Lista CVE - 2022 / Marzo
Visualizzazione 301 - 400 di 2065 CVE per Marzo 2022 (Pagina 4 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-0533 | 2022-03-07 | Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS) |
| CVE-2022-0535 | 2022-03-07 | E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS) |
| CVE-2022-21124 | 2022-03-07 | Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a... |
| CVE-2022-21132 | 2022-03-07 | Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view... |
| CVE-2022-21158 | 2022-03-07 | A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute... |
| CVE-2022-21170 | 2022-03-07 | Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using... |
| CVE-2022-21219 | 2022-03-07 | Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a... |
| CVE-2022-25230 | 2022-03-07 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having... |
| CVE-2022-25234 | 2022-03-07 | Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a... |
| CVE-2022-25325 | 2022-03-07 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having... |
| CVE-2021-4198 | 2022-03-07 | messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016) |
| CVE-2021-4199 | 2022-03-07 | Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017) |
| CVE-2022-0754 | 2022-03-07 | SQL Injection in salesagility/suitecrm |
| CVE-2022-24193 | 2022-03-07 | CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. |
| CVE-2021-40064 | 2022-03-07 | There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. |
| CVE-2021-40063 | 2022-03-07 | There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2021-40062 | 2022-03-07 | There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-40061 | 2022-03-07 | There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. |
| CVE-2021-40060 | 2022-03-07 | There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-40059 | 2022-03-07 | There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2021-40058 | 2022-03-07 | There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-40057 | 2022-03-07 | There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-40056 | 2022-03-07 | There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-40055 | 2022-03-07 | There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. |
| CVE-2021-40054 | 2022-03-07 | There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. |
| CVE-2021-40053 | 2022-03-07 | There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity. |
| CVE-2021-40052 | 2022-03-07 | There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability. |
| CVE-2021-40051 | 2022-03-07 | There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. |
| CVE-2021-40050 | 2022-03-07 | There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow. |
| CVE-2021-40049 | 2022-03-07 | There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. |
| CVE-2021-40048 | 2022-03-07 | There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. |
| CVE-2021-40047 | 2022-03-07 | There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. |
| CVE-2021-3732 | 2022-03-07 | A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access... |
| CVE-2021-3660 | 2022-03-07 | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML... |
| CVE-2022-0725 | 2022-03-07 | A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an... |
| CVE-2020-14112 | 2022-03-07 | Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi... |
| CVE-2021-44216 | 2022-03-07 | Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. |
| CVE-2021-44215 | 2022-03-07 | Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. |
| CVE-2021-32006 | 2022-03-07 | GateManager information leak for LinkManager Users |
| CVE-2022-23383 | 2022-03-07 | YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status... |
| CVE-2021-3739 | 2022-03-07 | A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to... |
| CVE-2021-32005 | 2022-03-07 | SiteManager Log View XSS Issue |
| CVE-2020-14111 | 2022-03-07 | A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute... |
| CVE-2022-25922 | 2022-03-07 | ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497 |
| CVE-2022-26131 | 2022-03-07 | ICSA-22-063-01 Improper Protection against Electromagnetic Fault Injection in Trailer Power Line Communications (PLC) J2497 |
| CVE-2020-14115 | 2022-03-07 | A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute... |
| CVE-2021-38988 | 2022-03-07 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force... |
| CVE-2021-38989 | 2022-03-07 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force... |
| CVE-2022-22351 | 2022-03-07 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in... |
| CVE-2022-26520 | 2022-03-07 | In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example... |
| CVE-2022-26488 | 2022-03-07 | In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to... |
| CVE-2022-25294 | 2022-03-07 | Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions... |
| CVE-2022-23940 | 2022-03-07 | SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients... |
| CVE-2022-24177 | 2022-03-07 | A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2022-26311 | 2022-03-07 | Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments. |
| CVE-2022-22835 | 2022-03-07 | An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files... |
| CVE-2022-22834 | 2022-03-07 | An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this... |
| CVE-2021-43969 | 2022-03-07 | The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to... |
| CVE-2021-43970 | 2022-03-07 | An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an... |
| CVE-2021-41657 | 2022-03-07 | SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. |
| CVE-2020-36517 | 2022-03-07 | An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS... |
| CVE-2022-24738 | 2022-03-07 | Account compromise in Evmos |
| CVE-2022-25244 | 2022-03-07 | Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in... |
| CVE-2022-25243 | 2022-03-07 | "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if... |
| CVE-2022-25214 | 2022-03-07 | Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access... |
| CVE-2022-25217 | 2022-03-07 | Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The... |
| CVE-2022-25218 | 2022-03-07 | The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of... |
| CVE-2022-25215 | 2022-03-07 | Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those... |
| CVE-2022-25213 | 2022-03-07 | Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device.... |
| CVE-2022-24644 | 2022-03-07 | ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of... |
| CVE-2022-25219 | 2022-03-07 | A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a... |
| CVE-2021-4045 | 2022-03-07 | TP-LINK Tapo C200 remote code execution vulnerability |
| CVE-2021-34342 | 2022-03-07 | Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. |
| CVE-2021-34341 | 2022-03-07 | Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. |
| CVE-2021-34340 | 2022-03-07 | Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. |
| CVE-2021-34339 | 2022-03-07 | Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. |
| CVE-2021-34338 | 2022-03-07 | Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. |
| CVE-2022-26662 | 2022-03-07 | An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command... |
| CVE-2022-26661 | 2022-03-07 | An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus))... |
| CVE-2022-24737 | 2022-03-07 | Exposure of Sensitive Information to an Unauthorized Actor in httpie |
| CVE-2021-36809 | 2022-03-07 | A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions... |
| CVE-2022-0856 | 2022-03-08 | libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service |
| CVE-2021-37209 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8),... |
| CVE-2022-24281 | 2022-03-08 | A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by... |
| CVE-2022-24282 | 2022-03-08 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to... |
| CVE-2022-24715 | 2022-03-08 | Arbitrary code execution for authenticated users in Icinga Web 2 |
| CVE-2022-24716 | 2022-03-08 | Path traversal in Icinga Web 2 |
| CVE-2022-25311 | 2022-03-08 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not... |
| CVE-2021-43944 | 2022-03-08 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and... |
| CVE-2021-37208 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200,... |
| CVE-2021-41541 | 2022-03-08 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is... |
| CVE-2021-41542 | 2022-03-08 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is... |
| CVE-2021-41543 | 2022-03-08 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web... |
| CVE-2021-42016 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388... |
| CVE-2021-42017 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388... |
| CVE-2021-42018 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200,... |
| CVE-2021-42019 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200,... |
| CVE-2021-42020 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC,... |
| CVE-2021-44478 | 2022-03-08 | A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of... |
| CVE-2022-24309 | 2022-03-08 | A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime... |