Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21170 | 1 Daj | 6 Dspa-15000 M5, Dspa-2000 M4, Dspa-4000 M4 and 3 more | 2022-03-16 | 4.3 MEDIUM | 3.7 LOW |
| Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. | |||||
| CVE-2021-38491 | 1 Mozilla | 1 Firefox | 2022-03-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. | |||||
| CVE-2022-24398 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-03-16 | 3.5 LOW | 6.5 MEDIUM |
| Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | |||||
| CVE-2013-3523 | 1 Gajennings | 1 This | 2022-03-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | |||||
| CVE-2022-23709 | 1 Elastic | 1 Kibana | 2022-03-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. | |||||
| CVE-2021-29987 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2022-03-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2022-0433 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2022-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. | |||||
| CVE-2021-29982 | 1 Mozilla | 2 Firefox, Thunderbird | 2022-03-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2021-29981 | 1 Mozilla | 2 Firefox, Thunderbird | 2022-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2021-29977 | 1 Mozilla | 1 Firefox | 2022-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29975 | 1 Mozilla | 1 Firefox | 2022-03-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29974 | 1 Mozilla | 1 Firefox | 2022-03-16 | 2.6 LOW | 4.3 MEDIUM |
| When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90. | |||||
| CVE-2020-12504 | 3 Korenix, Pepperl-fuchs, Westermo | 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | |||||
| CVE-2021-32006 | 1 Secomea | 1 Gatemanager | 2022-03-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. | |||||
| CVE-2022-25368 | 2 Amperecomputing, Arm | 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more | 2022-03-15 | 1.9 LOW | 4.7 MEDIUM |
| Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. | |||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2022-03-15 | 6.5 MEDIUM | 7.2 HIGH |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | |||||
| CVE-2022-25814 | 1 Google | 1 Android | 2022-03-15 | 4.6 MEDIUM | 7.8 HIGH |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25816 | 1 Google | 1 Android | 2022-03-15 | 2.1 LOW | 4.6 MEDIUM |
| Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication | |||||
| CVE-2022-25815 | 1 Google | 1 Android | 2022-03-15 | 4.6 MEDIUM | 7.8 HIGH |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25817 | 1 Google | 1 Android | 2022-03-15 | 2.1 LOW | 3.3 LOW |
| Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||||