. | 3.6 |
2022-04-14 | CVE-2020-25168 | Bbraun | Unspecified vulnerability in Bbraun Datamodule Compactplus and Spacecom Hard-coded credentials in the B. | 3.3 |
2022-04-14 | CVE-2022-27814 | Waycrate | Information Exposure Through Discrepancy vulnerability in Waycrate Swhkd 1.1.5 SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. | 3.3 |
2022-04-11 | CVE-2022-25833 | Improper Authentication vulnerability in Google Android 10.0/11.0 Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. | 3.3 | |
2022-04-11 | CVE-2022-26090 | Unspecified vulnerability in Google Android 10.0/11.0 Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. | 3.3 | |
2022-04-11 | CVE-2022-27575 | Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0 Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | 3.3 | |
2022-04-11 | CVE-2022-27576 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0 Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | 3.3 | |
2022-04-11 | CVE-2022-27832 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | 3.3 | |
2022-04-11 | CVE-2022-28775 | Samsung | Unspecified vulnerability in Samsung Flow 4.8.03.5/4.8.5.0 Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | 3.3 |
2022-04-11 | CVE-2022-28777 | Samsung | Unspecified vulnerability in Samsung Members Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | 3.3 |
2022-04-11 | CVE-2022-28778 | Samsung | Unspecified vulnerability in Samsung Security Supporter Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | 3.3 |
2022-04-13 | CVE-2022-27506 | Citrix | Use of Hard-coded Credentials vulnerability in Citrix products Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI | 2.7 |
2022-04-12 | CVE-2022-27657 | SAP | Unspecified vulnerability in SAP Focused RUN 1.0 A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | 2.7 |
2022-04-11 | CVE-2022-29035 | Jetbrains | Use of Insufficiently Random Values vulnerability in Jetbrains Ktor In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | 2.7 |
2022-04-11 | CVE-2022-1157 | Gitlab | Information Exposure Through Log Files vulnerability in Gitlab Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged | 2.4 |