Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1071 | 1 Mruby | 1 Mruby | 2022-03-30 | 6.8 MEDIUM | 8.2 HIGH |
| User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | |||||
| CVE-2022-27945 | 1 Netgear | 2 R8500, R8500 Firmware | 2022-03-30 | 9.0 HIGH | 8.8 HIGH |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | |||||
| CVE-2022-27946 | 1 Netgear | 2 R8500, R8500 Firmware | 2022-03-30 | 9.0 HIGH | 8.8 HIGH |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | |||||
| CVE-2022-27947 | 1 Netgear | 2 R8500, R8500 Firmware | 2022-03-30 | 9.0 HIGH | 8.8 HIGH |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | |||||
| CVE-2022-26198 | 1 Notable | 1 Notable | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. | |||||
| CVE-2022-0550 | 1 Nozominetworks | 2 Cmc, Guardian | 2022-03-30 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | |||||
| CVE-2020-20095 | 1 Apple | 1 Imessage | 2022-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | |||||
| CVE-2022-27884 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | |||||
| CVE-2022-27885 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | |||||
| CVE-2022-27886 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | |||||
| CVE-2022-25606 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | |||||
| CVE-2022-27887 | 1 Maccms | 1 Maccms | 2022-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | |||||
| CVE-2022-0687 | 1 Tms-outsource | 1 Amelia | 2022-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. | |||||
| CVE-2021-24958 | 1 Mekshq | 1 Meks Easy Photo Feed Widget | 2022-03-30 | 3.5 LOW | 5.4 MEDIUM |
| The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them | |||||
| CVE-2021-2010 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Active Iq Unified Manager, Oncommand Insight and 2 more | 2022-03-30 | 4.9 MEDIUM | 4.2 MEDIUM |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2021-2006 | 3 Fedoraproject, Netapp, Oracle | 5 Fedora, Active Iq Unified Manager, Oncommand Insight and 2 more | 2022-03-30 | 6.3 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2021-1998 | 3 Fedoraproject, Netapp, Oracle | 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more | 2022-03-30 | 5.5 MEDIUM | 3.8 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | |||||
| CVE-2022-0534 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). | |||||
| CVE-2022-22854 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | |||||