Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24746 | 1 Shopware | 1 Shopware | 2022-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. | |||||
| CVE-2022-24600 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. | |||||
| CVE-2022-0890 | 1 Mruby | 1 Mruby | 2022-03-17 | 7.1 HIGH | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. | |||||
| CVE-2021-44737 | 1 Lexmark | 467 6500e, 6500e Firmware, B2236 and 464 more | 2022-03-17 | 8.3 HIGH | 8.8 HIGH |
| PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. | |||||
| CVE-2021-44735 | 1 Lexmark | 236 B2236, B2236 Firmware, B2338 and 233 more | 2022-03-17 | 10.0 HIGH | 9.8 CRITICAL |
| Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | |||||
| CVE-2021-44736 | 1 Lexmark | 2 Mc3224i, Mc3224i Firmware | 2022-03-17 | 10.0 HIGH | 9.8 CRITICAL |
| The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | |||||
| CVE-2022-24603 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. | |||||
| CVE-2022-24602 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. | |||||
| CVE-2022-0339 | 1 Calibre-web Project | 1 Calibre-web | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-24601 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. | |||||
| CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2022-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2020-3265 | 1 Cisco | 15 Isr1100-4g, Isr1100-4gltegb, Isr1100-4gltena and 12 more | 2022-03-17 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | |||||
| CVE-2022-24608 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. | |||||
| CVE-2022-24738 | 1 Tharsis | 1 Evmos | 2022-03-17 | 5.8 MEDIUM | 7.4 HIGH |
| Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-23328 | 1 Ethereum | 1 Go Ethereum | 2022-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). | |||||
| CVE-2020-5419 | 2 Pivotal Software, Vmware | 2 Rabbitmq, Rabbitmq | 2022-03-17 | 4.6 MEDIUM | 6.7 MEDIUM |
| RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. | |||||
| CVE-2022-24744 | 1 Shopware | 1 Shopware | 2022-03-17 | 3.5 LOW | 3.5 LOW |
| Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
| CVE-2016-9877 | 2 Pivotal Software, Vmware | 2 Rabbitmq, Rabbitmq | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. | |||||
| CVE-2014-9650 | 1 Vmware | 1 Rabbitmq | 2022-03-17 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. | |||||
| CVE-2014-9649 | 1 Vmware | 1 Rabbitmq | 2022-03-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. | |||||