Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40768 | 3 Adobe, Apple, Microsoft | 3 Character Animator, Macos, Windows | 2022-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40778 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40777 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-03-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40779 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-03-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40780 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-03-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2022-0970 | 1 Getgrav | 1 Grav | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | |||||
| CVE-2022-24733 | 1 Sylius | 1 Sylius | 2022-03-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app. | |||||
| CVE-2021-40782 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40781 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27214 | 1 Jenkins | 1 Release Helper | 2022-03-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-0964 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0966 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. | |||||
| CVE-2022-0965 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0963 | 1 Microweber | 1 Microweber | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2022-0968 | 1 Microweber | 1 Microweber | 2022-03-22 | 4.0 MEDIUM | 5.5 MEDIUM |
| The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2021-42552 | 1 Archivista | 1 Archivistabox | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I. | |||||
| CVE-2021-45786 | 1 Maccms | 1 Maccms | 2022-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | |||||
| CVE-2022-24578 | 1 Gpac | 1 Gpac | 2022-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. | |||||
| CVE-2021-45787 | 1 Maccms | 1 Maccms | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | |||||
| CVE-2022-0986 | 1 Hestiacp | 1 Control Panel | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | |||||