Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26620 | 1 Iptime | 18 Nas-i, Nas-i Firmware, Nas-ii and 15 more | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords. | |||||
| CVE-2022-25590 | 1 Surveyking | 1 Surveyking | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. | |||||
| CVE-2021-26621 | 1 Netu | 2 Mex01, Mex01 Firmware | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. | |||||
| CVE-2021-26622 | 2 Genians, Microsoft | 2 Genian Nac, Windows | 2022-03-31 | 10.0 HIGH | 10.0 CRITICAL |
| An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. | |||||
| CVE-2021-44683 | 1 Duckduckgo | 1 Duckduckgo | 2022-03-31 | 5.8 MEDIUM | 8.2 HIGH |
| The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site. | |||||
| CVE-2020-13933 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2022-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | |||||
| CVE-2020-9675 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9674 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9676 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-1957 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | |||||
| CVE-2020-9801 | 1 Apple | 1 Safari | 2022-03-30 | 4.6 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application. | |||||
| CVE-2020-9856 | 1 Apple | 1 Mac Os X | 2022-03-30 | 4.6 MEDIUM | 5.3 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. | |||||
| CVE-2020-9773 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-30 | 4.3 MEDIUM | 3.3 LOW |
| The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed. | |||||
| CVE-2022-0289 | 1 Google | 1 Chrome | 2022-03-30 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-25487 | 1 Thedigitalcraft | 1 Atomcms | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | |||||
| CVE-2022-25577 | 1 Alf-banco | 1 Alf-banco | 2022-03-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. | |||||
| CVE-2021-44768 | 1 Deltaww | 1 Cncsoft Screeneditor | 2022-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. | |||||
| CVE-2022-22274 | 1 Sonicwall | 33 Nsa 2700, Nsa 3700, Nsa 4700 and 30 more | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | |||||
| CVE-2022-22995 | 1 Westerndigital | 22 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 19 more | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | |||||
| CVE-2022-27938 | 1 Libsixel Project | 1 Libsixel | 2022-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | |||||