Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25251 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | |||||
| CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | |||||
| CVE-2022-25249 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | |||||
| CVE-2022-25248 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | |||||
| CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | |||||
| CVE-2022-25246 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 9.0 HIGH | 8.8 HIGH |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. | |||||
| CVE-2022-23234 | 1 Netapp | 1 Snapcenter | 2022-03-28 | 2.1 LOW | 5.5 MEDIUM |
| SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. | |||||
| CVE-2022-0982 | 1 Accel-ppp | 1 Accel-ppp | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. | |||||
| CVE-2022-24595 | 1 Automotivelinux | 1 Kooky Koi | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required. | |||||
| CVE-2022-0959 | 1 Postgresql | 1 Pgadmin 4 | 2022-03-28 | 3.5 LOW | 6.5 MEDIUM |
| A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | |||||
| CVE-2022-0811 | 1 Kubernetes | 1 Cri-o | 2022-03-28 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. | |||||
| CVE-2021-45821 | 1 Btiteam | 1 Xbtit | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2022-26300 | 1 Eosio Project | 1 Eos | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. | |||||
| CVE-2021-42219 | 1 Ethereum | 1 Go Ethereum | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. | |||||
| CVE-2022-26295 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field. | |||||
| CVE-2022-26293 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. | |||||
| CVE-2022-21164 | 1 Node-lmdb Project | 1 Node-lmdb | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check. | |||||
| CVE-2021-45822 | 1 Btiteam | 1 Xbtit | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code. | |||||
| CVE-2022-26660 | 1 Robotronic | 1 Runasspc | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. | |||||
| CVE-2019-8451 | 1 Atlassian | 1 Jira Server | 2022-03-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | |||||