Lista CVE - 2022 / Marzo
Visualizzazione 1101 - 1200 di 2065 CVE per Marzo 2022 (Pagina 12 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-39709 | 2022-03-16 | In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2022-0982 | 2022-03-16 | Buffer Overflow via crafted client request in Accel-PPP v1.12 |
| CVE-2022-0918 | 2022-03-16 | A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of... |
| CVE-2021-20257 | 2022-03-16 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized... |
| CVE-2021-23158 | 2022-03-16 | A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. |
| CVE-2021-23165 | 2022-03-16 | A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. |
| CVE-2021-20180 | 2022-03-16 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This... |
| CVE-2022-23234 | 2022-03-16 | SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. |
| CVE-2022-26660 | 2022-03-16 | RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. |
| CVE-2021-41987 | 2022-03-16 | In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name... |
| CVE-2021-45821 | 2022-03-16 | A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can... |
| CVE-2022-21164 | 2022-03-16 | Denial of Service (DoS) |
| CVE-2021-45822 | 2022-03-16 | A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability,... |
| CVE-2021-23648 | 2022-03-16 | Cross-site Scripting (XSS) |
| CVE-2022-23812 | 2022-03-16 | Malicious Package |
| CVE-2022-23610 | 2022-03-16 | Improper Verification of Cryptographic Signature in wire-server |
| CVE-2022-26293 | 2022-03-16 | Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. |
| CVE-2022-26295 | 2022-03-16 | A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2021-42219 | 2022-03-16 | Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is... |
| CVE-2022-26300 | 2022-03-16 | EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. |
| CVE-2022-26534 | 2022-03-16 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks. |
| CVE-2022-25514 | 2022-03-17 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it... |
| CVE-2022-25515 | 2022-03-17 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it... |
| CVE-2022-25516 | 2022-03-17 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it... |
| CVE-2022-22273 | 2022-03-17 | Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products,... |
| CVE-2022-24072 | 2022-03-17 | The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when... |
| CVE-2022-24073 | 2022-03-17 | The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. |
| CVE-2022-24074 | 2022-03-17 | Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the... |
| CVE-2022-24075 | 2022-03-17 | Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced... |
| CVE-2022-1000 | 2022-03-17 | Path Traversal in prasathmani/tinyfilemanager |
| CVE-2021-45791 | 2022-03-17 | Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. |
| CVE-2021-45792 | 2022-03-17 | Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. |
| CVE-2021-45793 | 2022-03-17 | Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. |
| CVE-2021-45794 | 2022-03-17 | Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. |
| CVE-2022-0749 | 2022-03-17 | Deserialization of Untrusted Data |
| CVE-2022-25296 | 2022-03-17 | Prototype Pollution |
| CVE-2021-23632 | 2022-03-17 | Remote Code Execution (RCE) |
| CVE-2022-25760 | 2022-03-17 | Arbitrary Code Injection |
| CVE-2021-23771 | 2022-03-17 | Sandbox Bypass |
| CVE-2021-23556 | 2022-03-17 | Exposed Dangerous Method or Function |
| CVE-2022-25352 | 2022-03-17 | Prototype Pollution |
| CVE-2022-25354 | 2022-03-17 | Prototype Pollution |
| CVE-2022-0748 | 2022-03-17 | Arbitrary Code Execution |
| CVE-2022-21221 | 2022-03-17 | Directory Traversal |
| CVE-2021-44908 | 2022-03-17 | SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). |
| CVE-2021-44260 | 2022-03-17 | A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes... |
| CVE-2021-44259 | 2022-03-17 | A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user... |
| CVE-2021-44262 | 2022-03-17 | A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes... |
| CVE-2021-44261 | 2022-03-17 | A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes... |
| CVE-2022-24761 | 2022-03-17 | HTTP Request Smuggling in waitress |
| CVE-2021-44906 | 2022-03-17 | Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). |
| CVE-2022-26526 | 2022-03-17 | Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example,... |
| CVE-2020-15591 | 2022-03-17 | fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). |
| CVE-2022-26503 | 2022-03-17 | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. |
| CVE-2022-25364 | 2022-03-17 | In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build... |
| CVE-2022-24759 | 2022-03-17 | Failure to validate signature during handshake in @chainsafe/libp2p-noise |
| CVE-2022-25949 | 2022-03-17 | The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. |
| CVE-2022-25969 | 2022-03-17 | The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. |
| CVE-2022-26081 | 2022-03-17 | The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. |
| CVE-2022-26511 | 2022-03-17 | WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). |
| CVE-2021-45040 | 2022-03-17 | The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. |
| CVE-2022-26501 | 2022-03-17 | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). |
| CVE-2022-21822 | 2022-03-17 | NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable. |
| CVE-2022-24770 | 2022-03-17 | Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging |
| CVE-2021-46107 | 2022-03-17 | Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. |
| CVE-2022-26504 | 2022-03-17 | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe |
| CVE-2022-26500 | 2022-03-17 | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute... |
| CVE-2022-24302 | 2022-03-17 | In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. |
| CVE-2021-44088 | 2022-03-17 | An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. |
| CVE-2021-43961 | 2022-03-17 | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. |
| CVE-2021-44087 | 2022-03-17 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. |
| CVE-2022-0237 | 2022-03-17 | Rapid7 Insight Agent Privilege Escalation |
| CVE-2022-0757 | 2022-03-17 | Rapid7 Nexpose SQL Injection |
| CVE-2022-0758 | 2022-03-17 | Rapid7 Nexpose Reflected XSS |
| CVE-2022-1011 | 2022-03-18 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data... |
| CVE-2022-22643 | 2022-03-18 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime... |
| CVE-2022-24637 | 2022-03-18 | Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs... |
| CVE-2021-45968 | 2022-03-18 | An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An... |
| CVE-2021-45966 | 2022-03-18 | An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. |
| CVE-2021-45967 | 2022-03-18 | An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server,... |
| CVE-2022-27240 | 2022-03-18 | scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. |
| CVE-2022-27191 | 2022-03-18 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. |
| CVE-2021-45868 | 2022-03-18 | In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there... |
| CVE-2022-26965 | 2022-03-18 | In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. |
| CVE-2022-24655 | 2022-03-18 | A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. |
| CVE-2021-45835 | 2022-03-18 | The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code... |
| CVE-2021-45834 | 2022-03-18 | An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead... |
| CVE-2021-22571 | 2022-03-18 | Information Leak in SA360-webquery-bigquery through read on /tmp |
| CVE-2022-24595 | 2022-03-18 | Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted... |
| CVE-2022-0742 | 2022-03-18 | Memory leak in ICMP6 in Linux Kernel |
| CVE-2022-24771 | 2022-03-18 | Improper Verification of Cryptographic Signature in node-forge |
| CVE-2022-24773 | 2022-03-18 | Improper Verification of Cryptographic Signature in `node-forge` |
| CVE-2022-24772 | 2022-03-18 | Improper Verification of Cryptographic Signature in `node-forge` |
| CVE-2021-29899 | 2022-03-18 | IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. |
| CVE-2021-39046 | 2022-03-18 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a... |
| CVE-2022-27246 | 2022-03-18 | An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. |
| CVE-2022-27245 | 2022-03-18 | An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. |
| CVE-2022-27244 | 2022-03-18 | An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator... |
| CVE-2022-27243 | 2022-03-18 | An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. |
| CVE-2021-4031 | 2022-03-18 | Syltek Insufficient Verification of Data Authenticity |