Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20726 | 1 Cisco | 3 Cgr1000 Compute Module, Ic3000 Industrial Compute Gateway, Ios | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-32635 | 1 Sylabs | 1 Singularity | 2022-04-22 | 6.8 MEDIUM | 6.3 MEDIUM |
| Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (`cloud.sylabs.io`) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. Only action commands (`run`/`shell`/`exec`) against `library://` URIs are affected. Other commands such as `pull` / `push` respect the configured remote endpoint. The vulnerability is patched in Singularity version 3.7.4. Two possible workarounds exist: Users can only interact with the default remote endpoint, or an installation can have an execution control list configured to restrict execution to containers signed with specific secure keys. | |||||
| CVE-2022-24412 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. | |||||
| CVE-2022-22565 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.5 MEDIUM | 3.8 LOW |
| Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. | |||||
| CVE-2022-22562 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. | |||||
| CVE-2016-8331 | 1 Libtiff | 1 Libtiff | 2022-04-19 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. | |||||
| CVE-2020-13945 | 1 Apache | 1 Apisix | 2022-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. | |||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2022-04-18 | 4.3 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product. | |||||
| CVE-2021-43442 | 1 I3international | 6 Ax46, Ax46 Firmware, Ax68 and 3 more | 2022-04-18 | 6.8 MEDIUM | 8.1 HIGH |
| A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | |||||
| CVE-2022-26635 | 1 Php | 1 Memcached | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. | |||||
| CVE-2022-25339 | 1 Owncloud | 1 Owncloud | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
| ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | |||||
| CVE-2022-0677 | 1 Bitdefender | 3 Endpoint Security Tools, Gravityzone, Update Server | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. | |||||
| CVE-2022-22563 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 2.1 LOW | 4.4 MEDIUM |
| Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. | |||||
| CVE-2022-25338 | 1 Owncloud | 1 Owncloud | 2022-04-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | |||||
| CVE-2022-23446 | 1 Fortinet | 1 Fortiedr | 2022-04-13 | 2.1 LOW | 4.4 MEDIUM |
| A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. | |||||
| CVE-2021-33010 | 1 Aveva | 1 System Platform | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | |||||
| CVE-2021-27497 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | |||||
| CVE-2021-23362 | 2 Npmjs, Siemens | 2 Hosted-git-info, Sinec Infrastructure Network Services | 2022-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | |||||
| CVE-2022-26019 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2022-04-07 | 8.5 HIGH | 8.8 HIGH |
| Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | |||||
| CVE-2021-22884 | 5 Fedoraproject, Netapp, Nodejs and 2 more | 13 Fedora, Active Iq Unified Manager, E-series Performance Analyzer and 10 more | 2022-04-06 | 5.1 MEDIUM | 7.5 HIGH |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | |||||