Weekly Vulnerabilities Reports > April 11 to 17, 2022

Overview

757 new vulnerabilities reported during this period, including 45 critical vulnerabilities and 152 high severity vulnerabilities. This weekly summary report vulnerabilities in 510 products from 213 vendors including Microsoft, Google, Cisco, Fisglobal, and Mariadb. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Privilege Management", "Out-of-bounds Write", "SQL Injection", and "Improper Input Validation".

  • 581 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 188 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 591 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 118 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

45 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-04-15 CVE-2022-26809 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

10.0
2022-04-14 CVE-2021-40422 Swiftsensors Use of Hard-coded Credentials vulnerability in Swiftsensors Sg3-1010 Firmware

An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010.

10.0
2022-04-13 CVE-2015-20107 Python Command Injection vulnerability in Python

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file.

10.0
2022-04-12 CVE-2022-23450 Siemens Deserialization of Untrusted Data vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).

10.0
2022-04-11 CVE-2022-22954 Vmware Code Injection vulnerability in VMWare products

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.

10.0
2022-04-11 CVE-2022-26098 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

10.0
2022-04-11 CVE-2022-27568 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

10.0
2022-04-11 CVE-2022-27569 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

10.0
2022-04-11 CVE-2022-27570 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

10.0
2022-04-11 CVE-2022-27571 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

10.0
2022-04-11 CVE-2022-27572 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

10.0
2022-04-15 CVE-2022-24492 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

9.3
2022-04-15 CVE-2022-24532 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability.

9.3
2022-04-15 CVE-2022-24541 Microsoft Unspecified vulnerability in Microsoft products

Windows Server Service Remote Code Execution Vulnerability.

9.3
2022-04-15 CVE-2022-26903 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Remote Code Execution Vulnerability.

9.3
2022-04-15 CVE-2022-26919 Microsoft Unspecified vulnerability in Microsoft products

Windows LDAP Remote Code Execution Vulnerability.

9.3
2022-04-15 CVE-2022-20695 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm.

9.3
2022-04-14 CVE-2021-21956 Cloudlinux Deserialization of Untrusted Data vulnerability in Cloudlinux Imunify360 5.10.2/5.8/5.9

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2.

9.3
2022-04-13 CVE-2019-6834 Schneider Electric Deserialization of Untrusted Data vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited.

9.3
2022-04-13 CVE-2021-22797 Schneider Electric Path Traversal vulnerability in Schneider-Electric products

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software.

9.3
2022-04-11 CVE-2022-27835 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 12.0

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.

9.3
2022-04-11 CVE-2022-27837 Sasmung Unspecified vulnerability in Sasmung Accessibility

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.

9.3
2022-04-15 CVE-2022-23259 Microsoft Improper Privilege Management vulnerability in Microsoft Dynamics 365 9.0/9.1

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-24536 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26811 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26812 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26813 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26815 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26823 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26824 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26825 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-26826 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

9.0
2022-04-15 CVE-2022-28113 Fantec Reliance on Cookies without Validation and Integrity Checking vulnerability in Fantec Mwid25-Ds Firmware 2.000.030

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

9.0
2022-04-15 CVE-2022-20693 Cisco Injection vulnerability in Cisco IOS XE

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.

9.0
2022-04-15 CVE-2022-20718 Cisco Injection vulnerability in Cisco IOS XE

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

9.0
2022-04-15 CVE-2022-20719 Cisco Injection vulnerability in Cisco IOS XE

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

9.0
2022-04-15 CVE-2022-20720 Cisco Path Traversal vulnerability in Cisco IOS XE

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

9.0
2022-04-15 CVE-2022-20723 Cisco Unspecified vulnerability in Cisco IOS XE and Ir510 Operating System

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

9.0
2022-04-14 CVE-2020-25150 Bbraun Relative Path Traversal vulnerability in Bbraun Datamodule Compactplus and Spacecom

A relative path traversal attack in the B.

9.0
2022-04-14 CVE-2020-25156 Bbraun Leftover Debug Code vulnerability in Bbraun Datamodule Compactplus and Spacecom

Active debug code in the B.

9.0
2022-04-13 CVE-2021-44520 Citrix OS Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

9.0
2022-04-13 CVE-2022-26151 Citrix Improper Input Validation vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.

9.0
2022-04-12 CVE-2022-24842 Minio Improper Privilege Management vulnerability in Minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0.

9.0
2022-04-11 CVE-2022-0999 Myscada OS Command Injection vulnerability in Myscada Mypro 7/7.0.26/8.20.0

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.

9.0
2022-04-11 CVE-2021-37292 Kevinlab Incorrect Authorization vulnerability in Kevinlab 4ST L-Bems 1.0.0

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account.

9.0

152 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-04-15 CVE-2022-24533 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Protocol Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26814 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26817 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26818 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26819 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26820 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26821 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26822 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-26829 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

8.5
2022-04-15 CVE-2022-20739 Cisco Improper Privilege Management vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user.

8.5
2022-04-12 CVE-2022-24247 Ritecms Path Traversal vulnerability in Ritecms 1.0/1.0.0/2.2.1

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel.

8.5
2022-04-12 CVE-2022-24248 Ritecms Path Traversal vulnerability in Ritecms 1.0/1.0.0/2.2.1

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel.

8.5
2022-04-15 CVE-2022-20622 Cisco Allocation of Resources Without Limits or Throttling vulnerability in Cisco Aironet Access Point Software

A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition.

7.8
2022-04-15 CVE-2022-20678 Cisco Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XE

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

7.8
2022-04-15 CVE-2022-20682 Cisco NULL Pointer Dereference vulnerability in Cisco IOS XE

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2022-04-15 CVE-2022-20683 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2022-04-14 CVE-2020-25162 Bbraun XPath Injection vulnerability in Bbraun Datamodule Compactplus and Spacecom

A XPath injection vulnerability in the B.

7.8
2022-04-14 CVE-2022-22183 Juniper Improper Access Control vulnerability in Juniper Junos OS Evolved

An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition.

7.8
2022-04-14 CVE-2022-22195 Juniper Improper Update of Reference Count vulnerability in Juniper Junos OS Evolved

An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS).

7.8
2022-04-12 CVE-2021-41004 HPE Unspecified vulnerability in HPE products

A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.

7.8
2022-04-12 CVE-2022-25751 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

7.8
2022-04-12 CVE-2022-26334 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

7.8
2022-04-12 CVE-2022-26335 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

7.8
2022-04-12 CVE-2022-26380 Siemens Out-of-bounds Read vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

7.8
2022-04-12 CVE-2022-27194 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17).

7.8
2022-04-12 CVE-2022-28328 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0).

7.8
2022-04-11 CVE-2022-26413 Zyxel OS Command Injection vulnerability in Zyxel products

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

7.7
2022-04-15 CVE-2022-22008 Microsoft Race Condition vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability.

7.6
2022-04-15 CVE-2022-24537 Microsoft Race Condition vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability.

7.6
2022-04-15 CVE-2022-20724 Cisco Race Condition vulnerability in Cisco products

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

7.6
2022-04-12 CVE-2021-39794 Google Incorrect Default Permissions vulnerability in Google Android 11.0/12.0/12.1

In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check.

7.6
2022-04-15 CVE-2022-27423 Chamilo SQL Injection vulnerability in Chamilo LMS

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.

7.5
2022-04-15 CVE-2022-24487 Microsoft Unspecified vulnerability in Microsoft products

Windows Local Security Authority (LSA) Remote Code Execution Vulnerability.

7.5
2022-04-15 CVE-2022-24491 Microsoft Unspecified vulnerability in Microsoft products

Windows Network File System Remote Code Execution Vulnerability.

7.5
2022-04-15 CVE-2022-24497 Microsoft Unspecified vulnerability in Microsoft products

Windows Network File System Remote Code Execution Vulnerability.

7.5
2022-04-15 CVE-2021-44486 Fisglobal
Yottadb
An issue was discovered in YottaDB through r1.32 and V7.0-000.
7.5
2022-04-15 CVE-2021-44496 Fisglobal Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

7.5
2022-04-15 CVE-2022-27157 PHP Weak Password Recovery Mechanism for Forgotten Password vulnerability in PHP Pearweb

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.

7.5
2022-04-15 CVE-2022-27158 PHP Deserialization of Untrusted Data vulnerability in PHP Pearweb

pearweb < 1.32 suffers from Deserialization of Untrusted Data.

7.5
2022-04-15 CVE-2021-42230 Seowonintech Unspecified vulnerability in Seowonintech 130-Slc Firmware

Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.

7.5
2022-04-15 CVE-2022-23865 Wecul SQL Injection vulnerability in Wecul Nyron 1.0

Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx.

7.5
2022-04-15 CVE-2022-28044 Irzip Project Out-of-bounds Write vulnerability in Irzip Project Irzip 0.640

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

7.5
2022-04-15 CVE-2021-40386 Kaseya Unspecified vulnerability in Kaseya Unitrends Backup

Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.

7.5
2022-04-15 CVE-2022-26651 Digium SQL Injection vulnerability in Digium Asterisk and Certified Asterisk

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13.

7.5
2022-04-14 CVE-2020-25166 Bbraun Improper Verification of Cryptographic Signature vulnerability in Bbraun Datamodule Compactplus and Spacecom

An improper verification of the cryptographic signature of firmware updates of the B.

7.5
2022-04-14 CVE-2021-40390 Moxa Use of Hard-coded Credentials vulnerability in Moxa Mxview 3.2.4

An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4.

7.5
2022-04-14 CVE-2022-28711 Ardupilot Out-of-bounds Write vulnerability in Ardupilot Apweb

A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9.

7.5
2022-04-14 CVE-2022-27007 F5 Use After Free vulnerability in F5 NJS 0.7.2

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

7.5
2022-04-14 CVE-2021-43290 Thoughtworks Path Traversal vulnerability in Thoughtworks Gocd

An issue was discovered in ThoughtWorks GoCD before 21.3.0.

7.5
2022-04-14 CVE-2022-26507 ATT
Schneider Electric
Out-of-bounds Write vulnerability in multiple products

** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7.

7.5
2022-04-13 CVE-2022-24845 Vyper Project Integer Overflow or Wraparound vulnerability in Vyper Project Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine.

7.5
2022-04-13 CVE-2022-24816 Geosolutionsgroup Code Injection vulnerability in Geosolutionsgroup Jal-Ext

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API.

7.5
2022-04-13 CVE-2022-24818 Geotools Improper Input Validation vulnerability in Geotools

GeoTools is an open source Java library that provides tools for geospatial data.

7.5
2022-04-13 CVE-2022-24788 Vyper Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Vyper Project Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine.

7.5
2022-04-13 CVE-2022-27479 Apache SQL Injection vulnerability in Apache Superset

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests.

