Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43551 | 1 Osisoft | 1 Pi Vision | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. | |||||
| CVE-2021-34593 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | |||||
| CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | |||||
| CVE-2016-0878 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. | |||||
| CVE-2016-0877 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 7.8 HIGH | 7.5 HIGH |
| Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | |||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||||
| CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||||
| CVE-2022-1068 | 1 Modbustools | 1 Modbus Slave | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. | |||||
| CVE-2022-1211 | 1 Tildearrow | 1 Furnace | 2022-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. | |||||
| CVE-2021-20238 | 1 Redhat | 2 Openshift Container Platform, Openshift Machine-config-operator | 2022-04-12 | 4.3 MEDIUM | 3.7 LOW |
| It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally. | |||||
| CVE-2022-1026 | 1 Kyocera | 1 Net Viewer | 2022-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | |||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2022-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | |||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2022-04-12 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||
| CVE-2021-44906 | 1 Substack | 1 Minimist | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). | |||||
| CVE-2020-13672 | 1 Drupal | 1 Drupal | 2022-04-12 | 2.6 LOW | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. | |||||
| CVE-2019-1010238 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. | |||||
| CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 5.0 MEDIUM | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||||
| CVE-2022-0373 | 1 Gitlab | 1 Gitlab | 2022-04-12 | 3.5 LOW | 4.3 MEDIUM |
| Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | |||||
| CVE-2020-27659 | 1 Synology | 1 Safeaccess | 2022-04-12 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | |||||
| CVE-2020-27660 | 1 Synology | 1 Safeaccess | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | |||||