Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27304 | 1 Student Grading System Project | 1 Student Grading System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||||
| CVE-2022-27124 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-27123 | 1 Employee Performance Evaluation Project | 1 Employee Performance Evaluation | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-0461 | 1 Google | 1 Chrome | 2022-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. | |||||
| CVE-2022-0603 | 1 Google | 2 Chrome, Chrome Os | 2022-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-43458 | 1 Vembu | 1 Bdr Suite | 2022-04-12 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | |||||
| CVE-2022-0922 | 1 Philips | 2 E-alert, E-alert Firmware | 2022-04-12 | 5.7 MEDIUM | 6.5 MEDIUM |
| The software does not perform any authentication for critical system functionality. | |||||
| CVE-2021-32960 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2022-04-12 | 6.0 MEDIUM | 8.8 HIGH |
| Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. | |||||
| CVE-2021-28504 | 1 Arista | 18 Ccs-710p-12, Ccs-710p-16p, Ccs-720xp-24y6 and 15 more | 2022-04-12 | 4.3 MEDIUM | 7.5 HIGH |
| On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | |||||
| CVE-2021-43457 | 1 Bvpn | 1 Bvpn | 2022-04-12 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. | |||||
| CVE-2022-22332 | 1 Ibm | 1 Partner Engagement Manager | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. | |||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2022-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | |||||
| CVE-2022-22327 | 1 Ibm | 1 Urbancode Deploy | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. | |||||
| CVE-2019-19282 | 1 Siemens | 6 Openpcs 7, Simatic Batch, Simatic Net Pc and 3 more | 2022-04-12 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction. | |||||
| CVE-2019-13946 | 1 Siemens | 101 Dk Standard Ethernet Controller, Ek-ertec 200, Ek-ertec 200 Firmware and 98 more | 2022-04-12 | 7.8 HIGH | 7.5 HIGH |
| Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. | |||||
| CVE-2016-8562 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2022-04-12 | 3.5 LOW | 5.3 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service. | |||||
| CVE-2016-8561 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2022-04-12 | 6.0 MEDIUM | 6.6 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. | |||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | |||||
| CVE-2022-26585 | 1 Mingsoft | 1 Mcms | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | |||||
| CVE-2022-27442 | 1 Tpcms Project | 1 Tpcms | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. | |||||