Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28033 | 1 Thedigitalcraft | 1 Atomcms | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php | |||||
CVE-2022-28032 | 1 Thedigitalcraft | 1 Atomcms | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php | |||||
CVE-2022-28036 | 1 Thedigitalcraft | 1 Atomcms | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php | |||||
CVE-2022-27576 | 1 Google | 1 Android | 2022-04-18 | 4.3 MEDIUM | 3.3 LOW |
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | |||||
CVE-2021-43442 | 1 I3international | 6 Ax46, Ax46 Firmware, Ax68 and 3 more | 2022-04-18 | 6.8 MEDIUM | 8.1 HIGH |
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | |||||
CVE-2019-14277 | 1 Axway | 1 Securetransport | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.” | |||||
CVE-2021-22055 | 1 Vmware | 1 Photon Os | 2022-04-18 | 5.0 MEDIUM | 5.3 MEDIUM |
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. | |||||
CVE-2022-1286 | 1 Mruby | 1 Mruby | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | |||||
CVE-2022-27575 | 1 Google | 1 Android | 2022-04-18 | 4.3 MEDIUM | 3.3 LOW |
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | |||||
CVE-2022-27574 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 7.2 HIGH |
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | |||||
CVE-2022-27573 | 1 Google | 1 Android | 2022-04-18 | 6.5 MEDIUM | 7.2 HIGH |
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | |||||
CVE-2022-27572 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | |||||
CVE-2022-27571 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
CVE-2022-27570 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
CVE-2022-27569 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
CVE-2022-27568 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
CVE-2022-27567 | 1 Google | 1 Android | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | |||||
CVE-2022-26099 | 1 Google | 1 Android | 2022-04-18 | 6.4 MEDIUM | 9.1 CRITICAL |
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. | |||||
CVE-2022-27577 | 1 Sick | 2 Msc800, Msc800 Firmware | 2022-04-18 | 6.4 MEDIUM | 9.1 CRITICAL |
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. | |||||
CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. |