Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28918 | 1 Netmask Project | 1 Netmask | 2022-03-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. | |||||
| CVE-2021-35254 | 1 Solarwinds | 1 Webhelpdesk | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
| SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | |||||
| CVE-2021-26622 | 2 Genians, Microsoft | 2 Genian Nac, Windows | 2022-03-31 | 10.0 HIGH | 10.0 CRITICAL |
| An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. | |||||
| CVE-2022-0550 | 1 Nozominetworks | 2 Cmc, Guardian | 2022-03-30 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | |||||
| CVE-2022-0551 | 1 Nozominetworks | 2 Cmc, Guardian | 2022-03-30 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | |||||
| CVE-2021-4219 | 1 Imagemagick | 1 Imagemagick | 2022-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | |||||
| CVE-2022-24775 | 2 Drupal, Guzzlephp | 2 Drupal, Psr-7 | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. | |||||
| CVE-2022-27228 | 1 Bitrix24 | 1 Bitrix24 | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | |||||
| CVE-2022-22654 | 1 Apple | 2 Safari, Watchos | 2022-03-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-22653 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. | |||||
| CVE-2022-22660 | 1 Apple | 1 Macos | 2022-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. | |||||
| CVE-2022-25498 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | |||||
| CVE-2021-39701 | 1 Google | 1 Android | 2022-03-23 | 9.3 HIGH | 7.8 HIGH |
| In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 | |||||
| CVE-2021-39690 | 1 Google | 1 Android | 2022-03-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511 | |||||
| CVE-2022-25839 | 1 Url-js Project | 1 Url-js | 2022-03-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is. | |||||
| CVE-2020-25721 | 1 Samba | 1 Samba | 2022-03-22 | 6.5 MEDIUM | 8.8 HIGH |
| Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. | |||||
| CVE-2022-24416 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24415 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24419 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24420 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||