Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20708 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-20706 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-03-29 | 9.3 HIGH | 8.1 HIGH |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-20704 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-03-29 | 5.8 MEDIUM | 4.8 MEDIUM |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-26272 | 1 Ionizecms | 1 Ionize | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. | |||||
CVE-2022-20703 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-03-29 | 7.2 HIGH | 8.4 HIGH |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-24031 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
CVE-2021-43615 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
CVE-2021-43323 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
CVE-2021-42113 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 4.6 MEDIUM | 8.2 HIGH |
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
CVE-2021-42060 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||
CVE-2021-41841 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. | |||||
CVE-2022-26187 | 1 Totolink | 2 N600r, N600r Firmware | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | |||||
CVE-2022-25575 | 1 Hongmen | 1 Parking Management System | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. | |||||
CVE-2021-43084 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. | |||||
CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2022-03-29 | 4.3 MEDIUM | 7.5 HIGH |
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
CVE-2022-1058 | 1 Gitea | 1 Gitea | 2022-03-29 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | |||||
CVE-2022-0955 | 1 Pimcore | 1 Data-hub | 2022-03-29 | 3.5 LOW | 4.8 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4. | |||||
CVE-2022-26186 | 1 Totolink | 2 N600r, N600r Firmware | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. | |||||
CVE-2021-39491 | 1 Rengine Project | 1 Rengine | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | |||||
CVE-2021-43700 | 1 Apimanager Project | 1 Apimanager | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. |