Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14111 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2022-03-11 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. | |||||
| CVE-2022-24753 | 2 Microsoft, Stripe | 2 Windows, Stripe Cli | 2022-03-11 | 4.4 MEDIUM | 7.0 HIGH |
| Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue. | |||||
| CVE-2022-24323 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2022-03-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior) | |||||
| CVE-2022-24322 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2022-03-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior) | |||||
| CVE-2021-22783 | 1 Schneider-electric | 1 Ritto Wiser Door | 2022-03-11 | 4.8 MEDIUM | 7.6 HIGH |
| A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) | |||||
| CVE-2022-0022 | 1 Paloaltonetworks | 1 Pan-os | 2022-03-11 | 4.6 MEDIUM | 4.4 MEDIUM |
| Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7. | |||||
| CVE-2022-25312 | 1 Apache | 1 Any23 | 2022-03-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. | |||||
| CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2022-03-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | |||||
| CVE-2021-32008 | 1 Secomea | 1 Gatemanager | 2022-03-11 | 8.5 HIGH | 8.7 HIGH |
| This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. | |||||
| CVE-2021-27756 | 1 Hcltech | 1 Bigfix Compliance | 2022-03-11 | 4.3 MEDIUM | 7.5 HIGH |
| "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it." | |||||
| CVE-2021-43590 | 1 Dell | 1 Enterprise Storage Analytics | 2022-03-11 | 3.6 LOW | 6.0 MEDIUM |
| Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-25106 | 1 Dlink | 4 Dir-859, Dir-859 A3, Dir-859 A3 Firmware and 1 more | 2022-03-11 | 7.1 HIGH | 5.5 MEDIUM |
| D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | |||||
| CVE-2022-23915 | 1 Weblate | 1 Weblate | 2022-03-11 | 6.5 MEDIUM | 8.8 HIGH |
| The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. | |||||
| CVE-2022-26484 | 1 Veritas | 1 Infoscale Operations Manager | 2022-03-11 | 6.8 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | |||||
| CVE-2022-26483 | 1 Veritas | 1 Infoscale Operations Manager | 2022-03-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). | |||||
| CVE-2022-0881 | 1 Framasoft | 1 Peertube | 2022-03-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. | |||||
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2022-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0389 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2022-03-11 | 3.5 LOW | 4.8 MEDIUM |
| The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0384 | 1 Video Conferencing With Zoom Project | 1 Video Conferencing With Zoom | 2022-03-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog | |||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection | |||||