7.5
2022-04-13 CVE-2022-22955 Vmware Improper Authentication vulnerability in VMWare products

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.

7.5
2022-04-13 CVE-2022-22956 Vmware Improper Authentication vulnerability in VMWare products

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.

7.5
2022-04-13 CVE-2021-22794 Schneider Electric Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution.

7.5
2022-04-13 CVE-2021-22795 Schneider Electric OS Command Injection vulnerability in Schneider-Electric Struxureware Data Center Expert

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network.

7.5
2022-04-13 CVE-2021-43741 Cmsimple Path Traversal vulnerability in Cmsimple 5.4

CMSimple 5.4 is vulnerable to Directory Traversal.

7.5
2022-04-12 CVE-2022-22561 Dell Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts.

7.5
2022-04-12 CVE-2022-27139 Ghost Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.

7.5
2022-04-12 CVE-2022-27140 Express Fileupload Project Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1

An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file.

7.5
2022-04-12 CVE-2022-27260 Buttercms Unrestricted Upload of File with Dangerous Type vulnerability in Buttercms 1.2.8

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

7.5
2022-04-12 CVE-2022-27262 Sailsjs Unrestricted Upload of File with Dangerous Type vulnerability in Sailsjs Skipper 0.9.1

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.

7.5
2022-04-12 CVE-2022-27263 Strapi Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.5

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.

7.5
2022-04-12 CVE-2022-27952 Payloadcms Unrestricted Upload of File with Dangerous Type vulnerability in Payloadcms Payload 0.15.0

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.

7.5
2022-04-12 CVE-2022-28396 Apostrophecms Unspecified vulnerability in Apostrophecms 3.16.1

Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs.

7.5
2022-04-12 CVE-2022-28397 Ghost Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.

7.5
2022-04-12 CVE-2021-31805 Apache Expression Language Injection vulnerability in Apache Struts

The fix issued for CVE-2020-17530 was incomplete.

7.5
2022-04-12 CVE-2022-27161 Cszcms SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers

7.5
2022-04-12 CVE-2022-27162 Cszcms SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

7.5
2022-04-12 CVE-2022-27163 Cszcms SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser

7.5
2022-04-12 CVE-2022-27164 Cszcms SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers

7.5
2022-04-12 CVE-2022-27165 Cszcms SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus

7.5
2022-04-12 CVE-2022-27472 Roothub Project SQL Injection vulnerability in Roothub Project Roothub 2.6.0

SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.

7.5
2022-04-12 CVE-2022-27473 Roothub Project SQL Injection vulnerability in Roothub Project Roothub 2.6.0

SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.

7.5
2022-04-12 CVE-2022-28032 Thedigitalcraft SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php

7.5
2022-04-12 CVE-2022-28033 Thedigitalcraft SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php

7.5
2022-04-12 CVE-2022-28034 Thedigitalcraft SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0

AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php

7.5
2022-04-12 CVE-2022-28035 Thedigitalcraft SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php

7.5
2022-04-12 CVE-2022-28036 Thedigitalcraft SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php

7.5
2022-04-12 CVE-2022-0142 Vfbpro Improper Neutralization of Formula Elements in a CSV File vulnerability in Vfbpro Visual Form Builder

The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

7.5
2022-04-12 CVE-2022-25752 Siemens Use of Insufficiently Random Values vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

7.5
2022-04-12 CVE-2022-28346 Djangoproject
Debian
SQL Injection vulnerability in multiple products

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.

7.5
2022-04-12 CVE-2022-28347 Djangoproject SQL Injection vulnerability in Djangoproject Django

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.

7.5
2022-04-12 CVE-2022-29080 NPM Dependency Versions Project Command Injection vulnerability in Npm-Dependency-Versions Project Npm-Dependency-Versions

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.

7.5
2022-04-11 CVE-2022-24838 Nextcloud Command Injection vulnerability in Nextcloud Calendar

Nextcloud Calendar is a calendar application for the nextcloud framework.

7.5
2022-04-11 CVE-2022-1161 Rockwellautomation Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems.

7.5
2022-04-11 CVE-2022-22258 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

7.5
2022-04-11 CVE-2022-26093 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

7.5
2022-04-11 CVE-2022-26094 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

7.5
2022-04-11 CVE-2022-26095 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

7.5
2022-04-11 CVE-2022-26096 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

7.5
2022-04-11 CVE-2022-26097 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

7.5
2022-04-11 CVE-2022-27567 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.

7.5
2022-04-11 CVE-2022-27574 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.

7.5
2022-04-11 CVE-2021-37291 Kevinlab SQL Injection vulnerability in Kevinlab 4ST L-Bems 1.0.0

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.

7.5
2022-04-11 CVE-2022-0949 Stopbadbots SQL Injection vulnerability in Stopbadbots Block and Stop BAD Bots

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection

7.5
2022-04-11 CVE-2022-27115 Std42 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.

7.5
2022-04-11 CVE-2022-1295 Fullpage Project Unspecified vulnerability in Fullpage Project Fullpage

Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.

7.5
2022-04-15 CVE-2022-29072 7 ZIP Out-of-bounds Write vulnerability in 7-Zip

** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

7.2
2022-04-15 CVE-2022-24550 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Telephony Server Elevation of Privilege Vulnerability.

7.2
2022-04-15 CVE-2022-26798 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

7.2
2022-04-15 CVE-2022-26803 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

7.2
2022-04-15 CVE-2022-20676 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges.

7.2
2022-04-15 CVE-2022-20677 Cisco Inadequate Encryption Strength vulnerability in Cisco IOS 17.6.1

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

7.2
2022-04-15 CVE-2022-20681 Cisco Unspecified vulnerability in Cisco IOS XE

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device.

7.2
2022-04-15 CVE-2022-20716 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges.

7.2
2022-04-15 CVE-2022-20727 Cisco Path Traversal vulnerability in Cisco products

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

7.2
2022-04-14 CVE-2020-16238 Bbraun Improper Privilege Management vulnerability in Bbraun Datamodule Compactplus and Spacecom

A vulnerability in the configuration import mechanism of the B.

7.2
2022-04-14 CVE-2022-22187 Juniper Improper Privilege Management vulnerability in Juniper Identity Management Service

An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation.

7.2
2022-04-14 CVE-2022-22189 Juniper Unspecified vulnerability in Juniper Contrail Service Orchestration 6.0.0

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to.

7.2
2022-04-14 CVE-2022-1256 Mcafee Improper Privilege Management vulnerability in Mcafee Agent

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality.

7.2
2022-04-13 CVE-2022-22960 Vmware Improper Privilege Management vulnerability in VMWare products

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

7.2
2022-04-13 CVE-2022-29156 Linux Double Free vulnerability in Linux Kernel

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

7.2
2022-04-12 CVE-2021-0694 Google Incorrect Authorization vulnerability in Google Android 11.0

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions.

7.2
2022-04-12 CVE-2021-0707 Google Use After Free vulnerability in Google Android

In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free.

7.2
2022-04-12 CVE-2021-39795 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0/12.0/12.1

In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app's dedicated, app-specific directory within external storage due to a missing permission check.

7.2
2022-04-12 CVE-2021-39797 Google Improper Privilege Management vulnerability in Google Android 12.0/12.1

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code.

7.2
2022-04-12 CVE-2021-39798 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 12.0/12.1

In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check.

7.2
2022-04-12 CVE-2021-39799 Google Improper Privilege Management vulnerability in Google Android 12.0/12.1

In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation.

7.2
2022-04-12 CVE-2021-39801 Google Improper Locking vulnerability in Google Android

In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking.

7.2
2022-04-12 CVE-2021-39802 Google Improper Privilege Management vulnerability in Google Android

In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass.

7.2
2022-04-12 CVE-2021-39807 Google Improper Privilege Management vulnerability in Google Android

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check.

7.2
2022-04-12 CVE-2021-39808 Google Improper Privilege Management vulnerability in Google Android 10.0/11.0/12.0

In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation.

7.2
2022-04-12 CVE-2021-39812 Google Use After Free vulnerability in Google Android

In TBD of TBD, there is a possible out of bounds read due to a use after free.

7.2
2022-04-12 CVE-2021-39814 Google Out-of-bounds Write vulnerability in Google Android

In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check.

7.2
2022-04-12 CVE-2021-42255 Blueplanet Works Exposure of Resource to Wrong Sphere vulnerability in Blueplanet-Works Appguard

AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions.

7.2
2022-04-12 CVE-2021-42029 Siemens Improper Privilege Management vulnerability in Siemens Simatic Step 7

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2).

7.2
2022-04-12 CVE-2022-23448 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).

7.2
2022-04-11 CVE-2022-1262 Dlink OS Command Injection vulnerability in Dlink products

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.

7.2
2022-04-11 CVE-2022-1316 Zerotier Improper Privilege Management vulnerability in Zerotier Zerotierone

ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8.

7.2
2022-04-11 CVE-2022-20062 Google Use After Free vulnerability in Google Android 11.0/12.0

In mdp, there is a possible memory corruption due to a use after free.

7.2
2022-04-11 CVE-2022-20064 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 10.0/11.0/12.0

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check.

7.2
2022-04-11 CVE-2022-20075 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In ged, there is a possible out of bounds write due to an integer overflow.

7.2
2022-04-11 CVE-2022-22962 Vmware Link Following vulnerability in VMWare Horizon Client

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link.

7.2
2022-04-11 CVE-2022-22964 Vmware Unspecified vulnerability in VMWare Horizon Client

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.

7.2
2022-04-11 CVE-2022-26092 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.

7.2
2022-04-11 CVE-2022-27826 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

7.2
2022-04-11 CVE-2022-27827 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

7.2
2022-04-11 CVE-2022-27828 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

7.2
2022-04-11 CVE-2022-27829 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

7.2
2022-04-11 CVE-2022-27830 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

7.2
2022-04-11 CVE-2022-27836 Google Incorrect Authorization vulnerability in Google Android 12.0

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission.

7.2
2022-04-11 CVE-2022-27838 Samsung Incorrect Authorization vulnerability in Samsung Factorycamera

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.

7.2
2022-04-11 CVE-2022-27089 Fujitsu Unquoted Search Path or Element vulnerability in Fujitsu Plugfree Network 7.3.0.3

In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.

7.2
2022-04-11 CVE-2022-0556 Zyxel Improper Privilege Management vulnerability in Zyxel AP Configurator 1.1.4

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.

7.2
2022-04-11 CVE-2022-28893 Linux Use After Free vulnerability in Linux Kernel

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

7.2
2022-04-15 CVE-2022-20694 Cisco Reachable Assertion vulnerability in Cisco IOS XE

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition.

