Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12400 | 3 Apache, Oracle, Redhat | 3 Santuario Xml Security For Java, Weblogic Server, Jboss Enterprise Application Platform | 2022-04-13 | 1.9 LOW | 5.5 MEDIUM |
| In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. | |||||
| CVE-2019-15166 | 8 Apple, Canonical, Debian and 5 more | 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2022-04-13 | 9.0 HIGH | 7.2 HIGH |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | |||||
| CVE-2022-26628 | 1 Matrimony Project | 1 Matrimony | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | |||||
| CVE-2021-3461 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-04-13 | 3.3 LOW | 7.1 HIGH |
| A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | |||||
| CVE-2021-33010 | 1 Aveva | 1 System Platform | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | |||||
| CVE-2021-33008 | 1 Aveva | 1 System Platform | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | |||||
| CVE-2022-0466 | 1 Google | 1 Chrome | 2022-04-13 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-32994 | 1 Softing | 1 Opc Ua C\+\+ Software Development Kit | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. | |||||
| CVE-2022-23700 | 1 Hp | 1 Oneview | 2022-04-13 | 2.1 LOW | 5.5 MEDIUM |
| A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2021-32984 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization. | |||||
| CVE-2022-23699 | 1 Hp | 1 Oneview | 2022-04-13 | 4.6 MEDIUM | 7.8 HIGH |
| A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2021-32985 | 1 Aveva | 1 System Platform | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | |||||
| CVE-2021-32981 | 1 Aveva | 1 System Platform | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | |||||
| CVE-2021-32977 | 1 Aveva | 1 System Platform | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. | |||||
| CVE-2022-23698 | 1 Hp | 1 Oneview | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-24813 | 1 Miraheze | 1 Createwiki | 2022-04-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki's GitHub repository. | |||||
| CVE-2022-27609 | 1 Forcepoint | 1 One Endpoint | 2022-04-12 | 3.6 LOW | 6.0 MEDIUM |
| Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it. | |||||
| CVE-2022-23909 | 2 Gimmal, Microsoft | 2 Sherpa Connector Service, Windows | 2022-04-12 | 7.2 HIGH | 7.8 HIGH |
| There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file. | |||||
| CVE-2022-1212 | 1 Mruby | 1 Mruby | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | |||||