Lista CVE - 2022 / Marzo
Visualizzazione 2001 - 2065 di 2065 CVE per Marzo 2022 (Pagina 21 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-45900 | 2022-03-30 | Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be... |
| CVE-2021-38362 | 2022-03-30 | In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference... |
| CVE-2021-33581 | 2022-03-30 | MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM... |
| CVE-2022-24790 | 2022-03-30 | HTTP Request Smuggling in puma |
| CVE-2021-33208 | 2022-03-30 | The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. |
| CVE-2021-33523 | 2022-03-30 | MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying... |
| CVE-2021-46010 | 2022-03-30 | Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. |
| CVE-2021-46007 | 2022-03-30 | totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This... |
| CVE-2021-46009 | 2022-03-30 | In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. |
| CVE-2021-46008 | 2022-03-30 | In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with... |
| CVE-2022-26645 | 2022-03-30 | A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. |
| CVE-2022-25008 | 2022-03-30 | totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. |
| CVE-2021-46006 | 2022-03-30 | In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. |
| CVE-2022-26646 | 2022-03-30 | Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. |
| CVE-2022-26644 | 2022-03-30 | Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. |
| CVE-2021-43664 | 2022-03-30 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. |
| CVE-2021-43661 | 2022-03-30 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. |
| CVE-2021-43662 | 2022-03-30 | totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. |
| CVE-2021-43663 | 2022-03-30 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. |
| CVE-2021-20729 | 2022-03-31 | Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject... |
| CVE-2022-22986 | 2022-03-31 | Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a... |
| CVE-2022-23183 | 2022-03-31 | Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on... |
| CVE-2022-24299 | 2022-03-31 | Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with... |
| CVE-2022-25348 | 2022-03-31 | Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. |
| CVE-2022-26019 | 2022-03-31 | Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with... |
| CVE-2022-27496 | 2022-03-31 | Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-28128 | 2022-03-31 | Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. |
| CVE-2022-1191 | 2022-03-31 | SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat |
| CVE-2022-25915 | 2022-03-31 | Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware... |
| CVE-2022-1176 | 2022-03-31 | Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat |
| CVE-2022-24136 | 2022-03-31 | Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. |
| CVE-2022-0350 | 2022-03-31 | Cross-site Scripting (XSS) - Stored in vanessa219/vditor |
| CVE-2021-34257 | 2022-03-31 | Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages... |
| CVE-2021-43505 | 2022-03-31 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. |
| CVE-2021-43506 | 2022-03-31 | An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. |
| CVE-2022-22311 | 2022-03-31 | IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. |
| CVE-2021-36625 | 2022-03-31 | An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. |
| CVE-2021-42869 | 2022-03-31 | A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report... |
| CVE-2021-42866 | 2022-03-31 | A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php |
| CVE-2021-42867 | 2022-03-31 | A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. |
| CVE-2021-42868 | 2022-03-31 | A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages.... |
| CVE-2021-42946 | 2022-03-31 | A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. |
| CVE-2021-37517 | 2022-03-31 | An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of... |
| CVE-2021-43484 | 2022-03-31 | A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a... |
| CVE-2021-43478 | 2022-03-31 | A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the... |
| CVE-2021-43479 | 2022-03-31 | A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. |
| CVE-2021-43707 | 2022-03-31 | Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. |
| CVE-2022-26546 | 2022-03-31 | Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. |
| CVE-2021-43722 | 2022-03-31 | D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit... |
| CVE-2022-27049 | 2022-03-31 | Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. |
| CVE-2022-27050 | 2022-03-31 | BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. |
| CVE-2022-27052 | 2022-03-31 | FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. |
| CVE-2022-27963 | 2022-03-31 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| CVE-2022-27964 | 2022-03-31 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| CVE-2022-27965 | 2022-03-31 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| CVE-2022-27966 | 2022-03-31 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| CVE-2022-24758 | 2022-03-31 | Insertion of Sensitive Information into Log File affects Jupyter Notebook |
| CVE-2022-24797 | 2022-03-31 | Exposure of Sensitive Information in Pomerium |
| CVE-2022-24796 | 2022-03-31 | Remote Command Injection in RaspberryMatic |
| CVE-2022-24794 | 2022-03-31 | Open Redirect in express-openid-connect |
| CVE-2022-24791 | 2022-03-31 | Use after free in Wasmtime |
| CVE-2022-24798 | 2022-03-31 | Insufficient password hash filtering in some IRRd queries and exports |
| CVE-2022-24802 | 2022-03-31 | Prototype Pollution in deepmerge-ts |
| CVE-2022-24803 | 2022-03-31 | Command Injection vulnerability in asciidoctor-include-ext |
| CVE-2020-25691 | 2022-04-01 | A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability... |
| CVE-2021-33657 | 2022-04-01 | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using... |
| CVE-2022-26562 | 2022-04-01 | An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in... |
| CVE-2022-22963 | 2022-04-01 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression... |
| CVE-2021-1942 | 2022-04-01 | Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2021-1950 | 2022-04-01 | Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and... |
| CVE-2021-30328 | 2022-04-01 | Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30329 | 2022-04-01 | Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30331 | 2022-04-01 | Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-30332 | 2022-04-01 | Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30333 | 2022-04-01 | Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-35088 | 2022-04-01 | Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-35089 | 2022-04-01 | Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto |
| CVE-2021-35103 | 2022-04-01 | Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,... |
| CVE-2021-35105 | 2022-04-01 | Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2021-35106 | 2022-04-01 | Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2021-35110 | 2022-04-01 | Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2021-35115 | 2022-04-01 | Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile |
| CVE-2021-35117 | 2022-04-01 | An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2022-25017 | 2022-04-01 | Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. |
| CVE-2022-21947 | 2022-04-01 | rancher desktop: Dashboard API is network accessible |
| CVE-2021-36775 | 2022-04-01 | Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings |
| CVE-2021-36776 | 2022-04-01 | Steve API proxy impersonation |
| CVE-2022-24181 | 2022-04-01 | Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. |
| CVE-2021-44135 | 2022-04-01 | pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. |
| CVE-2022-21235 | 2022-04-01 | Command Injection |
| CVE-2022-22327 | 2022-04-01 | IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. |
| CVE-2022-22328 | 2022-04-01 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. |
| CVE-2022-22331 | 2022-04-01 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID:... |
| CVE-2022-22332 | 2022-04-01 | IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. |
| CVE-2022-22404 | 2022-04-01 | IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive... |
| CVE-2022-24440 | 2022-04-01 | Command Injection |
| CVE-2022-21223 | 2022-04-01 | Command Injection |
| CVE-2022-1207 | 2022-04-01 | Out-of-bounds read in radareorg/radare2 |
| CVE-2022-24066 | 2022-04-01 | Command Injection |
| CVE-2022-23155 | 2022-04-01 | Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code... |