7.1
2022-04-14 CVE-2021-21967 Sealevel Classic Buffer Overflow vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34

An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc.

7.1
2022-04-14 CVE-2022-22198 Juniper Access of Uninitialized Pointer vulnerability in Juniper Junos 20.4/21.1/21.2

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS).

7.1

474 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-04-15 CVE-2022-26827 Microsoft Race Condition vulnerability in Microsoft products

Windows File Server Resource Management Service Elevation of Privilege Vulnerability.

6.9
2022-04-14 CVE-2022-25165 Amazon Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Amazon AWS Client VPN 2.0.0

An issue was discovered in Amazon AWS VPN Client 2.0.0.

6.9
2022-04-12 CVE-2022-0915 Logitech Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Logitech Sync

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574.

6.9
2022-04-12 CVE-2022-24765 GIT SCM Uncontrolled Search Path Element vulnerability in Git-Scm GIT

Git for Windows is a fork of Git containing Windows-specific patches.

6.9
2022-04-12 CVE-2022-24767 Microsoft Uncontrolled Search Path Element vulnerability in Microsoft Visual Studio 2017

GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.

6.9
2022-04-12 CVE-2021-39796 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack.

6.9
2022-04-12 CVE-2022-23449 Siemens Uncontrolled Search Path Element vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).

6.9
2022-04-11 CVE-2022-20052 Google Use After Free vulnerability in Google Android 11.0/12.0

In mdp, there is a possible memory corruption due to a use after free.

6.9
2022-04-11 CVE-2022-20063 Google Out-of-bounds Write vulnerability in Google Android 10.0/9.0

In atf (spm), there is a possible out of bounds write due to a missing bounds check.

6.9
2022-04-11 CVE-2022-20077 Google Race Condition vulnerability in Google Android 10.0/11.0

In vow, there is a possible memory corruption due to a race condition.

6.9
2022-04-11 CVE-2022-20078 Google Race Condition vulnerability in Google Android 11.0/12.0

In vow, there is a possible memory corruption due to a race condition.

6.9
2022-04-11 CVE-2022-20080 Google Race Condition vulnerability in Google Android

In SUB2AF, there is a possible memory corruption due to a race condition.

6.9
2022-04-15 CVE-2022-29281 Notable Improper Input Validation vulnerability in Notable

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link.

6.8
2022-04-15 CVE-2022-24473 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Excel Remote Code Execution Vulnerability.

6.8
2022-04-15 CVE-2022-24490 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability.

6.8
2022-04-15 CVE-2022-24500 Microsoft Unspecified vulnerability in Microsoft products

Windows SMB Remote Code Execution Vulnerability.

6.8
2022-04-15 CVE-2022-24528 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

6.8
2022-04-15 CVE-2022-24539 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability.

6.8
2022-04-15 CVE-2022-24543 Microsoft Unspecified vulnerability in Microsoft Windows Upgrade Assistant

Windows Upgrade Assistant Remote Code Execution Vulnerability.

6.8
2022-04-15 CVE-2022-26783 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability.

6.8
2022-04-15 CVE-2022-26901 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability.

6.8
2022-04-15 CVE-2021-36205 Johnsoncontrols Incomplete Cleanup vulnerability in Johnsoncontrols products

Under certain circumstances the session token is not cleared on logout.

6.8
2022-04-15 CVE-2022-28109 Selenium Cross-Site Request Forgery (CSRF) vulnerability in Selenium Grid

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding.

6.8
2022-04-15 CVE-2022-20679 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

6.8
2022-04-15 CVE-2022-20692 Cisco Resource Exhaustion vulnerability in Cisco IOS XE

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device.

6.8
2022-04-15 CVE-2022-20697 Cisco Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS and IOS XE

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

6.8
2022-04-15 CVE-2022-20721 Cisco Path Traversal vulnerability in Cisco IOS XE

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

6.8
2022-04-15 CVE-2022-20722 Cisco Path Traversal vulnerability in Cisco IOS XE and Ir510 Operating System

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

6.8
2022-04-15 CVE-2022-28042 Nothings
Fedoraproject
Use After Free vulnerability in multiple products

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

6.8
2022-04-15 CVE-2022-28048 STB Project
Fedoraproject
Incorrect Calculation vulnerability in multiple products

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.

6.8
2022-04-14 CVE-2022-1304 E2Fsprogs Project
Redhat
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.

6.8
2022-04-14 CVE-2021-21914 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21938 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21939 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21942 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21943 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21944 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21945 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21946 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21947 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-21948 Chitubox
Anycubic
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0.

6.8
2022-04-14 CVE-2021-21949 Accusoft Improper Validation of Array Index vulnerability in Accusoft Imagegear 19.10

An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-40398 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.10

An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10.

6.8
2022-04-14 CVE-2021-40405 Reolink Improper Resource Shutdown or Release vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102.

6.8
2022-04-14 CVE-2021-40426 Libsox Project Out-of-bounds Write vulnerability in Libsox Project Libsox 14.4.2

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e.

6.8
2022-04-14 CVE-2022-21154 Leadtools Integer Overflow or Wraparound vulnerability in Leadtools 22.0.0.0.0

An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22.

6.8
2022-04-14 CVE-2022-1350 Artifex Out-of-bounds Write vulnerability in Artifex Ghostpcl 9.55.0

A vulnerability classified as problematic was found in GhostPCL 9.55.0.

6.8
2022-04-13 CVE-2022-24828 Getcomposer
Tenable
Fedoraproject
Improper Input Validation vulnerability in multiple products

Composer is a dependency manager for the PHP programming language.

6.8
2022-04-13 CVE-2022-25795 Autodesk Improper Handling of Exceptional Conditions vulnerability in Autodesk Autocad

A maliciously crafted PDF file can be used to dereference for a write beyond the allocated buffer while parsing PDFTron files.

6.8
2022-04-13 CVE-2022-25797 Autodesk Out-of-bounds Write vulnerability in Autodesk DWG Trueview 2021/2022

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.

6.8
2022-04-13 CVE-2022-27506 Citrix Use of Hard-coded Credentials vulnerability in Citrix products

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

6.8
2022-04-12 CVE-2022-29050 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Publish Over FTP

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.

6.8
2022-04-12 CVE-2022-22549 Dell Improper Certificate Validation vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation.

6.8
2022-04-12 CVE-2021-41005 HPE Unspecified vulnerability in HPE products

A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.

6.8
2022-04-12 CVE-2022-21214 Fujielectric Heap-based Buffer Overflow vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2

The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.

6.8
2022-04-12 CVE-2022-21228 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

6.8
2022-04-12 CVE-2022-24383 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2

The affected product is vulnerable to an out-of-bounds read, which may result in code execution

6.8
2022-04-12 CVE-2022-25754 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

6.8
2022-04-12 CVE-2022-28661 Siemens Out-of-bounds Read vulnerability in Siemens Simcenter Femap 2020.2/2021.1

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2).

6.8
2022-04-12 CVE-2022-28663 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap 2020.2/2021.1

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2).

6.8
2022-04-11 CVE-2022-24827 Elide SQL Injection vulnerability in Elide 6.1.3

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort.

6.8
2022-04-11 CVE-2021-38125 Microfocus Unspecified vulnerability in Microfocus Operations Bridge 2021.05/2021.08

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08.

6.8
2022-04-11 CVE-2022-24815 Jhipster SQL Injection vulnerability in Jhipster Generator-Jhipster

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.

6.8
2022-04-11 CVE-2022-25789 Autodesk Use After Free vulnerability in Autodesk products

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability.

6.8
2022-04-11 CVE-2022-25790 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files.

6.8
2022-04-11 CVE-2022-25792 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability.

6.8
2022-04-11 CVE-2022-25794 Autodesk Out-of-bounds Read vulnerability in Autodesk FBX Review 1.4.0/1.4.1.0/1.5.0

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure.

6.8
2022-04-11 CVE-2022-25796 Autodesk Double Free vulnerability in Autodesk Navisworks 2022

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations.

6.8
2022-04-11 CVE-2022-27528 Autodesk Use After Free vulnerability in Autodesk Navisworks 2022

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability.

6.8
2022-04-11 CVE-2021-43442 I3International Unspecified vulnerability in I3International Ax46 Firmware, Ax68 Firmware and Ax78 Firmware

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.

6.8
2022-04-11 CVE-2021-32156 Webmin Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973

A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

6.8
2022-04-11 CVE-2021-32157 Webmin Cross-site Scripting vulnerability in Webmin 1.973

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

6.8
2022-04-11 CVE-2021-32159 Webmin Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.

6.8
2022-04-11 CVE-2021-32162 Webmin Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.

6.8
2022-04-15 CVE-2022-27421 Chamilo Improper Privilege Management vulnerability in Chamilo LMS 1.11.14/1.11.16

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.

6.5
2022-04-15 CVE-2022-27426 Chamilo Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

6.5
2022-04-15 CVE-2022-24857 Django Mfa3 Project Improper Authentication vulnerability in Django-Mfa3 Project Django-Mfa3

django-mfa3 is a library that implements multi factor authentication for the django web framework.

6.5
2022-04-15 CVE-2022-26898 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Remote Code Execution Vulnerability.

6.5
2022-04-15 CVE-2022-27365 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.2

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.

6.5
2022-04-15 CVE-2022-27366 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.2

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.

6.5
2022-04-15 CVE-2022-27367 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.2

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.

6.5
2022-04-15 CVE-2022-27368 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.2

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.

6.5
2022-04-15 CVE-2022-27369 Chshcms SQL Injection vulnerability in Chshcms Cscms 4.2

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.

6.5
2022-04-15 CVE-2022-27474 Salesagility Unspecified vulnerability in Salesagility Suitecrm 7.11.23

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.

6.5
2022-04-14 CVE-2022-24846 Geoserver Deserialization of Untrusted Data vulnerability in Geoserver Geowebcache

GeoWebCache is a tile caching server implemented in Java.

6.5
2022-04-14 CVE-2022-24854 Metabase Externally Controlled Reference to a Resource in Another Sphere vulnerability in Metabase

Metabase is an open source business intelligence and analytics application.

6.5
2022-04-14 CVE-2022-22966 Vmware Unspecified vulnerability in VMWare Vcloud Director 10.1.0

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.

6.5
2022-04-14 CVE-2022-21210 Lansweeper SQL Injection vulnerability in Lansweeper 9.1.20.2

An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2.

6.5
2022-04-14 CVE-2022-21234 Lansweeper SQL Injection vulnerability in Lansweeper 9.1.20.2

An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2.

6.5
2022-04-14 CVE-2022-22149 Lansweeper SQL Injection vulnerability in Lansweeper 9.1.20.2

A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2.

