Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8446 | 1 Atlassian | 1 Jira Server | 2022-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | |||||
| CVE-2017-18102 | 1 Atlassian | 1 Jira Server | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup. | |||||
| CVE-2017-14594 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | |||||
| CVE-2015-8481 | 1 Atlassian | 3 Jira Core, Jira Server, Jira Service Desk | 2022-03-28 | 3.5 LOW | 3.1 LOW |
| Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | |||||
| CVE-2022-26620 | 2022-03-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-26200 | 2022-03-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-22652 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-25 | 3.6 LOW | 6.1 MEDIUM |
| The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. | |||||
| CVE-2022-22627 | 1 Apple | 2 Mac Os X, Macos | 2022-03-25 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2022-22593 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-03-25 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22591 | 1 Apple | 1 Macos | 2022-03-25 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-25390 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2022-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | |||||
| CVE-2022-25389 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2022-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. | |||||
| CVE-2022-25460 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. | |||||
| CVE-2022-25459 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. | |||||
| CVE-2022-25458 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. | |||||
| CVE-2022-22657 | 1 Apple | 3 Garageband, Logic Pro X, Macos | 2022-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-22639 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | |||||
| CVE-2022-22664 | 1 Apple | 3 Garageband, Logic Pro X, Macos | 2022-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-22597 | 1 Apple | 2 Mac Os X, Macos | 2022-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2022-24091 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-03-25 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. | |||||