Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1186 | 1 Web-x.co | 1 Be Popia Compliant | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5. | |||||
| CVE-2021-43296 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | |||||
| CVE-2021-43295 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | |||||
| CVE-2021-43294 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | |||||
| CVE-2022-26595 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-04-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. | |||||
| CVE-2019-20634 | 1 Proofpoint | 1 Email Protection | 2022-04-27 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. | |||||
| CVE-2019-2725 | 1 Oracle | 8 Agile Plm, Communications Converged Application Server, Peoplesoft Enterprise Peopletools and 5 more | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-12768 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-04-27 | 2.1 LOW | 5.5 MEDIUM |
| ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. | |||||
| CVE-2022-1119 | 1 Simplefilelist | 1 Simple-file-list | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7. | |||||
| CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2022-04-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. | |||||
| CVE-2020-15900 | 3 Artifex, Canonical, Opensuse | 3 Ghostscript, Ubuntu Linux, Leap | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. | |||||
| CVE-2020-7491 | 1 Schneider-electric | 14 Tricon Tcm 4351, Tricon Tcm 4351 Firmware, Tricon Tcm 4351a and 11 more | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4. | |||||
| CVE-2020-6102 | 1 Amd | 1 Radeon Directx 11 Driver Atidxx64.dll | 2022-04-27 | 6.5 MEDIUM | 9.9 CRITICAL |
| An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). | |||||
| CVE-2022-0993 | 1 Siteground | 1 Siteground Security | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5. | |||||
| CVE-2022-0992 | 1 Siteground | 1 Siteground Security | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5. | |||||
| CVE-2021-4096 | 1 Radykal | 1 Fancy Product Designer | 2022-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | |||||
| CVE-2020-15780 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2022-04-27 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. | |||||
| CVE-2020-1400 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-04-27 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407. | |||||
| CVE-2020-12426 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2022-04-27 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-8992 | 4 Canonical, Linux, Netapp and 1 more | 11 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2022-04-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | |||||