6.5
2022-04-14 CVE-2021-43286 Thoughtworks Command Injection vulnerability in Thoughtworks Gocd

An issue was discovered in ThoughtWorks GoCD before 21.3.0.

6.5
2022-04-13 CVE-2022-24847 Osgeo Improper Input Validation vulnerability in Osgeo Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.

6.5
2022-04-13 CVE-2022-24844 GIN VUE Admin Project SQL Injection vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack.

6.5
2022-04-13 CVE-2022-22957 Vmware Deserialization of Untrusted Data vulnerability in VMWare products

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).

6.5
2022-04-13 CVE-2022-22958 Vmware Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).

6.5
2022-04-12 CVE-2022-25753 Siemens Out-of-bounds Write vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

6.5
2022-04-11 CVE-2022-22572 Ivanti Improper Privilege Management vulnerability in Ivanti Incapptic Connect

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality.

6.5
2022-04-11 CVE-2022-27573 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.

6.5
2022-04-11 CVE-2021-40219 Bolt Code Injection vulnerability in Bolt CMS

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution.

6.5
2022-04-11 CVE-2022-1006 Elbtide SQL Injection vulnerability in Elbtide Advanced Booking Calendar

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks

6.5
2022-04-11 CVE-2022-1008 Ocdi Unrestricted Upload of File with Dangerous Type vulnerability in Ocdi ONE Click Demo Import

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

6.5
2022-04-11 CVE-2022-1023 Secondlinethemes SQL Injection vulnerability in Secondlinethemes Podcast Importer Secondline

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file

6.5
2022-04-15 CVE-2021-44488 Fisglobal
Yottadb
An issue was discovered in YottaDB through r1.32 and V7.0-000.
6.4
2022-04-15 CVE-2022-26499 Digium Server-Side Request Forgery (SSRF) vulnerability in Digium Asterisk

An SSRF issue was discovered in Asterisk through 19.x.

6.4
2022-04-14 CVE-2022-22186 Juniper Improper Initialization vulnerability in Juniper Junos

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded.

6.4
2022-04-11 CVE-2021-46742 Huawei Improper Authentication vulnerability in Huawei Emui, Harmonyos and Magic UI

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

6.4
2022-04-11 CVE-2022-26099 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.

6.4
2022-04-11 CVE-2022-27577 Sick Use of Insufficiently Random Values vulnerability in Sick Msc800 Firmware 4.0/4.10

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number.

6.4
2022-04-11 CVE-2022-1296 Radare Out-of-bounds Read vulnerability in Radare Radare2

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8.

6.4
2022-04-11 CVE-2022-1297 Radare Out-of-bounds Read vulnerability in Radare Radare2

Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8.

6.4
2022-04-11 CVE-2022-1252 Gnuboard Privacy Violation vulnerability in Gnuboard Gnuboard5

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5.

6.4
2022-04-15 CVE-2022-20684 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device.

6.1
2022-04-15 CVE-2022-20761 Cisco Improper Input Validation vulnerability in Cisco IOS

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device.

6.1
2022-04-14 CVE-2022-22191 Juniper Resource Exhaustion vulnerability in Juniper Junos

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart.

6.1
2022-04-14 CVE-2021-43257 Mantisbt Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt

Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.

6.0
2022-04-14 CVE-2022-1258 Mcafee SQL Injection vulnerability in Mcafee Agent

A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.

6.0
2022-04-13 CVE-2022-1347 Organizr Project Cross-site Scripting vulnerability in Organizr Project Organizr

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810.

6.0
2022-04-13 CVE-2022-28052 Roothub Path Traversal vulnerability in Roothub 2.6.0

Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.

6.0
2022-04-12 CVE-2022-24812 Grafana Improper Privilege Management vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

6.0
2022-04-15 CVE-2022-1365 Cross Fetch Project Incorrect Authorization vulnerability in Cross-Fetch Project Cross-Fetch

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.

5.8
2022-04-15 CVE-2022-27048 Moxa Unspecified vulnerability in Moxa products

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device.

5.8
2022-04-15 CVE-2022-26034 Yokogawa Improper Authentication vulnerability in Yokogawa B/M9000 VP and Centum VP

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server.

5.8
2022-04-14 CVE-2020-25152 Bbraun Session Fixation vulnerability in Bbraun Datamodule Compactplus and Spacecom

A session fixation vulnerability in the B.

5.8
2022-04-14 CVE-2020-25154 Bbraun Open Redirect vulnerability in Bbraun Datamodule Compactplus and Spacecom

An open redirect vulnerability in the administrative interface of the B.

5.8
2022-04-13 CVE-2022-27523 Autodesk Out-of-bounds Read vulnerability in Autodesk DWG Trueview

A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input.

5.8
2022-04-13 CVE-2022-27524 Autodesk Out-of-bounds Read vulnerability in Autodesk DWG Trueview

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input.

5.8
2022-04-13 CVE-2022-27256 Hubzilla Open Redirect vulnerability in Hubzilla

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

5.8
2022-04-12 CVE-2022-0141 Vfbpro Cross-Site Request Forgery (CSRF) vulnerability in Vfbpro Visual Form Builder

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks

5.8
2022-04-11 CVE-2022-27823 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.

5.8
2022-04-11 CVE-2022-27824 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file

5.8
2022-04-11 CVE-2022-27825 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.

5.8
2022-04-12 CVE-2022-27481 Siemens Race Condition vulnerability in Siemens products

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0).

5.7
2022-04-12 CVE-2022-22565 Dell Unspecified vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information.

5.5
2022-04-12 CVE-2022-28213 SAP Missing XML Validation vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.

5.5
2022-04-15 CVE-2022-21983 Microsoft Unspecified vulnerability in Microsoft products

Win32 Stream Enumeration Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-22009 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-24485 Microsoft Unspecified vulnerability in Microsoft products

Win32 File Enumeration Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-24495 Microsoft Unspecified vulnerability in Microsoft products

Windows Direct Show - Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-24534 Microsoft Unspecified vulnerability in Microsoft products

Win32 Stream Enumeration Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-24545 Microsoft Unspecified vulnerability in Microsoft products

Windows Kerberos Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-26830 Microsoft Unspecified vulnerability in Microsoft Windows 11 and Windows Server 2022

DiskUsage.exe Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-26916 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Compose Form Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-26917 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Compose Form Remote Code Execution Vulnerability.

5.1
2022-04-15 CVE-2022-26918 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Compose Form Remote Code Execution Vulnerability.

5.1
2022-04-12 CVE-2022-27416 Broadcom Double Free vulnerability in Broadcom Tcpreplay 4.4.1

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

5.1
2022-04-12 CVE-2022-27418 Broadcom Out-of-bounds Write vulnerability in Broadcom Tcpreplay 4.4.1

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

5.1
2022-04-16 CVE-2022-26653 Zohocorp Exposure of Resource to Wrong Sphere vulnerability in Zohocorp Manageengine Remote Access Plus

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).

5.0
2022-04-16 CVE-2022-26777 Zohocorp Exposure of Resource to Wrong Sphere vulnerability in Zohocorp Manageengine Remote Access Plus

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.

5.0
2022-04-15 CVE-2022-24279 Springtree Unspecified vulnerability in Springtree Madlib-Object-Utils

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it.

5.0
2022-04-15 CVE-2022-26831 Microsoft Unspecified vulnerability in Microsoft products

Windows LDAP Denial of Service Vulnerability.

5.0
2022-04-15 CVE-2022-26832 Microsoft Unspecified vulnerability in Microsoft .Net Framework

.NET Framework Denial of Service Vulnerability.

5.0
2022-04-15 CVE-2022-26910 Microsoft Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019

Skype for Business and Lync Spoofing Vulnerability.

5.0
2022-04-15 CVE-2022-26915 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Channel Denial of Service Vulnerability.

5.0
2022-04-15 CVE-2022-26924 Microsoft Unspecified vulnerability in Microsoft YET Another Reverse Proxy 1.0.0/1.1.0

YARP Denial of Service Vulnerability.

5.0
2022-04-15 CVE-2021-44481 Fisglobal
Yottadb
Improper Input Validation vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44482 Fisglobal
Yottadb
Improper Input Validation vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44483 Fisglobal
Yottadb
Improper Input Validation vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44484 Fisglobal
Yottadb
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44485 Fisglobal
Yottadb
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44487 Fisglobal
Yottadb
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44489 Fisglobal
Yottadb
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44490 Fisglobal
Yottadb
Incorrect Calculation vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44491 Fisglobal
Yottadb
Incorrect Calculation vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000.

5.0
2022-04-15 CVE-2021-44492 Fisglobal
Yottadb
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000.

5.0
2022-04-15 CVE-2021-44493 Fisglobal
Yottadb
Classic Buffer Overflow vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000.

5.0
2022-04-15 CVE-2021-44494 Fisglobal
Yottadb
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000.

5.0
2022-04-15 CVE-2021-44495 Fisglobal
Yottadb
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000.

5.0
2022-04-15 CVE-2021-44497 Fisglobal Use After Free vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44498 Fisglobal NULL Pointer Dereference vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44499 Fisglobal Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44500 Fisglobal Divide By Zero vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44501 Fisglobal NULL Pointer Dereference vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44502 Fisglobal Allocation of Resources Without Limits or Throttling vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44503 Fisglobal Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44504 Fisglobal Incorrect Calculation vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44505 Yottadb NULL Pointer Dereference vulnerability in Yottadb Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44506 Yottadb NULL Pointer Dereference vulnerability in Yottadb Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44507 Fisglobal NULL Pointer Dereference vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44508 Fisglobal NULL Pointer Dereference vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44509 Fisglobal Integer Underflow (Wrap or Wraparound) vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2021-44510 Fisglobal Incorrect Calculation of Buffer Size vulnerability in Fisglobal Gt.M

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base).

5.0
2022-04-15 CVE-2022-27257 Hubzilla Exposure of Resource to Wrong Sphere vulnerability in Hubzilla

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

5.0
2022-04-15 CVE-2022-27849 Plugin Planet Information Exposure vulnerability in Plugin-Planet Simple Ajax Chat

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115

5.0
2022-04-15 CVE-2022-21159 MZ Automation Infinite Loop vulnerability in Mz-Automation Libiec61850 1.5.0

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0.

5.0
2022-04-15 CVE-2022-20714 Cisco Out-of-bounds Read vulnerability in Cisco IOS XR

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset.

5.0
2022-04-15 CVE-2022-20726 Cisco Unspecified vulnerability in Cisco products

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

5.0
2022-04-15 CVE-2022-27043 Yearning Path Traversal vulnerability in Yearning 2.3.1/2.3.2

Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal.

5.0
2022-04-15 CVE-2022-28345 Signal Injection vulnerability in Signal

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection.

