Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0880 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | |||||
| CVE-2021-23246 | 1 Oppo | 2 Ace2, Coloros | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | |||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2022-03-18 | 9.0 HIGH | 9.8 CRITICAL |
| The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. | |||||
| CVE-2022-0913 | 1 Microweber | 1 Microweber | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0912 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2020-3425 | 1 Cisco | 110 4221 Integrated Services Router, 4321 Integrated Services Router, 4331 Integrated Services Router and 107 more | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-1740 | 1 Cisco | 2 Ios, Ios Xe | 2022-03-18 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2019-1737 | 1 Cisco | 2 Ios, Ios Xe | 2022-03-18 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device. | |||||
| CVE-2022-0930 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2022-0929 | 1 Microweber | 1 Microweber | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-26967 | 1 Gpac | 1 Gpac | 2022-03-18 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. | |||||
| CVE-2021-43954 | 1 Atlassian | 2 Crucible, Fisheye | 2022-03-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2021-44585 | 1 Jeecg | 1 Jeecg Boot | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | |||||
| CVE-2022-0937 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0938 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0341 | 1 B3log | 1 Vditor | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | |||||
| CVE-2022-0940 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2021-38910 | 1 Ibm | 1 Datapower Gateway | 2022-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. | |||||
| CVE-2021-44673 | 1 Croogo | 1 Croogo | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | |||||
| CVE-2022-0941 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||