Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24416 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24415 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2021-42577 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. | |||||
| CVE-2021-42262 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2022-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. | |||||
| CVE-2022-26337 | 1 Trendmicro | 1 Password Manager | 2022-03-18 | 9.3 HIGH | 7.8 HIGH |
| Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. | |||||
| CVE-2022-24419 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24420 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24421 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2022-03-18 | 7.2 HIGH | 7.8 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24726 | 1 Istio | 1 Istio | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities. | |||||
| CVE-2022-23731 | 1 Lg | 1 Webos | 2022-03-18 | 4.6 MEDIUM | 7.8 HIGH |
| V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | |||||
| CVE-2022-23730 | 1 Lg | 1 Webos | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| The public API error causes for the attacker to be able to bypass API access control. | |||||
| CVE-2022-23625 | 1 Wire | 2 Wire, Wire-ios-transport | 2022-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2021-33150 | 1 Intel | 419 Atom C2308, Atom C2316, Atom C2338 and 416 more | 2022-03-18 | 4.6 MEDIUM | 6.8 MEDIUM |
| Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-32475 | 1 Moodle | 1 Moodle | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2021-32473 | 1 Moodle | 1 Moodle | 2022-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected | |||||
| CVE-2021-26341 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2022-03-18 | 2.1 LOW | 6.5 MEDIUM |
| Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | |||||
| CVE-2021-26401 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2022-03-18 | 1.9 LOW | 5.6 MEDIUM |
| LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | |||||
| CVE-2021-44667 | 1 Alibaba | 1 Nacos | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. | |||||
| CVE-2022-26533 | 1 Alist Project | 1 Alist | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. | |||||
| CVE-2022-0926 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||