5.0
2022-04-15 CVE-2022-26498 Digium Resource Exhaustion vulnerability in Digium Asterisk

An issue was discovered in Asterisk through 19.x.

5.0
2022-04-14 CVE-2022-24824 Discourse Inclusion of Functionality from Untrusted Control Sphere vulnerability in Discourse

Discourse is an open source platform for community discussion.

5.0
2022-04-14 CVE-2020-25164 Bbraun Use of a One-Way Hash without a Salt vulnerability in Bbraun Datamodule Compactplus and Spacecom

A vulnerability in the B.

5.0
2022-04-14 CVE-2021-28505 Arista Incorrect Authorization vulnerability in Arista EOS

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

5.0
2022-04-14 CVE-2022-1328 Mutt
Debian
Classic Buffer Overflow vulnerability in multiple products

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

5.0
2022-04-14 CVE-2022-22968 Vmware Improper Handling of Case Sensitivity vulnerability in VMWare Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

5.0
2022-04-14 CVE-2021-40392 Moxa Cleartext Transmission of Sensitive Information vulnerability in Moxa Mxview 3.2.4

An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4.

5.0
2022-04-14 CVE-2021-40400 Gerbv Project Out-of-bounds Read vulnerability in Gerbv Project Gerbv 2.7.0

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a).

5.0
2022-04-14 CVE-2021-40402 Gerbv Project Out-of-bounds Read vulnerability in Gerbv Project Gerbv 2.7.0/2.7.1/2.8.0

An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0.

5.0
2022-04-14 CVE-2021-44354 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2021-44355 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2021-44356 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2021-44357 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2021-44366 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2021-44375 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2021-44394 Reolink Improper Input Validation vulnerability in Reolink Rlc-410W Firmware 3.0.0.13620121102

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102.

5.0
2022-04-14 CVE-2022-22185 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding.

5.0
2022-04-14 CVE-2022-22194 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

5.0
2022-04-14 CVE-2022-27008 F5 Classic Buffer Overflow vulnerability in F5 NJS 0.7.2

nginx njs 0.7.2 is vulnerable to Buffer Overflow.

5.0
2022-04-14 CVE-2021-43289 Thoughtworks Path Traversal vulnerability in Thoughtworks Gocd

An issue was discovered in ThoughtWorks GoCD before 21.3.0.

5.0
2022-04-14 CVE-2022-27444 Mariadb Unspecified vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

5.0
2022-04-14 CVE-2022-27445 Mariadb Unspecified vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

5.0
2022-04-14 CVE-2022-27446 Mariadb Unspecified vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

5.0
2022-04-14 CVE-2022-27447 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

5.0
2022-04-14 CVE-2022-27448 Mariadb Reachable Assertion vulnerability in Mariadb

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

5.0
2022-04-14 CVE-2022-27449 Mariadb Unspecified vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

5.0
2022-04-14 CVE-2022-27451 Mariadb Unspecified vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

5.0
2022-04-14 CVE-2022-27452 Mariadb Unspecified vulnerability in Mariadb

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

5.0
2022-04-14 CVE-2022-27455 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

5.0
2022-04-14 CVE-2022-27456 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

5.0
2022-04-14 CVE-2022-27457 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

5.0
2022-04-14 CVE-2022-27458 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.

5.0
2022-04-14 CVE-2021-43287 Thoughtworks Information Exposure vulnerability in Thoughtworks Gocd

An issue was discovered in ThoughtWorks GoCD before 21.3.0.

5.0
2022-04-14 CVE-2022-1279 Ebics Java Project Unspecified vulnerability in Ebics Java Project Ebics Java

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads.

5.0
2022-04-13 CVE-2022-24843 GIN VUE Admin Project Path Traversal vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack.

5.0
2022-04-13 CVE-2021-41119 Wire Resource Exhaustion vulnerability in Wire Wire-Server 20210816

Wire-server is the system server for the wire back-end services.

5.0
2022-04-13 CVE-2022-22961 Vmware Exposure of Resource to Wrong Sphere vulnerability in VMWare products

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information.

5.0
2022-04-13 CVE-2022-26643 Johnsoncontrols Unspecified vulnerability in Johnsoncontrols Easyio CPT Graphics 0.8

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.

5.0
2022-04-13 CVE-2022-1339 Pimcore SQL Injection vulnerability in Pimcore

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5.

5.0
2022-04-12 CVE-2022-27376 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27377 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27378 Mariadb SQL Injection vulnerability in Mariadb

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27379 Mariadb SQL Injection vulnerability in Mariadb

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27380 Mariadb SQL Injection vulnerability in Mariadb

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27381 Mariadb SQL Injection vulnerability in Mariadb

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27382 Mariadb Reachable Assertion vulnerability in Mariadb

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

5.0
2022-04-12 CVE-2022-27383 Mariadb Use After Free vulnerability in Mariadb

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27384 Mariadb SQL Injection vulnerability in Mariadb

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27385 Mariadb SQL Injection vulnerability in Mariadb

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-27386 Mariadb SQL Injection vulnerability in Mariadb

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

5.0
2022-04-12 CVE-2022-27387 Mariadb Classic Buffer Overflow vulnerability in Mariadb

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

5.0
2022-04-12 CVE-2022-29047 Jenkins Incorrect Authorization vulnerability in Jenkins Pipeline: Shared Groovy Libraries

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.

5.0
2022-04-12 CVE-2022-22559 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell EMC Powerscale Onefs 9.3.0

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm.

5.0
2022-04-12 CVE-2022-22562 Dell Unspecified vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit.

5.0
2022-04-12 CVE-2022-23161 Dell Unspecified vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect.

5.0
2022-04-12 CVE-2022-24070 Apache
Debian
Use After Free vulnerability in multiple products

Subversion's mod_dav_svn is vulnerable to memory corruption.

5.0
2022-04-12 CVE-2022-24412 Dell Unspecified vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability.

5.0
2022-04-12 CVE-2021-39809 Google Out-of-bounds Read vulnerability in Google Android

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check.

5.0
2022-04-12 CVE-2022-21155 Fernhillsoftware Improper Handling of Exceptional Conditions vulnerability in Fernhillsoftware Scada Server

A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit.

5.0
2022-04-12 CVE-2022-23703 HPE Unspecified vulnerability in HPE Nimbleos

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update.

5.0
2022-04-12 CVE-2022-27669 SAP Missing Authorization vulnerability in SAP Netweaver Application Server for Java 7.50

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted.

5.0
2022-04-12 CVE-2022-28772 SAP Out-of-bounds Write vulnerability in SAP Netweaver and web Dispatcher

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

5.0
2022-04-12 CVE-2022-28773 SAP Resource Exhaustion vulnerability in SAP Netweaver and web Dispatcher

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

5.0
2022-04-12 CVE-2022-21803 Nconf Project Unspecified vulnerability in Nconf Project Nconf

This affects the package nconf before 0.11.4.

5.0
2022-04-12 CVE-2021-32040 Mongodb Out-of-bounds Write vulnerability in Mongodb

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage.

5.0
2022-04-12 CVE-2022-0140 Vfbpro Information Exposure vulnerability in Vfbpro Visual Form Builder

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

5.0
2022-04-12 CVE-2021-40368 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl.

5.0
2022-04-12 CVE-2022-25622 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl.

5.0
2022-04-12 CVE-2022-25755 Siemens Exposure of Resource to Wrong Sphere vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

5.0
2022-04-12 CVE-2022-27241 Mendix Information Exposure vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11).

5.0
2022-04-12 CVE-2022-27480 Siemens Missing Authorization vulnerability in Siemens products

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80).

5.0
2022-04-12 CVE-2022-1302 MZ Automation Unspecified vulnerability in Mz-Automation Libiec61850

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

5.0
2022-04-11 CVE-2022-24836 Nokogiri
Fedoraproject
Nokogiri is an open source XML and HTML library for Ruby.
5.0
2022-04-11 CVE-2022-24839 Nekohtml Project Resource Exhaustion vulnerability in Nekohtml Project Nekohtml

org.cyberneko.html is an html parser written in Java.

5.0
2022-04-11 CVE-2022-24837 Hedgedoc Unrestricted Upload of File with Dangerous Type vulnerability in Hedgedoc

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor.

5.0
2022-04-11 CVE-2021-22055 Vmware Injection vulnerability in VMWare Photon OS 1.0

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter.

5.0
2022-04-11 CVE-2021-40065 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-04-11 CVE-2021-46740 Huawei Improper Authentication vulnerability in Huawei Emui and Harmonyos

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-04-11 CVE-2021-4047 Redhat Unspecified vulnerability in Redhat Openshift 4.9

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing.

5.0
2022-04-11 CVE-2022-22253 Huawei Improper Validation of Integrity Check Value vulnerability in Huawei Emui, Harmonyos and Magic UI

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

5.0
2022-04-11 CVE-2022-22254 Huawei Incorrect Authorization vulnerability in Huawei Emui, Harmonyos and Magic UI

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-04-11 CVE-2022-22255 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.

5.0
2022-04-11 CVE-2022-22256 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

5.0
2022-04-11 CVE-2022-22257 Huawei Improper Privilege Management vulnerability in Huawei Emui, Harmonyos and Magic UI

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

5.0
2022-04-11 CVE-2022-24804 Discourse Incorrect Default Permissions vulnerability in Discourse

Discourse is an open source platform for community discussion.

5.0
2022-04-11 CVE-2022-27844 Wpvivid Path Traversal vulnerability in Wpvivid Migration, Backup, Staging

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70

5.0
2022-04-11 CVE-2022-28544 Samsung Path Traversal vulnerability in Samsung Galaxy Store 4.5.32.4

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.

5.0
2022-04-11 CVE-2021-38929 IBM Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0

IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs.

5.0
2022-04-11 CVE-2021-38930 IBM Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0

IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs.

5.0
2022-04-11 CVE-2022-0828 Wpdownloadmanager Inadequate Encryption Strength vulnerability in Wpdownloadmanager Wordpress Download Manager

The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

5.0
2022-04-11 CVE-2022-0919 Salonbookingsystem Missing Authorization vulnerability in Salonbookingsystem Salon Booking System

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.

5.0
2022-04-11 CVE-2022-0920 Salonbookingsystem Incorrect Authorization vulnerability in Salonbookingsystem Salon Booking System

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data

5.0
2022-04-11 CVE-2022-0989 Nsthemes Unspecified vulnerability in Nsthemes NS Watermark for Woocommerce

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.

5.0
2022-04-11 CVE-2022-27041 Os4Ed SQL Injection vulnerability in Os4Ed Opensis 8.0

Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.

5.0
2022-04-15 CVE-2022-24483 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability.

4.9
2022-04-15 CVE-2022-24493 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability.

