Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-27193 | 1 Cvrf-csaf-converter Project | 1 Cvrf-csaf-converter | 2022-03-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter. | |||||
| CVE-2022-0945 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0944 | 1 Sqlpad | 1 Sqlpad | 2022-03-21 | 6.5 MEDIUM | 7.2 HIGH |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | |||||
| CVE-2022-24762 | 1 Sysend.js Project | 1 Sysend.js | 2022-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages. | |||||
| CVE-2022-23924 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23925 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23926 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23927 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23929 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23928 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23930 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2021-32998 | 1 Fanuc | 18 R-30ia, R-30ia Firmware, R-30ia Mate and 15 more | 2022-03-21 | 8.8 HIGH | 7.4 HIGH |
| The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. | |||||
| CVE-2022-23931 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23932 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23934 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23933 | 1 Hp | 1 Pc Bios | 2022-03-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-25216 | 1 Dvdfab | 2 12 Player, Playerfab | 2022-03-21 | 7.8 HIGH | 7.5 HIGH |
| An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>. | |||||
| CVE-2022-0658 | 1 Wielebenwir | 1 Commonsbooking | 2022-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection | |||||
| CVE-2022-0280 | 2 Mcafee, Microsoft | 2 Total Protection, Windows | 2022-03-21 | 3.3 LOW | 6.3 MEDIUM |
| A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. | |||||