Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39116 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-03-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. | |||||
| CVE-2020-14177 | 1 Atlassian | 1 Jira Server | 2022-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. | |||||
| CVE-2021-42219 | 1 Ethereum | 1 Go Ethereum | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. | |||||
| CVE-2022-21164 | 1 Node-lmdb Project | 1 Node-lmdb | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check. | |||||
| CVE-2022-25390 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2022-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | |||||
| CVE-2022-25389 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2022-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. | |||||
| CVE-2022-27243 | 1 Misp | 1 Misp | 2022-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. | |||||
| CVE-2021-30826 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection. | |||||
| CVE-2020-29451 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2022-03-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1. | |||||
| CVE-2020-36235 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2022-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. | |||||
| CVE-2018-5231 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. | |||||
| CVE-2019-8448 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |||||
| CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2022-03-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2022-23989 | 1 Stormshield | 1 Network Security | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | |||||
| CVE-2022-22644 | 1 Apple | 1 Macos | 2022-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts. | |||||
| CVE-2022-22642 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | |||||
| CVE-2022-22671 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 2.1 LOW | 4.6 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||||
| CVE-2022-22632 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. | |||||
| CVE-2022-22659 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2022-22670 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2022-03-24 | 4.3 MEDIUM | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. | |||||