Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38125 | 1 Microfocus | 1 Operations Bridge | 2022-04-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. | |||||
| CVE-2022-22355 | 1 Ibm | 1 Mq Appliance | 2022-04-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. | |||||
| CVE-2022-0989 | 1 Nsthemes | 1 Ns Watermark For Woocommerce | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | |||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-38930 | 1 Ibm | 2 System Storage Ds8000 Management Console, System Storage Ds8000 Management Console Firmware | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. | |||||
| CVE-2020-22253 | 1 Xiongmaitech | 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device. | |||||
| CVE-2019-19603 | 5 Apache, Netapp, Oracle and 2 more | 6 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 3 more | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | |||||
| CVE-2019-19244 | 4 Canonical, Oracle, Siemens and 1 more | 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | |||||
| CVE-2022-22410 | 1 Ibm | 1 Watson Query | 2022-04-15 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763. | |||||
| CVE-2022-27152 | 1 Roku | 11 Express, Express 4k\+, Roku Os and 8 more | 2022-04-15 | 2.7 LOW | 5.7 MEDIUM |
| Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | |||||
| CVE-2021-43517 | 1 Foscam | 2 Fi9805e, Fi9805e Firmware | 2022-04-15 | 10.0 HIGH | 9.8 CRITICAL |
| FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | |||||
| CVE-2021-38929 | 1 Ibm | 2 System Storage Ds8000 Management Console, System Storage Ds8000 Management Console Firmware | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. | |||||
| CVE-2022-27133 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. | |||||
| CVE-2022-25594 | 1 Program | 1 Parking Lot Management System | 2022-04-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information. | |||||
| CVE-2022-24822 | 1 Finn | 2 Podium Layout, Podium Proxy | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading. | |||||
| CVE-2013-5704 | 5 Apache, Apple, Canonical and 2 more | 16 Http Server, Mac Os X, Mac Os X Server and 13 more | 2022-04-14 | 5.0 MEDIUM | N/A |
| The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." | |||||
| CVE-2022-20754 | 1 Cisco | 1 Telepresence Video Communication Server | 2022-04-14 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20755 | 1 Cisco | 1 Telepresence Video Communication Server | 2022-04-14 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20756 | 1 Cisco | 1 Identity Services Engine | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information. | |||||
| CVE-2022-20675 | 1 Cisco | 4 Asyncos, Email Security Appliance, Secure Email And Web Manager and 1 more | 2022-04-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition. | |||||