Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-33581 | 1 Softwareag | 1 Mashzone Nextgen | 2022-04-05 | 6.5 MEDIUM | 7.2 HIGH |
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. | |||||
CVE-2021-33208 | 1 Softwareag | 1 Mashzone Nextgen | 2022-04-05 | 6.5 MEDIUM | 7.2 HIGH |
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. | |||||
CVE-2022-26949 | 1 Rsa | 1 Archer | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. | |||||
CVE-2022-26948 | 1 Rsa | 1 Archer | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | |||||
CVE-2022-26947 | 1 Rsa | 1 Archer | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
CVE-2021-41594 | 1 Rsa | 1 Archer | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. | |||||
CVE-2022-1087 | 1 Htmly | 1 Htmly | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. | |||||
CVE-2022-1085 | 1 Cltphp | 1 Cltphp | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-26951 | 1 Rsa | 1 Archer | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
CVE-2022-26950 | 1 Rsa | 1 Archer | 2022-04-05 | 5.8 MEDIUM | 6.1 MEDIUM |
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | |||||
CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
CVE-2019-12266 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2022-04-05 | 10.0 HIGH | 9.8 CRITICAL |
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | |||||
CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2022-04-05 | 6.5 MEDIUM | 7.4 HIGH |
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | |||||
CVE-2022-24131 | 1 Douco | 1 Douphp | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | |||||
CVE-2022-1172 | 1 Gpac | 1 Gpac | 2022-04-05 | 4.3 MEDIUM | 5.0 MEDIUM |
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||||
CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | |||||
CVE-2019-15681 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. | |||||
CVE-2019-13115 | 5 Debian, F5, Fedoraproject and 2 more | 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more | 2022-04-05 | 5.8 MEDIUM | 8.1 HIGH |
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. | |||||
CVE-2021-40490 | 4 Debian, Fedoraproject, Linux and 1 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2022-04-05 | 4.4 MEDIUM | 7.0 HIGH |
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | |||||
CVE-2020-23903 | 2 Fedoraproject, Xiph | 2 Fedora, Speex | 2022-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. |