Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25819 | 2 Google, Samsung | 2 Android, Exynos | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | |||||
| CVE-2022-25818 | 1 Google | 1 Android | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. | |||||
| CVE-2022-25822 | 1 Google | 1 Android | 2022-03-15 | 4.9 MEDIUM | 6.2 MEDIUM |
| An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | |||||
| CVE-2022-25821 | 2 Google, Samsung | 2 Android, Exynos | 2022-03-15 | 3.6 LOW | 7.1 HIGH |
| Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. | |||||
| CVE-2022-25820 | 1 Google | 1 Android | 2022-03-15 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | |||||
| CVE-2021-40376 | 1 Otris | 1 Update Manager | 2022-03-15 | 7.2 HIGH | 7.8 HIGH |
| otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. | |||||
| CVE-2021-42786 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. | |||||
| CVE-2022-23397 | 1 Cedargate | 1 Ez-net Portal | 2022-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2022-24506 | 1 Microsoft | 1 Azure Site Recovery | 2022-03-15 | 4.0 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. | |||||
| CVE-2022-24509 | 1 Microsoft | 2 365 Apps, Office | 2022-03-15 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510. | |||||
| CVE-2022-24510 | 1 Microsoft | 2 365 Apps, Office | 2022-03-15 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509. | |||||
| CVE-2022-24511 | 1 Microsoft | 3 365 Apps, Office, Word | 2022-03-15 | 1.9 LOW | 5.5 MEDIUM |
| Microsoft Office Word Tampering Vulnerability. | |||||
| CVE-2022-23383 | 1 Yzmcms | 1 Yzmcms | 2022-03-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. | |||||
| CVE-2022-22985 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2022-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. | |||||
| CVE-2022-21158 | 1 Marktext | 1 Marktext | 2022-03-15 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext. | |||||
| CVE-2022-21132 | 1 Pfsense | 1 Pfsense-pkg-wireguard | 2022-03-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. | |||||
| CVE-2022-22795 | 1 Signiant | 1 Manager\+agents | 2022-03-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine. | |||||
| CVE-2022-22814 | 1 Asus | 1 Myasus | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. | |||||
| CVE-2021-42787 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2022-26351 | 2022-03-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26320. Reason: This candidate is a reservation duplicate of CVE-2022-26320. Notes: All CVE users should reference CVE-2022-26320 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||