4.9
2022-04-15 CVE-2022-26920 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Information Disclosure Vulnerability.

4.9
2022-04-15 CVE-2022-20661 Cisco Improper Initialization vulnerability in Cisco IOS

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition.

4.9
2022-04-14 CVE-2021-40424 Webroot Out-of-bounds Read vulnerability in Webroot Secureanywhere 21.4

An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4.

4.9
2022-04-14 CVE-2021-40425 Webroot Out-of-bounds Read vulnerability in Webroot Secureanywhere 21.4

An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4.

4.9
2022-04-12 CVE-2022-22560 Dell Use of Hard-coded Credentials vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials.

4.9
2022-04-11 CVE-2022-24832 Thoughtworks Injection vulnerability in Thoughtworks Gocd

GoCD is an open source a continuous delivery server.

4.9
2022-04-11 CVE-2022-26414 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

4.9
2022-04-14 CVE-2022-22193 Juniper Improper Handling of Unexpected Data Type vulnerability in Juniper Junos and Junos OS Evolved

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).

4.7
2022-04-15 CVE-2022-27427 Chamilo Code Injection vulnerability in Chamilo LMS 1.11.14/1.11.16

A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin.

4.6
2022-04-15 CVE-2022-23257 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability.

4.6
2022-04-15 CVE-2022-24474 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Win32k Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24479 Microsoft Improper Privilege Management vulnerability in Microsoft products

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24481 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24486 Microsoft Unspecified vulnerability in Microsoft products

Windows Kerberos Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24488 Microsoft Unspecified vulnerability in Microsoft products

Windows Desktop Bridge Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24489 Microsoft Improper Privilege Management vulnerability in Microsoft products

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24494 Microsoft Unspecified vulnerability in Microsoft products

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24496 Microsoft Unspecified vulnerability in Microsoft products

Local Security Authority (LSA) Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24499 Microsoft Unspecified vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24513 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

Visual Studio Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24521 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24527 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24530 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24542 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32k Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24544 Microsoft Unspecified vulnerability in Microsoft products

Windows Kerberos Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24546 Microsoft Unspecified vulnerability in Microsoft products

Windows DWM Core Library Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24547 Microsoft Unspecified vulnerability in Microsoft products

Windows Digital Media Receiver Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-24549 Microsoft Unspecified vulnerability in Microsoft products

Windows AppX Package Manager Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26786 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26787 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26788 Microsoft Unspecified vulnerability in Microsoft products

PowerShell Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26789 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26790 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26791 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26792 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26793 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26794 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26795 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26796 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26797 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26801 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26802 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26810 Microsoft Unspecified vulnerability in Microsoft products

Windows File Server Resource Management Service Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26914 Microsoft Improper Privilege Management vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability.

4.6
2022-04-15 CVE-2022-26921 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Elevation of Privilege Vulnerability.

4.6
2022-04-14 CVE-2020-25160 Bbraun Incorrect Authorization vulnerability in Bbraun Datamodule Compactplus and Spacecom

Improper access controls in the B.

4.6
2022-04-13 CVE-2021-46167 Pd065 Project Incorrect Authorization vulnerability in Pd065 Project Pd065 Firmware 1.19

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS).

4.6
2022-04-12 CVE-2022-22550 Dell Insufficiently Protected Credentials vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability.

4.6
2022-04-12 CVE-2022-24411 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability.

4.6
2022-04-12 CVE-2022-23702 HPE Improper Privilege Management vulnerability in HPE products

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers.

4.6
2022-04-11 CVE-2022-20065 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In ccci, there is a possible out of bounds read due to a missing bounds check.

4.6
2022-04-11 CVE-2022-20067 Google Out-of-bounds Write vulnerability in Google Android

In mdp, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-04-11 CVE-2022-20068 Google Link Following vulnerability in Google Android 10.0/11.0/12.0

In mobile_log_d, there is a possible symbolic link following due to an improper link resolution.

4.6
2022-04-11 CVE-2022-20070 Google Improper Input Validation vulnerability in Google Android 11.0/12.0

In ssmr, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-04-11 CVE-2022-20071 Google Improper Certificate Validation vulnerability in Google Android 11.0/12.0

In ccu, there is a possible escalation of privilege due to a missing certificate validation.

4.6
2022-04-11 CVE-2022-20072 Google Incorrect Comparison vulnerability in Google Android 11.0/12.0

In search engine service, there is a possible way to change the default search engine due to an incorrect comparison.

4.6
2022-04-11 CVE-2022-25832 Google Improper Authentication vulnerability in Google Android 11.0/12.0

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.

4.6
2022-04-11 CVE-2022-26091 Google Improper Authentication vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.

4.6
2022-04-11 CVE-2022-27578 Sick Unspecified vulnerability in Sick Overall Equipment Effectiveness 0.5.1

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.

4.6
2022-04-11 CVE-2022-27833 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.

4.6
2022-04-11 CVE-2022-28541 Samsung Uncontrolled Search Path Element vulnerability in Samsung Update

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.

4.6
2022-04-11 CVE-2022-28776 Samsung Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.

4.6
2022-04-11 CVE-2022-28779 Samsung Uncontrolled Search Path Element vulnerability in Samsung Android USB Driver Windows Installer

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.

4.6
2022-04-11 CVE-2022-27088 Ivanti Unquoted Search Path or Element vulnerability in Ivanti DSM Remote

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.

4.6
2022-04-15 CVE-2022-24482 Microsoft Race Condition vulnerability in Microsoft products

Windows ALPC Elevation of Privilege Vulnerability.

4.4
2022-04-15 CVE-2022-24540 Microsoft Race Condition vulnerability in Microsoft products

Windows ALPC Elevation of Privilege Vulnerability.

4.4
2022-04-15 CVE-2022-26807 Microsoft Race Condition vulnerability in Microsoft products

Windows Work Folder Service Elevation of Privilege Vulnerability.

4.4
2022-04-15 CVE-2022-26808 Microsoft Race Condition vulnerability in Microsoft products

Windows File Explorer Elevation of Privilege Vulnerability.

4.4
2022-04-15 CVE-2022-26828 Microsoft Race Condition vulnerability in Microsoft products

Windows Bluetooth Driver Elevation of Privilege Vulnerability.

4.4
2022-04-15 CVE-2022-26904 Microsoft Race Condition vulnerability in Microsoft products

Windows User Profile Service Elevation of Privilege Vulnerability.

4.4
2022-04-15 CVE-2022-27188 Yokogawa OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.

4.4
2022-04-11 CVE-2022-20069 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In preloader (usb), there is a possible out of bounds write due to an integer overflow.

4.4
2022-04-11 CVE-2022-20073 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 10.0/11.0/12.0

In preloader (usb), there is a possible out of bounds write due to a integer underflow.

4.4
2022-04-11 CVE-2022-20074 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In preloader (partition), there is a possible out of bounds write due to a missing bounds check.

4.4
2022-04-11 CVE-2022-25791 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.

4.4
2022-04-11 CVE-2022-27834 Google Use After Free vulnerability in Google Android 10.0/11.0/12.0

Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.

4.4
2022-04-11 CVE-2022-27842 Samsung Uncontrolled Search Path Element vulnerability in Samsung Smart Switch PC

DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.

4.4
2022-04-11 CVE-2022-27843 Samsung Uncontrolled Search Path Element vulnerability in Samsung Kies 2.3.2.12074/2.3.2.120741313/2.5.0.120942711

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.

4.4
2022-04-16 CVE-2022-28966 Wasm3 Project Out-of-bounds Write vulnerability in Wasm3 Project Wasm3 0.5.0

Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c).

4.3
2022-04-16 CVE-2022-29020 Forestblog Project Cross-site Scripting vulnerability in Forestblog Project Forestblog 20190404

ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.

4.3
2022-04-15 CVE-2022-27422 Chamilo Cross-site Scripting vulnerability in Chamilo LMS

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.

4.3
2022-04-15 CVE-2022-27425 Chamilo Cross-site Scripting vulnerability in Chamilo

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.

4.3
2022-04-15 CVE-2022-23292 Microsoft Unspecified vulnerability in Microsoft On-Premises Data Gateway

Microsoft Power BI Spoofing Vulnerability.

4.3
2022-04-15 CVE-2022-24548 Microsoft Unspecified vulnerability in Microsoft Malware Protection Engine

Microsoft Defender Denial of Service Vulnerability.

4.3
2022-04-15 CVE-2022-27850 Plugin Planet Cross-Site Request Forgery (CSRF) vulnerability in Plugin-Planet Simple Ajax Chat

Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.

4.3
2022-04-15 CVE-2022-27851 Dineshkarki Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki USE ANY Font

Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.

4.3
2022-04-15 CVE-2022-27852 Wpchill Cross-site Scripting vulnerability in Wpchill KB Support

Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5

4.3
2022-04-15 CVE-2022-26594 Liferay Cross-site Scripting vulnerability in Liferay Portal 7.3.5/7.3.6/7.4.0

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.

4.3
2022-04-15 CVE-2022-27258 Hubzilla Cross-site Scripting vulnerability in Hubzilla 7.0.3

Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter.

4.3
2022-04-15 CVE-2022-1231 Plantuml
Fedoraproject
Cross-site Scripting vulnerability in multiple products

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4.

4.3
2022-04-15 CVE-2022-20735 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

4.3
2022-04-15 CVE-2022-28041 Nothings
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc.

4.3
2022-04-15 CVE-2022-28049 F5 NULL Pointer Dereference vulnerability in F5 NJS 0.7.2

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.

4.3
2022-04-15 CVE-2022-28868 F Secure Unspecified vulnerability in F-Secure Safe 17.9/18.4.0/18.5

An Address bar spoofing vulnerability was discovered in Safe Browser for Android.

4.3
2022-04-15 CVE-2022-28869 F Secure Unspecified vulnerability in F-Secure Safe 17.9/18.4.0/18.5

A vulnerability affecting F-Secure SAFE browser was discovered.

4.3
2022-04-15 CVE-2022-28870 F Secure Unspecified vulnerability in F-Secure Safe 17.9/18.4.0/18.5

A vulnerability affecting F-Secure SAFE browser was discovered.

4.3
2022-04-14 CVE-2022-24849 Aitsys Information Exposure vulnerability in Aitsys Discatsharp 9.8.5/9.8.6/9.9.0

DisCatSharp is a Discord API wrapper for .NET.

4.3
2022-04-14 CVE-2020-25158 Bbraun Cross-site Scripting vulnerability in Bbraun Datamodule Compactplus and Spacecom

A reflected cross-site scripting (XSS) vulnerability in the B.

4.3
2022-04-14 CVE-2022-22182 Juniper Cross-site Scripting vulnerability in Juniper Junos

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.

