Lista CVE - 2022 / Marzo
Visualizzazione 701 - 800 di 2065 CVE per Marzo 2022 (Pagina 8 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-22141 | 2022-03-11 | 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP... |
| CVE-2022-22145 | 2022-03-11 | CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from... |
| CVE-2022-22148 | 2022-03-11 | 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from... |
| CVE-2022-22151 | 2022-03-11 | CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from... |
| CVE-2022-22729 | 2022-03-11 | CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from... |
| CVE-2022-23401 | 2022-03-11 | The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and... |
| CVE-2022-23402 | 2022-03-11 | The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to... |
| CVE-2022-0913 | 2022-03-11 | Integer Overflow or Wraparound in microweber/microweber |
| CVE-2022-0912 | 2022-03-11 | Unrestricted Upload of File with Dangerous Type in microweber/microweber |
| CVE-2022-0928 | 2022-03-11 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-0870 | 2022-03-11 | Server-Side Request Forgery (SSRF) in gogs/gogs |
| CVE-2022-0860 | 2022-03-11 | Improper Authorization in cobbler/cobbler |
| CVE-2021-44618 | 2022-03-11 | A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. |
| CVE-2021-44620 | 2022-03-11 | A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. |
| CVE-2022-24433 | 2022-03-11 | Command Injection |
| CVE-2022-0921 | 2022-03-11 | Abusing Backup/Restore feature to achieve Remote Code Execution in microweber/microweber |
| CVE-2021-32009 | 2022-03-11 | Missing XSS guards on firmware page |
| CVE-2021-27416 | 2022-03-11 | Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM |
| CVE-2021-27414 | 2022-03-11 | User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM |
| CVE-2022-25601 | 2022-03-11 | WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-25600 | 2022-03-11 | WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-23730 | 2022-03-11 | The public API error causes for the attacker to be able to bypass API access control. |
| CVE-2022-23731 | 2022-03-11 | V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. |
| CVE-2022-23924 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23925 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23930 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23931 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23934 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23926 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23927 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23929 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23928 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23932 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2022-23933 | 2022-03-11 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and... |
| CVE-2021-33658 | 2022-03-11 | atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file.... |
| CVE-2021-32477 | 2022-03-11 | The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle... |
| CVE-2021-32475 | 2022-03-11 | ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17... |
| CVE-2021-32473 | 2022-03-11 | It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to... |
| CVE-2021-32474 | 2022-03-11 | An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access... |
| CVE-2022-0853 | 2022-03-11 | A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. |
| CVE-2022-25621 | 2022-03-11 | UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior,... |
| CVE-2022-24095 | 2022-03-11 | Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2022-24097 | 2022-03-11 | Adobe After Effects Out-of-bounds Write could lead to Arbitrary code execution |
| CVE-2022-24094 | 2022-03-11 | Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2022-23187 | 2022-03-11 | Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution |
| CVE-2022-24096 | 2022-03-11 | Adobe After Effects Heap-based Buffer Overflow Arbitrary code execution |
| CVE-2022-24090 | 2022-03-11 | Adobe Photoshop 2022 Out-of-bounds Read could lead to Memory leak |
| CVE-2021-26401 | 2022-03-11 | LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. |
| CVE-2021-26341 | 2022-03-11 | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. |
| CVE-2022-0002 | 2022-03-11 | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2021-33150 | 2022-03-11 | Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical... |
| CVE-2022-25216 | 2022-03-11 | An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab)... |
| CVE-2021-23246 | 2022-03-11 | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. |
| CVE-2022-23625 | 2022-03-11 | DoS vulnerability: Malformed Resource Identifiers |
| CVE-2021-44667 | 2022-03-11 | A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. |
| CVE-2022-25839 | 2022-03-11 | Improper Input Validation |
| CVE-2022-24415 | 2022-03-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2022-24416 | 2022-03-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2022-24419 | 2022-03-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2022-24420 | 2022-03-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2022-24421 | 2022-03-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2021-42262 | 2022-03-11 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. |
| CVE-2021-42577 | 2022-03-11 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. |
| CVE-2021-41850 | 2022-03-11 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property... |
| CVE-2021-41848 | 2022-03-11 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script... |
| CVE-2021-41849 | 2022-03-11 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps... |
| CVE-2022-24760 | 2022-03-11 | Command Injection in Parse server |
| CVE-2022-26967 | 2022-03-12 | GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. |
| CVE-2022-26276 | 2022-03-12 | An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. |
| CVE-2022-26533 | 2022-03-12 | Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. |
| CVE-2022-0880 | 2022-03-12 | Cross-site Scripting (XSS) - Stored in star7th/showdoc |
| CVE-2022-0926 | 2022-03-12 | File upload filter bypass leading to stored XSS in microweber/microweber |
| CVE-2022-0929 | 2022-03-12 | XSS on dynamic_text module in microweber/microweber |
| CVE-2022-0930 | 2022-03-12 | File upload filter bypass leading to stored XSS in microweber/microweber |
| CVE-2022-26966 | 2022-03-12 | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. |
| CVE-2021-36368 | 2022-03-12 | An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to... |
| CVE-2022-23960 | 2022-03-12 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB)... |
| CVE-2022-24128 | 2022-03-13 | Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged... |
| CVE-2022-26981 | 2022-03-13 | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). |
| CVE-2021-45888 | 2022-03-13 | An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to... |
| CVE-2021-45889 | 2022-03-13 | An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or... |
| CVE-2021-45886 | 2022-03-13 | An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token... |
| CVE-2021-45887 | 2022-03-13 | An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators,... |
| CVE-2022-24696 | 2022-03-13 | Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites. |
| CVE-2021-46709 | 2022-03-13 | phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). |
| CVE-2021-42387 | 2022-03-14 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed... |
| CVE-2021-42388 | 2022-03-14 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed... |
| CVE-2021-43304 | 2022-03-14 | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy... |
| CVE-2021-43305 | 2022-03-14 | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy... |
| CVE-2022-0943 | 2022-03-14 | Heap-based Buffer Overflow occurs in vim in vim/vim |
| CVE-2022-24574 | 2022-03-14 | GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). |
| CVE-2022-24577 | 2022-03-14 | GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.) |
| CVE-2022-24578 | 2022-03-14 | GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. |
| CVE-2022-20001 | 2022-03-14 | Injection in fish |
| CVE-2022-24384 | 2022-03-14 | Reflective XSS on SmarterTrack v100.0.8019.14010 |
| CVE-2022-24385 | 2022-03-14 | Information disclosure via direct object access on SmarterTrack v100.0.8019.14010 |
| CVE-2022-24386 | 2022-03-14 | Stored XSS in SmarterTrack v100.0.8019.14010 |
| CVE-2021-43954 | 2022-03-14 | The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via... |
| CVE-2022-0937 | 2022-03-14 | Stored xss in showdoc through file upload in star7th/showdoc |
| CVE-2022-0341 | 2022-03-14 | Cross-site Scripting (XSS) - Stored in vanessa219/vditor |