Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44215 | 1 Northern.tech | 1 Cfengine | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. | |||||
| CVE-2021-44421 | 1 Occlum Project | 1 Occlum | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis. | |||||
| CVE-2021-44827 | 1 Tp-link | 2 Archer C20i, Archer C20i Firmware | 2022-03-15 | 9.0 HIGH | 8.8 HIGH |
| There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | |||||
| CVE-2021-40846 | 1 Tradingpaints | 1 Trading Paints | 2022-03-15 | 7.6 HIGH | 7.5 HIGH |
| An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. | |||||
| CVE-2017-9735 | 3 Debian, Eclipse, Oracle | 7 Debian Linux, Jetty, Communications Cloud Native Core Policy and 4 more | 2022-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | |||||
| CVE-2021-42857 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2021-43969 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 7.8 HIGH | 6.5 MEDIUM |
| The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter. | |||||
| CVE-2021-43970 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM). | |||||
| CVE-2021-35251 | 1 Solarwinds | 1 Web Help Desk | 2022-03-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. | |||||
| CVE-2021-34122 | 1 Ffjpeg Project | 1 Ffjpeg | 2022-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. | |||||
| CVE-2021-3698 | 2 Cockpit-project, Redhat | 2 Cockpit, Enterprise Linux | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2022-25325 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | |||||
| CVE-2022-25230 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. | |||||
| CVE-2022-25234 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. | |||||
| CVE-2022-25108 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. | |||||
| CVE-2022-21219 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2021-29491 | 2022-03-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28860. Reason: This candidate is a reservation duplicate of CVE-2021-28860. Notes: All CVE users should reference CVE-2021-28860 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2022-03-14 | 4.6 MEDIUM | 7.8 HIGH |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | |||||
| CVE-2020-36517 | 1 Home-assistant | 1 Home-assistant | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. | |||||
| CVE-2022-24501 | 1 Microsoft | 1 Vp9 Video Extensions | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24451. | |||||