Lista CVE - 2022 / Marzo
Visualizzazione 1501 - 1600 di 2065 CVE per Marzo 2022 (Pagina 16 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-3748 | 2022-03-23 | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set... |
| CVE-2022-0981 | 2022-03-23 | A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to... |
| CVE-2021-4197 | 2022-03-23 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process... |
| CVE-2021-4148 | 2022-03-23 | A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial... |
| CVE-2021-4149 | 2022-03-23 | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may... |
| CVE-2021-4150 | 2022-03-23 | A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The... |
| CVE-2022-22951 | 2022-03-23 | VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated,... |
| CVE-2022-22952 | 2022-03-23 | VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor... |
| CVE-2022-0834 | 2022-03-23 | The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary... |
| CVE-2022-0889 | 2022-03-23 | The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which... |
| CVE-2022-0750 | 2022-03-23 | The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file... |
| CVE-2022-0888 | 2022-03-23 | The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be... |
| CVE-2022-23880 | 2022-03-23 | An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-23881 | 2022-03-23 | ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. |
| CVE-2022-24757 | 2022-03-23 | Sensitive Auth & Cookie data stored in Jupyter server logs |
| CVE-2022-24730 | 2022-03-23 | Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server |
| CVE-2022-24731 | 2022-03-23 | Path traversal allows leaking out-of-bound files from Argo CD repo-server |
| CVE-2022-27254 | 2022-03-23 | The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. |
| CVE-2022-22819 | 2022-03-23 | NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker... |
| CVE-2022-24934 | 2022-03-23 | wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. |
| CVE-2022-24768 | 2022-03-23 | Improper access control allows admin privilege escalation in Argo CD |
| CVE-2022-27192 | 2022-03-23 | The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. |
| CVE-2022-25041 | 2022-03-23 | OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. |
| CVE-2020-20093 | 2022-03-23 | The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing... |
| CVE-2020-20094 | 2022-03-23 | Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages |
| CVE-2020-20095 | 2022-03-23 | iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. |
| CVE-2020-20096 | 2022-03-23 | Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. |
| CVE-2022-25267 | 2022-03-23 | Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). |
| CVE-2022-25268 | 2022-03-23 | Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. |
| CVE-2022-25269 | 2022-03-23 | Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. |
| CVE-2022-25266 | 2022-03-23 | Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). |
| CVE-2021-31326 | 2022-03-23 | D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. |
| CVE-2022-26289 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. |
| CVE-2022-26290 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. |
| CVE-2022-26536 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. |
| CVE-2022-27076 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. |
| CVE-2022-27077 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. |
| CVE-2022-27078 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. |
| CVE-2022-27079 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. |
| CVE-2022-27080 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. |
| CVE-2022-27081 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. |
| CVE-2022-27082 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. |
| CVE-2022-27083 | 2022-03-23 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. |
| CVE-2022-24769 | 2022-03-24 | Default inheritable capabilities for linux container should be empty |
| CVE-2022-27811 | 2022-03-24 | GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. |
| CVE-2021-43666 | 2022-03-24 | A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. |
| CVE-2022-27820 | 2022-03-24 | OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. |
| CVE-2022-0315 | 2022-03-24 | Insecure Temporary File in horovod/horovod |
| CVE-2022-1061 | 2022-03-24 | Heap Buffer Overflow in parseDragons in radareorg/radare2 |
| CVE-2022-0145 | 2022-03-24 | Cross-site Scripting (XSS) - Stored in forkcms/forkcms |
| CVE-2021-43700 | 2022-03-24 | An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. |
| CVE-2022-1052 | 2022-03-24 | Heap Buffer Overflow in iterate_chained_fixups in radareorg/radare2 |
| CVE-2021-43659 | 2022-03-24 | In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. |
| CVE-2022-1058 | 2022-03-24 | Open Redirect on login in go-gitea/gitea |
| CVE-2022-0550 | 2022-03-24 | Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0 |
| CVE-2022-0551 | 2022-03-24 | Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0 |
| CVE-2021-39491 | 2022-03-24 | A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . |
| CVE-2022-0955 | 2022-03-24 | Cross-site Scripting (XSS) - Stored in pimcore/data-hub |
| CVE-2022-26629 | 2022-03-24 | An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock... |
| CVE-2022-25568 | 2022-03-24 | MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. |
| CVE-2022-21820 | 2022-03-24 | NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service,... |
| CVE-2022-0153 | 2022-03-24 | SQL Injection in forkcms/forkcms |
| CVE-2021-43084 | 2022-03-24 | An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. |
| CVE-2022-22374 | 2022-03-24 | The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force... |
| CVE-2022-24776 | 2022-03-24 | Open Redirect in Flask-AppBuilder |
| CVE-2022-25571 | 2022-03-24 | Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. |
| CVE-2022-24781 | 2022-03-24 | Malicious users can take over the session of other players |
| CVE-2022-24782 | 2022-03-24 | Secure category names leaked via user activity export in Discourse |
| CVE-2022-26249 | 2022-03-24 | Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. |
| CVE-2022-26301 | 2022-03-24 | TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. |
| CVE-2022-25575 | 2022-03-24 | Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification... |
| CVE-2022-26272 | 2022-03-24 | A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. |
| CVE-2022-26279 | 2022-03-24 | EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. |
| CVE-2022-25576 | 2022-03-24 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. |
| CVE-2021-3933 | 2022-03-25 | An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead... |
| CVE-2021-3941 | 2022-03-25 | In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) /... |
| CVE-2021-4147 | 2022-03-25 | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial... |
| CVE-2021-4203 | 2022-03-25 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with... |
| CVE-2022-0330 | 2022-03-25 | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw... |
| CVE-2022-0435 | 2022-03-25 | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member... |
| CVE-2022-0897 | 2022-03-25 | A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another... |
| CVE-2018-25032 | 2022-03-25 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
| CVE-2022-22995 | 2022-03-25 | Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk |
| CVE-2022-22688 | 2022-03-25 | Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary... |
| CVE-2022-22687 | 2022-03-25 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified... |
| CVE-2021-44751 | 2022-03-25 | F-Secure SAFE Browser vulnerable to USSD attacks |
| CVE-2022-1064 | 2022-03-25 | SQL injection through marking blog comments on bulk as spam in forkcms/forkcms |
| CVE-2022-1040 | 2022-03-25 | An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. |
| CVE-2022-27227 | 2022-03-25 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR... |
| CVE-2020-21554 | 2022-03-25 | A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. |
| CVE-2021-43090 | 2022-03-25 | An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. |
| CVE-2021-46426 | 2022-03-25 | phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. |
| CVE-2022-25574 | 2022-03-25 | A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. |
| CVE-2021-43091 | 2022-03-25 | An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. |
| CVE-2022-25577 | 2022-03-25 | ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access... |
| CVE-2022-24777 | 2022-03-25 | Denial of Service via reachable assertion in grpc-swift |
| CVE-2022-25582 | 2022-03-25 | A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-26263 | 2022-03-25 | Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. |
| CVE-2022-27881 | 2022-03-25 | engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge... |
| CVE-2022-27882 | 2022-03-25 | slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge... |