Lista CVE - 2022 / Marzo
Visualizzazione 1701 - 1800 di 2065 CVE per Marzo 2022 (Pagina 18 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-6834 | 2022-03-28 | A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to... |
| CVE-2021-22794 | 2022-03-28 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) |
| CVE-2021-22795 | 2022-03-28 | A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product:... |
| CVE-2021-22797 | 2022-03-28 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result... |
| CVE-2022-0221 | 2022-03-28 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench.... |
| CVE-2021-24746 | 2022-03-28 | Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting |
| CVE-2021-24962 | 2022-03-28 | WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE |
| CVE-2021-24978 | 2022-03-28 | OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion |
| CVE-2021-25012 | 2022-03-28 | Pz-LinkCard <= 2.4.4.4 - Reflected Cross-Site Scripting |
| CVE-2021-25064 | 2022-03-28 | Wow Countdowns <= 3.1.2 - Admin+ SQLi |
| CVE-2021-25068 | 2022-03-28 | Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Admin+ SQLi |
| CVE-2021-25070 | 2022-03-28 | WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi |
| CVE-2021-25071 | 2022-03-28 | Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting |
| CVE-2022-0388 | 2022-03-28 | Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS |
| CVE-2022-0397 | 2022-03-28 | WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting |
| CVE-2022-0450 | 2022-03-28 | Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-0479 | 2022-03-28 | Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting |
| CVE-2022-0493 | 2022-03-28 | String Locator < 2.5.0 - Admin+ Arbitrary File Read |
| CVE-2022-0499 | 2022-03-28 | Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF |
| CVE-2022-0595 | 2022-03-28 | Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS |
| CVE-2022-0599 | 2022-03-28 | Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting |
| CVE-2022-0600 | 2022-03-28 | Conference Scheduler < 2.4.3 - Reflected Cross-Site Scripting |
| CVE-2022-0619 | 2022-03-28 | Database Peek <= 1.2 - Reflected Cross-Site Scripting |
| CVE-2022-0620 | 2022-03-28 | Delete Old Orders <= 0.2 - Reflected Cross-Site Scripting |
| CVE-2022-0621 | 2022-03-28 | dTabs <= 1.4 - Reflected Cross-Site Scripting |
| CVE-2022-0641 | 2022-03-28 | Popup Like box < 3.6.1 - Reflected Cross-Site Scripting |
| CVE-2022-0643 | 2022-03-28 | Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting |
| CVE-2022-0647 | 2022-03-28 | Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting |
| CVE-2022-0679 | 2022-03-28 | Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE |
| CVE-2022-0680 | 2022-03-28 | Plezi < 1.0.3 - Unauthenticated Stored XSS |
| CVE-2022-0720 | 2022-03-28 | Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure |
| CVE-2022-0770 | 2022-03-28 | Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover |
| CVE-2022-0784 | 2022-03-28 | Title Experiments Free < 9.0.1 - Unauthenticated SQLi |
| CVE-2022-0787 | 2022-03-28 | Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi |
| CVE-2022-0818 | 2022-03-28 | Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS |
| CVE-2022-0833 | 2022-03-28 | Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure |
| CVE-2022-0846 | 2022-03-28 | SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi |
| CVE-2015-10002 | 2022-03-28 | Kiddoware Kids Place Home Button Protection denial of service |
| CVE-2022-26980 | 2022-03-28 | Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. |
| CVE-2018-25030 | 2022-03-28 | Mirmay Secure Private Browser / File Manager Auto Lock improper authentication |
| CVE-2022-27658 | 2022-03-28 | Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. |
| CVE-2022-0735 | 2022-03-28 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2.... |
| CVE-2022-0549 | 2022-03-28 | An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions,... |
| CVE-2022-0371 | 2022-03-28 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1.... |
| CVE-2022-0751 | 2022-03-28 | Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing... |
| CVE-2022-0738 | 2022-03-28 | An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab... |
| CVE-2022-0427 | 2022-03-28 | Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf... |
| CVE-2022-0123 | 2022-03-28 | An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external... |
| CVE-2022-0249 | 2022-03-28 | A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. |