4.3
2022-04-14 CVE-2022-22188 Juniper Uncontrolled Memory Allocation vulnerability in Juniper Junos 20.2

An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS).

4.3
2022-04-14 CVE-2022-22190 Juniper Incorrect Authorization vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information.

4.3
2022-04-14 CVE-2022-22197 Juniper Operation on a Resource after Expiration or Release vulnerability in Juniper Junos and Junos OS Evolved

An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS).

4.3
2022-04-14 CVE-2022-25166 Amazon Information Exposure vulnerability in Amazon AWS Client VPN 2.0.0

An issue was discovered in Amazon AWS VPN Client 2.0.0.

4.3
2022-04-13 CVE-2021-43154 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.15

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

4.3
2022-04-13 CVE-2022-0023 Paloaltonetworks Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly.

4.3
2022-04-13 CVE-2022-22959 Vmware Cross-Site Request Forgery (CSRF) vulnerability in VMWare products

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.

4.3
2022-04-13 CVE-2022-27505 Citrix Cross-site Scripting vulnerability in Citrix products

Reflected cross site scripting (XSS)

4.3
2022-04-13 CVE-2022-27846 Yooslider Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.

4.3
2022-04-13 CVE-2022-27847 Yooslider Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.

4.3
2022-04-13 CVE-2022-0221 Schneider Electric XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench.

4.3
2022-04-13 CVE-2022-26144 Mantisbt Cross-site Scripting vulnerability in Mantisbt

An XSS issue was discovered in MantisBT before 2.25.3.

4.3
2022-04-13 CVE-2020-29653 Froxlor Cross-site Scripting vulnerability in Froxlor

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter.

4.3
2022-04-13 CVE-2022-27475 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 1.0

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.

4.3
2022-04-13 CVE-2022-26589 Pluck CMS Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.

4.3
2022-04-12 CVE-2022-27419 RTL 433 Project Out-of-bounds Write vulnerability in RTL 433 Project RTL 433 21.12

rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c.

4.3
2022-04-12 CVE-2022-29048 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Subversion

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

4.3
2022-04-12 CVE-2021-36914 Claderaform Cross-site Scripting vulnerability in Claderaform Calderawp License Manager 1.2.11

Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11.

4.3
2022-04-12 CVE-2021-39803 Google Out-of-bounds Read vulnerability in Google Android

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free.

4.3
2022-04-12 CVE-2021-39804 Google NULL Pointer Dereference vulnerability in Google Android 11.0/12.0/12.1

In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check.

4.3
2022-04-12 CVE-2022-21168 Fujielectric Access of Uninitialized Pointer vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2

The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.

4.3
2022-04-12 CVE-2022-21202 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Alpha5 Smart Loader Firmware 3.7/4.2

The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.

4.3
2022-04-12 CVE-2022-26105 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network.

4.3
2022-04-12 CVE-2022-26106 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-04-12 CVE-2022-26107 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-04-12 CVE-2022-26108 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-04-12 CVE-2022-26109 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-04-12 CVE-2022-27261 Express Fileupload Project Unrestricted Upload of File with Dangerous Type vulnerability in Express-Fileupload Project Express-Fileupload 1.3.1

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

4.3
2022-04-12 CVE-2022-27654 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-04-12 CVE-2022-27655 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-04-12 CVE-2022-27667 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 430

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

4.3
2022-04-12 CVE-2022-27671 SAP Information Exposure Through Sent Data vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

4.3
2022-04-12 CVE-2022-28215 SAP Open Redirect vulnerability in SAP Netweaver Abap 740/750/787

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.

4.3
2022-04-12 CVE-2022-28216 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network.

4.3
2022-04-12 CVE-2022-28770 SAP Cross-site Scripting vulnerability in SAP Sapui5 Library

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code.

4.3
2022-04-12 CVE-2022-28795 Avira Unspecified vulnerability in Avira Password Manager

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically.

4.3
2022-04-12 CVE-2022-25756 Siemens Cross-site Scripting vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

4.3
2022-04-12 CVE-2022-28662 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap 2020.2/2021.1

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2).

4.3
2022-04-11 CVE-2022-24833 Privatebin Cross-site Scripting vulnerability in Privatebin

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data.

4.3
2022-04-11 CVE-2022-0552 Redhat HTTP Request Smuggling vulnerability in Redhat Origin-Aggregated-Logging 3.11

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete.

4.3
2022-04-11 CVE-2022-20081 Google Improper Certificate Validation vulnerability in Google Android 10.0/11.0/12.0

In A-GPS, there is a possible man in the middle attack due to improper certificate validation.

4.3
2022-04-11 CVE-2022-24829 Garden Missing Authentication for Critical Function vulnerability in Garden

Garden is an automation platform for Kubernetes development and testing.

4.3
2022-04-11 CVE-2022-25614 Stylemixthemes Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.

4.3
2022-04-11 CVE-2022-25615 Stylemixthemes Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.

4.3
2022-04-11 CVE-2022-27575 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.

4.3
2022-04-11 CVE-2022-27576 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission

4.3
2022-04-11 CVE-2022-27821 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.

4.3
2022-04-11 CVE-2022-27839 Samsung Improper Authentication vulnerability in Samsung Internet

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.

4.3
2022-04-11 CVE-2021-24986 Pickplugins Cross-site Scripting vulnerability in Pickplugins Post Grid

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form

4.3
2022-04-11 CVE-2021-24987 Heateor Cross-site Scripting vulnerability in Heateor Super Socializer

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.

4.3
2022-04-11 CVE-2021-34250 Baijiacms Project Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 4.0

An issue was discovered in baijiacms v4.

4.3
2022-04-11 CVE-2022-0271 Thimpress Cross-site Scripting vulnerability in Thimpress Learnpress

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting

4.3
2022-04-11 CVE-2022-0314 Presscustomizr Cross-site Scripting vulnerability in Presscustomizr Nimble Page Builder

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

4.3
2022-04-11 CVE-2022-0471 Realfavicongenerator Cross-site Scripting vulnerability in Realfavicongenerator Favicon BY Realfavicongenerator

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue

4.3
2022-04-11 CVE-2022-0531 Wpvivid Cross-site Scripting vulnerability in Wpvivid Migration, Backup, Staging

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting

4.3
2022-04-11 CVE-2022-0892 Atlasgondal Cross-site Scripting vulnerability in Atlasgondal Export ALL Urls

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting

4.3
2022-04-11 CVE-2022-0914 Atlasgondal Cross-Site Request Forgery (CSRF) vulnerability in Atlasgondal Export ALL Urls

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example

4.3
2022-04-11 CVE-2022-1007 Elbtide Cross-site Scripting vulnerability in Elbtide Advanced Booking Calendar

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

4.3
2022-04-11 CVE-2021-32158 Webmin Cross-site Scripting vulnerability in Webmin 1.973

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.

4.3
2022-04-11 CVE-2021-32160 Webmin Cross-site Scripting vulnerability in Webmin 1.973

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.

4.3
2022-04-11 CVE-2021-32161 Webmin Cross-site Scripting vulnerability in Webmin 1.973

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.

4.3
2022-04-16 CVE-2022-29287 Kentico Authorization Bypass Through User-Controlled Key vulnerability in Kentico

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability.

4.0
2022-04-15 CVE-2022-24498 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Target Service Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-24538 Microsoft Unspecified vulnerability in Microsoft products

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability.

4.0
2022-04-15 CVE-2022-26784 Microsoft Unspecified vulnerability in Microsoft products

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability.

4.0
2022-04-15 CVE-2022-26785 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-26816 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows DNS Server Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-26896 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-26897 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-26907 Microsoft Information Exposure Through Log Files vulnerability in Microsoft Azure SDK for .Net

Azure SDK for .NET Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-26911 Microsoft Unspecified vulnerability in Microsoft Lync Server and Skype for Business Server

Skype for Business Information Disclosure Vulnerability.

4.0
2022-04-15 CVE-2022-20747 Cisco Unspecified vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system.

4.0
2022-04-14 CVE-2022-24850 Discourse Information Exposure vulnerability in Discourse

Discourse is an open source platform for community discussion.

4.0
2022-04-14 CVE-2022-22391 IBM Information Exposure vulnerability in IBM products

IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to.

4.0
2022-04-13 CVE-2022-1332 Mattermost Improper Privilege Management vulnerability in Mattermost Server

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.

4.0
2022-04-13 CVE-2022-1333 Mattermost Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Playbooks

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.

4.0
2022-04-13 CVE-2022-1337 Mattermost Resource Exhaustion vulnerability in Mattermost Server

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.

4.0
2022-04-13 CVE-2022-22279 Sonicwall Improper Authentication vulnerability in Sonicwall products

** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions.

4.0
2022-04-12 CVE-2022-29049 Jenkins Improper Input Validation vulnerability in Jenkins Promoted Builds

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.

4.0
2022-04-12 CVE-2022-29051 Jenkins Missing Authorization vulnerability in Jenkins Publish Over FTP

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.

4.0
2022-04-12 CVE-2022-29052 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Google Compute Engine

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

4.0
2022-04-12 CVE-2022-23159 Dell Memory Leak vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability.

4.0
2022-04-12 CVE-2022-23160 Dell Improper Privilege Management vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability.

4.0
2022-04-12 CVE-2022-22541 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections.

4.0
2022-04-12 CVE-2022-27657 SAP Path Traversal vulnerability in SAP Focused RUN 1.0

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.

4.0
2022-04-12 CVE-2022-27670 SAP Resource Injection vulnerability in SAP SQL Anywhere 17.0

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.

4.0
2022-04-12 CVE-2022-25650 Mendix Exposure of Resource to Wrong Sphere vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3).

4.0
2022-04-11 CVE-2022-1067 Lifepoint Improper Authentication vulnerability in Lifepoint Patient Portal

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.

4.0
2022-04-11 CVE-2021-37293 Kevinlab Path Traversal vulnerability in Kevinlab 4ST L-Bems 1.0.0

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.

4.0
2022-04-11 CVE-2022-29035 Jetbrains Use of Insufficiently Random Values vulnerability in Jetbrains Ktor

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations

4.0
2022-04-11 CVE-2022-0246 Webence External Control of File Name or Path vulnerability in Webence IQ Block Country

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality.

4.0

86 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-04-14 CVE-2022-27817 Waycrate Exposure of Resource to Wrong Sphere vulnerability in Waycrate Swhkd 1.1.5

SWHKD 1.1.5 consumes the keyboard events of unintended users.

3.6
2022-04-11 CVE-2022-27831 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.

3.6
2022-04-11 CVE-2022-27840 Samsung Incorrect Default Permissions vulnerability in Samsung Recovery

Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.

3.6
2022-04-16 CVE-2022-1380 Snipeitapp Cross-site Scripting vulnerability in Snipeitapp Snipe-It

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3.

