Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25445 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | |||||
| CVE-2022-25434 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. | |||||
| CVE-2022-25433 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. | |||||
| CVE-2022-25431 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. | |||||
| CVE-2022-25427 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | |||||
| CVE-2022-25457 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | |||||
| CVE-2022-25456 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. | |||||
| CVE-2022-25605 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2022-03-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | |||||
| CVE-2022-27209 | 1 Kubernetes | 1 Continuous Deploy | 2022-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2022-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25603 | 1 Maxfoundry | 1 Maxgalleria | 2022-03-24 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | |||||
| CVE-2022-23989 | 1 Stormshield | 1 Network Security | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | |||||
| CVE-2022-22588 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. | |||||
| CVE-2022-22644 | 1 Apple | 1 Macos | 2022-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts. | |||||
| CVE-2021-30921 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen. | |||||
| CVE-2022-0758 | 1 Rapid7 | 1 Nexpose | 2022-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. | |||||
| CVE-2022-0237 | 1 Rapid7 | 1 Insight Agent | 2022-03-24 | 7.2 HIGH | 7.8 HIGH |
| Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. | |||||
| CVE-2022-26504 | 1 Veeam | 1 Backup \& Replication | 2022-03-24 | 9.0 HIGH | 8.8 HIGH |
| Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | |||||
| CVE-2022-22654 | 1 Apple | 2 Safari, Watchos | 2022-03-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-22642 | 1 Apple | 2 Ipados, Iphone Os | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | |||||