| CVE-2022-0344 | 2022-03-28 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private... |
| CVE-2022-0488 | 2022-03-28 | An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a... |
| CVE-2021-39876 | 2022-03-28 | In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. |
| CVE-2022-0136 | 2022-03-28 | A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. |
| CVE-2022-0283 | 2022-03-28 | An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to... |
| CVE-2021-4191 | 2022-03-28 | An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to... |
| CVE-2003-5001 | 2022-03-28 | ISS BlackICE PC Protection Cross Site Scripting Detection privileges management |
| CVE-2003-5002 | 2022-03-28 | ISS BlackICE PC Protection Update cleartext transmission |
| CVE-2003-5003 | 2022-03-28 | ISS BlackICE PC Protection Update cross site scriting |
| CVE-2005-10001 | 2022-03-28 | Netegrity SiteMinder Login smpwservicescgi.exe redirect |
| CVE-2008-10001 | 2022-03-28 | Pro2col Stingray FTS cross site scriting |
| CVE-2010-10001 | 2022-03-28 | Shemes GrabIt NZB Date Parser denial of service |
| CVE-2017-20011 | 2022-03-28 | WEKA INTEREST Security Scanner HTTP denial of service |
| CVE-2017-20012 | 2022-03-28 | WEKA INTEREST Security Scanner Stresstest Scheme denial of service |
| CVE-2017-20013 | 2022-03-28 | WEKA INTEREST Security Scanner Stresstest Configuration denial of service |
| CVE-2017-20014 | 2022-03-28 | WEKA INTEREST Security Scanner Webspider denial of service |
| CVE-2017-20015 | 2022-03-28 | WEKA INTEREST Security Scanner LAN Viewer denial of service |
| CVE-2017-20016 | 2022-03-28 | WEKA INTEREST Security Scanner Portscan memory allocation |
| CVE-2022-26278 | 2022-03-28 | Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. |
| CVE-2021-43097 | 2022-03-28 | A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. |
| CVE-2021-43098 | 2022-03-28 | A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. |
| CVE-2021-43099 | 2022-03-28 | An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is... |
| CVE-2021-43100 | 2022-03-28 | A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. |
| CVE-2021-43101 | 2022-03-28 | A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. |
| CVE-2021-43102 | 2022-03-28 | A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. |
| CVE-2021-43103 | 2022-03-28 | A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. |
| CVE-2022-26280 | 2022-03-28 | Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. |
| CVE-2022-24789 | 2022-03-28 | Deserialization of untrusted data in C1 CMS. |
| CVE-2022-26291 | 2022-03-28 | lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2021-43105 | 2022-03-28 | A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the... |
| CVE-2022-26639 | 2022-03-28 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. |
| CVE-2022-26640 | 2022-03-28 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. |
| CVE-2022-26641 | 2022-03-28 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. |
| CVE-2022-26642 | 2022-03-28 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. |
| CVE-2022-26296 | 2022-03-28 | BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
| CVE-2022-1050 | 2022-03-29 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet... |
| CVE-2022-22934 | 2022-03-29 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers... |
| CVE-2022-25521 | 2022-03-29 | NUUO v03.11.00 was discovered to contain access control issue. |
| CVE-2022-22935 | 2022-03-29 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to... |
| CVE-2022-22936 | 2022-03-29 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker... |
| CVE-2022-22941 | 2022-03-29 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any... |
| CVE-2022-0331 | 2022-03-29 | An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. |
| CVE-2022-26269 | 2022-03-29 | Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. |
| CVE-2021-45866 | 2022-03-29 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. |
| CVE-2021-45865 | 2022-03-29 | A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. |
| CVE-2021-44581 | 2022-03-29 | An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. |
| CVE-2022-25420 | 2022-03-29 | NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. |
| CVE-2022-24956 | 2022-03-29 | An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind,... |
| CVE-2022-24957 | 2022-03-29 | DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object... |
| CVE-2022-23937 | 2022-03-29 | In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. |
| CVE-2022-1073 | 2022-03-29 | Automatic Question Paper Generator password recovery |