Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33024 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | |||||
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2022-04-08 | 4.4 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | |||||
| CVE-2022-1159 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2022-04-08 | 6.5 MEDIUM | 7.2 HIGH |
| Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | |||||
| CVE-2022-21830 | 1 Rocket.chat | 1 Livechat | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. | |||||
| CVE-2021-33022 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | |||||
| CVE-2021-33018 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | |||||
| CVE-2021-43459 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2022-04-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | |||||
| CVE-2021-43461 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2022-04-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. | |||||
| CVE-2022-0454 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-24440 | 1 Cocoapods | 1 Cocoapods-downloader | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2022-21223 | 1 Cocoapods | 1 Cocoapods-downloader | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2022-27964 | 2 Microsoft, Netsarang | 2 Windows, Xmanager | 2022-04-08 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2021-27501 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | |||||
| CVE-2022-23156 | 1 Dell | 1 Wyse Device Agent | 2022-04-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | |||||
| CVE-2022-0465 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. | |||||
| CVE-2022-0464 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | |||||
| CVE-2022-0468 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0460 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0458 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0606 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||