Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27052 | 1 Freesshd | 1 Freeftpd | 2022-04-08 | 7.2 HIGH | 7.8 HIGH |
| FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
| CVE-2022-27963 | 2 Microsoft, Netsarang | 2 Windows, Xftp | 2022-04-08 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-21235 | 1 Vcs Project | 1 Vcs | 2022-04-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2022-27534 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | |||||
| CVE-2021-35089 | 1 Qualcomm | 6 Qca6574au, Qca6574au Firmware, Qca6696 and 3 more | 2022-04-08 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto | |||||
| CVE-2021-35088 | 1 Qualcomm | 370 Aqt1000, Aqt1000 Firmware, Ar8035 and 367 more | 2022-04-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-44135 | 1 Pagekit | 1 Pagekit | 2022-04-08 | 10.0 HIGH | 9.8 CRITICAL |
| pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | |||||
| CVE-2022-24181 | 1 Public Knowledge Project | 1 Open Journal Systems | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | |||||
| CVE-2022-0469 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0463 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | |||||
| CVE-2021-30329 | 1 Qualcomm | 106 Ar8035, Ar8035 Firmware, Qca6390 and 103 more | 2022-04-08 | 7.8 HIGH | 7.5 HIGH |
| Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-23851 | 1 Bosch | 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more | 2022-04-08 | 6.5 MEDIUM | 7.2 HIGH |
| A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | |||||
| CVE-2021-23850 | 1 Bosch | 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more | 2022-04-08 | 6.5 MEDIUM | 7.2 HIGH |
| A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | |||||
| CVE-2021-30328 | 1 Qualcomm | 96 Ar8035, Ar8035 Firmware, Qca6390 and 93 more | 2022-04-08 | 7.8 HIGH | 7.5 HIGH |
| Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-1950 | 1 Qualcomm | 184 Ar8035, Ar8035 Firmware, Csr8811 and 181 more | 2022-04-08 | 7.2 HIGH | 7.8 HIGH |
| Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-0604 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0456 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. | |||||
| CVE-2022-0453 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0609 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-1942 | 1 Qualcomm | 222 Aqt1000, Aqt1000 Firmware, Ar8031 and 219 more | 2022-04-08 | 7.2 HIGH | 8.8 HIGH |
| Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||