Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32945 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | |||||
| CVE-2021-43455 | 1 Freelan | 1 Freelan | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | |||||
| CVE-2021-43454 | 1 Anytxt | 1 Anytxt Searcher | 2022-04-11 | 4.6 MEDIUM | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . | |||||
| CVE-2022-0864 | 1 Updraftplus | 1 Updraftplus | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-43460 | 1 Systemexplorer | 1 System Explorer | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. | |||||
| CVE-2021-22277 | 1 Abb | 4 800xa, Base Software, Compact Product Suite and 1 more | 2022-04-11 | 7.8 HIGH | 7.5 HIGH |
| Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | |||||
| CVE-2021-43463 | 1 Ext2 File System Driver Project | 1 Ext2 File System Driver | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. | |||||
| CVE-2021-27223 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2022-04-11 | 2.1 LOW | 5.5 MEDIUM |
| A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS | |||||
| CVE-2021-32953 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | |||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | |||||
| CVE-2022-1185 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file | |||||
| CVE-2022-28379 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. | |||||
| CVE-2022-28378 | 1 Craftcms | 1 Craft Cms | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.7.29 allows XSS. | |||||
| CVE-2022-1174 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | |||||
| CVE-2022-0459 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0470 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0457 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0455 | 1 Google | 2 Android, Chrome | 2022-04-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0607 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0605 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||