Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23233 | 1 Netapp | 1 Storagegrid | 2022-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. | |||||
| CVE-2022-23729 | 1 Google | 1 Android | 2022-03-11 | 6.9 MEDIUM | 7.8 HIGH |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | |||||
| CVE-2022-25623 | 1 Symantec | 1 Management Agent | 2022-03-11 | 7.2 HIGH | 7.8 HIGH |
| The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | |||||
| CVE-2020-18326 | 1 Intelliants | 1 Subrion Cms | 2022-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | |||||
| CVE-2021-46382 | 1 Netgear | 2 Wac120 Ac, Wac120 Ac Firmware | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | |||||
| CVE-2020-18325 | 1 Intelliants | 1 Subrion Cms | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | |||||
| CVE-2020-18324 | 1 Intelliants | 1 Subrion Cms | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | |||||
| CVE-2020-18327 | 1 Alfresco | 1 Alfresco | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | |||||
| CVE-2021-46704 | 1 Genieacs | 1 Genieacs | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. | |||||
| CVE-2022-0845 | 1 Pytorchlightning | 1 Pytorch Lightning | 2022-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | |||||
| CVE-2022-0849 | 1 Radare | 1 Radare2 | 2022-03-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. | |||||
| CVE-2021-23206 | 1 Htmldoc Project | 1 Htmldoc | 2022-03-10 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | |||||
| CVE-2021-23191 | 1 Htmldoc Project | 1 Htmldoc | 2022-03-10 | 6.8 MEDIUM | 7.8 HIGH |
| A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. | |||||
| CVE-2021-23180 | 1 Htmldoc Project | 1 Htmldoc | 2022-03-10 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. | |||||
| CVE-2022-25069 | 1 Marktext | 1 Marktext | 2022-03-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. | |||||
| CVE-2021-3654 | 2 Openstack, Redhat | 2 Nova, Openstack Platform | 2022-03-10 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | |||||
| CVE-2022-23849 | 1 Devolutions | 1 Password Hub | 2022-03-10 | 4.6 MEDIUM | 6.6 MEDIUM |
| The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. | |||||
| CVE-2021-27757 | 1 Hcltech | 1 Bigfix Insights | 2022-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." | |||||
| CVE-2021-42950 | 1 Zepl | 1 Zepl | 2022-03-10 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. | |||||
| CVE-2022-26333 | 2022-03-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||