Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40376 | 1 Otris | 1 Update Manager | 2022-03-15 | 7.2 HIGH | 7.8 HIGH |
| otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. | |||||
| CVE-2022-23383 | 1 Yzmcms | 1 Yzmcms | 2022-03-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. | |||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2022-03-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-23232 | 1 Netapp | 1 Storagegrid | 2022-03-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). | |||||
| CVE-2022-23729 | 1 Google | 1 Android | 2022-03-11 | 6.9 MEDIUM | 7.8 HIGH |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | |||||
| CVE-2022-23849 | 1 Devolutions | 1 Password Hub | 2022-03-10 | 4.6 MEDIUM | 6.6 MEDIUM |
| The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. | |||||
| CVE-2022-25359 | 1 Iclinks | 3 Scadaflex Ii, Scadaflex Ii Firmware, Weblib | 2022-03-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | |||||
| CVE-2022-25262 | 1 Jetbrains | 1 Hub | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | |||||
| CVE-2019-18312 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18321 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18322 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-24331 | 1 Jetbrains | 1 Teamcity | 2022-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | |||||
| CVE-2019-18332 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18319 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18318 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18315 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18317 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18314 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-25640 | 1 Wolfssl | 1 Wolfssl | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. | |||||
| CVE-2022-21142 | 1 Appleple | 1 A-blog Cms | 2022-03-02 | 6.8 MEDIUM | 9.8 CRITICAL |
| Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. | |||||