Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25013 | 1 Icehrm | 1 Icehrm | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php. | |||||
| CVE-2021-43619 | 1 Arm | 1 Trusted Firmware-m | 2022-03-08 | 4.6 MEDIUM | 7.8 HIGH |
| Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | |||||
| CVE-2022-25020 | 1 Pluxml | 1 Pluxml | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | |||||
| CVE-2022-25022 | 1 Htmly | 1 Htmly | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | |||||
| CVE-2022-0776 | 1 Revealjs | 1 Reveal.js | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. | |||||
| CVE-2022-0777 | 1 Microweber | 1 Microweber | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-25062 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2022-25064 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | |||||
| CVE-2022-23380 | 1 Taogogo | 1 Taocms | 2022-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | |||||
| CVE-2022-23377 | 1 Keep | 1 Archeevo | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. | |||||
| CVE-2021-44238 | 1 Ayacms Project | 1 Ayacms | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, | |||||
| CVE-2021-44132 | 1 C-data Onu4ferw Project | 2 C-data Onu4ferw, C-data Onu4ferw Firmware | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | |||||
| CVE-2021-42554 | 2 Insyde, Siemens | 31 Insydeh2o, Ruggedcom Ape1808, Ruggedcom Ape1808 Firmware and 28 more | 2022-03-08 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-44961 | 1 Slic3r | 1 Libslic3r | 2022-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. | |||||
| CVE-2022-22262 | 1 Asus | 1 Rog Live Service | 2022-03-08 | 3.6 LOW | 7.7 HIGH |
| ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | |||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2022-03-08 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | |||||
| CVE-2022-25413 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. | |||||
| CVE-2022-25412 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 5.5 MEDIUM | 8.1 HIGH |
| Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. | |||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
| CVE-2021-43086 | 1 Arm | 1 Adaptive Scalable Texture Compression Encoder | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp". | |||||