Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21973 | 1 Microsoft | 4 Windows 7, Windows 8.1, Windows Rt 8.1 and 1 more | 2022-03-14 | 2.1 LOW | 5.5 MEDIUM |
| Windows Media Center Update Denial of Service Vulnerability. | |||||
| CVE-2022-21967 | 1 Microsoft | 2 Windows 10, Windows 11 | 2022-03-14 | 4.4 MEDIUM | 7.0 HIGH |
| Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. | |||||
| CVE-2022-24739 | 1 Alltube Project | 1 Alltube | 2022-03-14 | 4.0 MEDIUM | 6.1 MEDIUM |
| alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. | |||||
| CVE-2022-0767 | 1 Calibre-web Project | 1 Calibre-web | 2022-03-14 | 7.5 HIGH | 9.9 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2021-46703 | 1 Razorengine Project | 1 Razorengine | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-25549 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. | |||||
| CVE-2022-25547 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | |||||
| CVE-2022-25566 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | |||||
| CVE-2022-25558 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter. | |||||
| CVE-2022-25557 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter. | |||||
| CVE-2022-25555 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter. | |||||
| CVE-2022-25554 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter. | |||||
| CVE-2022-25553 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. | |||||
| CVE-2022-25552 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. | |||||
| CVE-2022-25551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. | |||||
| CVE-2022-25550 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. | |||||
| CVE-2022-25548 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. | |||||
| CVE-2022-25546 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. | |||||
| CVE-2022-0813 | 1 Phpmyadmin | 1 Phpmyadmin | 2022-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | |||||
| CVE-2021-44632 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-11 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||