Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20047 | 2 Google, Mediatek | 11 Android, Mt5816, Mt5835 and 8 more | 2022-03-15 | 7.2 HIGH | 7.8 HIGH |
| In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. | |||||
| CVE-2022-0904 | 1 Mattermost | 1 Mattermost Server | 2022-03-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document. | |||||
| CVE-2022-21146 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2022-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history. | |||||
| CVE-2022-0903 | 1 Mattermost | 1 Mattermost Server | 2022-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body. | |||||
| CVE-2022-0856 | 1 Libcaca Project | 1 Libcaca | 2022-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service | |||||
| CVE-2021-42853 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2021-42854 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2021-4023 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2022-03-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. | |||||
| CVE-2021-44750 | 2 F-secure, Microsoft | 6 Client Security, Countercept, Elements and 3 more | 2022-03-15 | 8.5 HIGH | 7.3 HIGH |
| An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands. | |||||
| CVE-2021-42856 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. | |||||
| CVE-2022-23613 | 2 Fedoraproject, Neutrinolabs | 2 Fedora, Xrdp | 2022-03-15 | 7.2 HIGH | 7.8 HIGH |
| xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds. | |||||
| CVE-2022-22994 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP. | |||||
| CVE-2021-46408 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-03-15 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. | |||||
| CVE-2021-41180 | 1 Nextcloud | 1 Talk | 2022-03-15 | 4.0 MEDIUM | 6.1 MEDIUM |
| Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. | |||||
| CVE-2022-0352 | 1 Calibre-web Project | 1 Calibre-web | 2022-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-26318 | 1 Watchguard | 1 Fireware | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-24522 | 1 Microsoft | 1 Skype Extension | 2022-03-15 | 2.6 LOW | 6.5 MEDIUM |
| Skype Extension for Chrome Information Disclosure Vulnerability. | |||||
| CVE-2022-24526 | 1 Microsoft | 1 Visual Studio Code | 2022-03-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| Visual Studio Code Spoofing Vulnerability. | |||||
| CVE-2021-36777 | 1 Opensuse | 1 Open Build Service | 2022-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. | |||||
| CVE-2021-44216 | 1 Northern.tech | 1 Cfengine | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. | |||||