3.5
2022-04-15 CVE-2022-24472 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Spoofing Vulnerability.

3.5
2022-04-15 CVE-2022-24851 Ldap Account Manager Cross-site Scripting vulnerability in Ldap-Account-Manager Ldap Account Manager

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory.

3.5
2022-04-15 CVE-2021-36828 WP Maintenance Project Cross-site Scripting vulnerability in WP Maintenance Project WP Maintenance

Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs.

3.5
2022-04-14 CVE-2022-24855 Metabase Cross-site Scripting vulnerability in Metabase

Metabase is an open source business intelligence and analytics application.

3.5
2022-04-14 CVE-2022-27848 Webnus Cross-site Scripting vulnerability in Webnus Modern Events Calendar Lite

Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1

3.5
2022-04-14 CVE-2022-21145 Lansweeper Cross-site Scripting vulnerability in Lansweeper 9.1.20.2

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2.

3.5
2022-04-14 CVE-2022-22181 Juniper Cross-site Scripting vulnerability in Juniper Junos

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web.

3.5
2022-04-14 CVE-2021-45227 Coins Global Cross-site Scripting vulnerability in Coins-Global Coins Construction Cloud 11.12

An issue was discovered in COINS Construction Cloud 11.12.

3.5
2022-04-14 CVE-2021-45228 Coins Global Cross-site Scripting vulnerability in Coins-Global Coins Construction Cloud 11.12

An XSS issue was discovered in COINS Construction Cloud 11.12.

3.5
2022-04-14 CVE-2021-43288 Thoughtworks Cross-site Scripting vulnerability in Thoughtworks Gocd

An issue was discovered in ThoughtWorks GoCD before 21.3.0.

3.5
2022-04-14 CVE-2021-43633 Messaging WEB Application Project Cross-site Scripting vulnerability in Messaging web Application Project Messaging web Application 1.0

Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS.

3.5
2022-04-14 CVE-2022-1351 Pimcore Cross-site Scripting vulnerability in Pimcore

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.

3.5
2022-04-13 CVE-2022-1345 Organizr Project Unrestricted Upload of File with Dangerous Type vulnerability in Organizr Project Organizr

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810.

3.5
2022-04-13 CVE-2022-1344 Organizr Project Cross-site Scripting vulnerability in Organizr Project Organizr

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810.

3.5
2022-04-13 CVE-2022-1346 Organizr Project Cross-site Scripting vulnerability in Organizr Project Organizr

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810.

3.5
2022-04-13 CVE-2021-42136 Vanderbilt Cross-site Scripting vulnerability in Vanderbilt Redcap

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value.

3.5
2022-04-13 CVE-2021-43742 Cmssimple Project Cross-site Scripting vulnerability in Cmssimple Project Cmssimple 5.4

CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.

3.5
2022-04-12 CVE-2022-1330 Fullpage Project Cross-site Scripting vulnerability in Fullpage Project Fullpage

stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4.

3.5
2022-04-12 CVE-2022-29036 Jenkins Cross-site Scripting vulnerability in Jenkins Credentials

Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29037 Jenkins Cross-site Scripting vulnerability in Jenkins CVS 2.16

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29038 Jenkins Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29039 Jenkins Cross-site Scripting vulnerability in Jenkins Gerrit Trigger

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29040 Jenkins Cross-site Scripting vulnerability in Jenkins GIT Parameter

Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29041 Jenkins Cross-site Scripting vulnerability in Jenkins Jira

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29042 Jenkins Cross-site Scripting vulnerability in Jenkins JOB Generator

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29043 Jenkins Cross-site Scripting vulnerability in Jenkins Mask Passwords

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29044 Jenkins Cross-site Scripting vulnerability in Jenkins Node and Label Parameter

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29045 Jenkins Cross-site Scripting vulnerability in Jenkins Promoted Builds

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2022-29046 Jenkins Cross-site Scripting vulnerability in Jenkins Subversion

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

3.5
2022-04-12 CVE-2021-28544 Apache
Debian
Incorrect Authorization vulnerability in multiple products

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.

3.5
2022-04-11 CVE-2021-36846 Premio Cross-site Scripting vulnerability in Premio Chaty

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3

3.5
2022-04-11 CVE-2021-36848 Sharethis Cross-site Scripting vulnerability in Sharethis Social Media Feather

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4

3.5
2022-04-11 CVE-2021-36893 Wpdarko Cross-site Scripting vulnerability in Wpdarko Responsive Tabs

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5

3.5
2022-04-11 CVE-2021-36896 W3Eden Cross-site Scripting vulnerability in W3Eden Pricing Table

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2

3.5
2022-04-11 CVE-2021-36910 WP Appbox Project Cross-site Scripting vulnerability in Wp-Appbox Project Wp-Appbox

Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20.

3.5
2022-04-11 CVE-2021-43177 Tinfoilsecurity Unspecified vulnerability in Tinfoilsecurity Devise-Two-Factor

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval.

3.5
2022-04-11 CVE-2022-1157 Gitlab Information Exposure Through Log Files vulnerability in Gitlab

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

3.5
2022-04-11 CVE-2022-1193 Gitlab Incorrect Authorization vulnerability in Gitlab

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances

3.5
2022-04-11 CVE-2022-22571 Ivanti Cross-site Scripting vulnerability in Ivanti Incapptic Connect

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.

3.5
2022-04-11 CVE-2022-27845 Plausible Cross-site Scripting vulnerability in Plausible Analytics

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2

3.5
2022-04-11 CVE-2021-39068 IBM Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.11.0/8.0.1

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting.

3.5
2022-04-11 CVE-2021-25090 Wpsofts Cross-site Scripting vulnerability in Wpsofts Portfolio Gallery, Product Catalog - Grid KIT Portfolio

The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them.

3.5
2022-04-11 CVE-2022-0447 Pickplugins Cross-site Scripting vulnerability in Pickplugins Post Grid

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting

3.5
2022-04-11 CVE-2022-0728 Pootlepress Cross-site Scripting vulnerability in Pootlepress Easy Smooth Scroll Links

The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2022-04-11 CVE-2022-0840 Cybernetikz Cross-site Scripting vulnerability in Cybernetikz Easy Social Icons

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.

3.5
2022-04-11 CVE-2022-0969 Vertistudio Cross-site Scripting vulnerability in Vertistudio Image Optimization & Lazy Load BY Optimole

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-04-11 CVE-2022-27111 Jflyfox Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.

3.5
2022-04-11 CVE-2022-27156 Thedaylightstudio Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.

3.5
2022-04-11 CVE-2022-0936 Autolabproject Cross-site Scripting vulnerability in Autolabproject Autolab

Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.

3.5
2022-04-11 CVE-2022-1045 Trudesk Project Unrestricted Upload of File with Dangerous Type vulnerability in Trudesk Project Trudesk

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

3.5
2022-04-14 CVE-2022-22196 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS).

3.3
2022-04-13 CVE-2022-1280 Linux
Redhat
Use After Free vulnerability in multiple products

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem.

3.3
2022-04-12 CVE-2022-24413 Dell Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability.

3.3
2022-04-12 CVE-2021-39805 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 12.0/12.1

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check.

3.3
2022-04-12 CVE-2022-0878 Combined Charging System Project Missing Authentication for Critical Function vulnerability in Combined Charging System Project Combined Charging System Firmware

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging.

3.3
2022-04-12 CVE-2022-28329 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0).

3.3
2022-04-14 CVE-2022-24853 Metabase Information Exposure vulnerability in Metabase

Metabase is an open source business intelligence and analytics application.

2.6
2022-04-13 CVE-2022-27503 Citrix Cross-site Scripting vulnerability in Citrix Storefront Server

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9

2.6
2022-04-15 CVE-2022-23268 Microsoft Unspecified vulnerability in Microsoft Windows 11 and Windows Server 2022

Windows Hyper-V Denial of Service Vulnerability.

2.1
2022-04-15 CVE-2022-24484 Microsoft Unspecified vulnerability in Microsoft products

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability.

2.1
2022-04-14 CVE-2020-25168 Bbraun Use of Hard-coded Credentials vulnerability in Bbraun Datamodule Compactplus and Spacecom

Hard-coded credentials in the B.

2.1
2022-04-14 CVE-2022-27814 Waycrate Exposure of Resource to Wrong Sphere vulnerability in Waycrate Swhkd 1.1.5

SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.

2.1
2022-04-14 CVE-2022-1257 Mcafee Insecure Storage of Sensitive Information vulnerability in Mcafee Agent

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.

2.1
2022-04-13 CVE-2022-24308 Automox Unspecified vulnerability in Automox 31/32/33

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.

2.1
2022-04-12 CVE-2022-0436 Gruntjs Path Traversal vulnerability in Gruntjs Grunt

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

2.1
2022-04-12 CVE-2022-23163 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability.

2.1
2022-04-12 CVE-2021-39800 Google Use After Free vulnerability in Google Android

In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free.

2.1
2022-04-11 CVE-2022-20066 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 11.0/12.0

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling.

2.1
2022-04-11 CVE-2022-20076 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

In ged, there is a possible memory corruption due to an incorrect error handling.

2.1
2022-04-11 CVE-2022-20079 Google Improper Input Validation vulnerability in Google Android 10.0/11.0

In vow, there is a possible read of uninitialized data due to a improper input validation.

2.1
2022-04-11 CVE-2022-25833 Google Improper Authentication vulnerability in Google Android 10.0/11.0

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

2.1
2022-04-11 CVE-2022-26090 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.

2.1
2022-04-11 CVE-2022-27822 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.

2.1
2022-04-11 CVE-2022-27832 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.

2.1
2022-04-11 CVE-2022-28542 Samsung Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

2.1
2022-04-11 CVE-2022-28543 Samsung Path Traversal vulnerability in Samsung Flow 4.8.03.5/4.8.5.0

Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission.

2.1
2022-04-11 CVE-2022-28775 Samsung Incorrect Authorization vulnerability in Samsung Flow 4.8.03.5/4.8.5.0

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.

2.1
2022-04-11 CVE-2022-28777 Samsung Incorrect Authorization vulnerability in Samsung Members

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.

2.1
2022-04-11 CVE-2022-28778 Samsung Incorrect Authorization vulnerability in Samsung Security Supporter

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission

2.1
2022-04-11 CVE-2022-0835 Aveva Cleartext Storage of Sensitive Information vulnerability in Aveva System Platform 2020

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

1.9
2022-04-11 CVE-2022-25831 Google Improper Authentication vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

1.9
2022-04-11 CVE-2022-27841 Samsung Improper Handling of Exceptional Conditions vulnerability in Samsung Pass 3.0.02.4

Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication

1.9