Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27108 | 1 Orangehrm | 1 Orangehrm | 2022-04-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account. | |||||
| CVE-2022-23446 | 1 Fortinet | 1 Fortiedr | 2022-04-13 | 2.1 LOW | 4.4 MEDIUM |
| A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. | |||||
| CVE-2022-1246 | 2022-04-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1280. Reason: This candidate is a reservation duplicate of CVE-2022-1280. Notes: All CVE users should reference CVE-2022-1280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-32980 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active. | |||||
| CVE-2022-27107 | 1 Orangehrm | 1 Orangehrm | 2022-04-13 | 3.5 LOW | 5.4 MEDIUM |
| OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter | |||||
| CVE-2021-41026 | 1 Fortinet | 1 Fortiweb | 2022-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
| CVE-2022-23441 | 1 Fortinet | 1 Fortiedr | 2022-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | |||||
| CVE-2021-32585 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. | |||||
| CVE-2021-22127 | 1 Fortinet | 1 Forticlient | 2022-04-13 | 7.9 HIGH | 8.0 HIGH |
| An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name. | |||||
| CVE-2021-26116 | 1 Fortinet | 1 Fortiauthenticator | 2022-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2020-29013 | 1 Fortinet | 1 Fortisandbox | 2022-04-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | |||||
| CVE-2021-26113 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | |||||
| CVE-2021-30497 | 1 Ivanti | 1 Avalanche | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | |||||
| CVE-2021-38834 | 1 Easy-mock Project | 1 Easy Mock | 2022-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code. | |||||
| CVE-2022-1236 | 1 Weseek | 1 Growi | 2022-04-13 | 6.4 MEDIUM | 6.5 MEDIUM |
| Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0. | |||||
| CVE-2022-1235 | 1 Livehelperchat | 1 Live Helper Chat | 2022-04-13 | 6.4 MEDIUM | 8.2 HIGH |
| Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | |||||
| CVE-2021-46666 | 1 Mariadb | 1 Mariadb | 2022-04-13 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | |||||
| CVE-2022-27608 | 1 Forcepoint | 1 One Endpoint | 2022-04-13 | 3.6 LOW | 6.0 MEDIUM |
| Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it. | |||||
| CVE-2021-46662 | 1 Mariadb | 1 Mariadb | 2022-04-13 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | |||||
| CVE-2020-36229 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | |||||