Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26851 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. | |||||
| CVE-2022-26675 | 1 Aenrich | 1 A\+hrd | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | |||||
| CVE-2022-26852 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. | |||||
| CVE-2020-27376 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2022-04-14 | 8.3 HIGH | 8.8 HIGH |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. | |||||
| CVE-2020-27375 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2022-04-14 | 3.3 LOW | 6.5 MEDIUM |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. | |||||
| CVE-2022-26855 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 2.1 LOW | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. | |||||
| CVE-2022-26854 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access | |||||
| CVE-2022-26676 | 1 Aenrich | 1 A\+hrd | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | |||||
| CVE-2021-43009 | 1 Opservices | 1 Opmon | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. | |||||
| CVE-2021-43515 | 1 Kimai | 1 Kimai | 2022-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. | |||||
| CVE-2021-45893 | 1 Zauner | 1 Arc | 2022-04-14 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. | |||||
| CVE-2021-45892 | 1 Zauner | 1 Arc | 2022-04-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. | |||||
| CVE-2021-36202 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | |||||
| CVE-2021-45894 | 1 Zauner | 1 Arc | 2022-04-14 | 2.6 LOW | 5.9 MEDIUM |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. | |||||
| CVE-2022-26670 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2022-04-14 | 8.3 HIGH | 8.8 HIGH |
| D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | |||||
| CVE-2021-41751 | 1 Jerryscript | 1 Jerryscript | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021. | |||||
| CVE-2021-41752 | 1 Jerryscript | 1 Jerryscript | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | |||||
| CVE-2022-1240 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | |||||
| CVE-2022-27351 | 1 Zoo Management System Project | 1 Zoo Management System | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-24822 | 1 Finn | 2 Podium Layout, Podium Proxy | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading. | |||||