Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24292 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-26197 | 1 Joget | 1 Joget Dx | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. | |||||
| CVE-2022-24291 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2022-03-29 | 7.8 HIGH | 7.5 HIGH |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-23881 | 1 Zzzcms | 1 Zzzphp | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. | |||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | |||||
| CVE-2022-26263 | 1 Yonyou | 1 U8\+ | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. | |||||
| CVE-2021-20323 | 1 Redhat | 1 Keycloak | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | |||||
| CVE-2022-25523 | 1 Typesettercms | 1 Typesetter | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | |||||
| CVE-2022-25582 | 1 Classcms Project | 1 Classcms | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. | |||||
| CVE-2022-24643 | 1 Open-emr | 1 Openemr | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27466 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27462 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2022-25576 | 1 Anchorcms | 1 Anchor Cms | 2022-03-29 | 3.5 LOW | 4.5 MEDIUM |
| Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | |||||
| CVE-2022-26301 | 1 Yejiao | 1 Tuzicms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | |||||
| CVE-2022-22951 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2022-03-29 | 9.0 HIGH | 9.1 CRITICAL |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution. | |||||
| CVE-2021-41192 | 1 Redash | 1 Redash | 2022-03-29 | 3.5 LOW | 6.5 MEDIUM |
| Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory. | |||||
| CVE-2021-1056 | 3 Debian, Linux, Nvidia | 3 Debian Linux, Linux Kernel, Gpu Driver | 2022-03-29 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | |||||
| CVE-2020-13817 | 4 Fujitsu, Netapp, Ntp and 1 more | 40 M10-1, M10-1 Firmware, M10-4 and 37 more | 2022-03-29 | 5.8 MEDIUM | 7.4 HIGH |
| ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. | |||||