Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-25410 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | |||||
| CVE-2022-25409 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | |||||
| CVE-2022-25408 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | |||||
| CVE-2022-25407 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | |||||
| CVE-2022-26332 | 1 Cipi | 1 Cipi | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. | |||||
| CVE-2022-25028 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | |||||
| CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||||
| CVE-2020-22845 | 1 Mikrotik | 1 Routeros | 2022-03-08 | 7.8 HIGH | 7.5 HIGH |
| A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. | |||||
| CVE-2021-44331 | 1 Arm | 1 Adaptive Scalable Texture Compression Encoder | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | |||||
| CVE-2021-44342 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494". | |||||
| CVE-2021-44339 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712". | |||||
| CVE-2021-44334 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" . | |||||
| CVE-2022-24986 | 1 Kde | 1 Kcron | 2022-03-08 | 4.6 MEDIUM | 7.8 HIGH |
| KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | |||||
| CVE-2022-26158 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-26157 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. | |||||
| CVE-2021-20325 | 1 Redhat | 1 Enterprise Linux | 2022-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd. | |||||
| CVE-2022-26156 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. | |||||
| CVE-2022-26155 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | |||||
| CVE-2022-24712 | 1 Codeigniter | 1 Codeigniter | 2022-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. | |||||