Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2022-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | |||||
| CVE-2020-10632 | 1 Emerson | 1 Openenterprise Scada Server | 2022-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | |||||
| CVE-2022-0772 | 1 Librenms | 1 Librenms | 2022-03-07 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. | |||||
| CVE-2021-22479 | 1 Huawei | 1 Harmonyos | 2022-03-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | |||||
| CVE-2021-22478 | 1 Huawei | 1 Harmonyos | 2022-03-07 | 2.1 LOW | 5.5 MEDIUM |
| The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. | |||||
| CVE-2021-22441 | 1 Huawei | 1 Harmonyos | 2022-03-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | |||||
| CVE-2021-22437 | 1 Huawei | 2 Emui, Magic Ui | 2022-03-07 | 6.9 MEDIUM | 7.0 HIGH |
| There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. | |||||
| CVE-2021-22434 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2022-26159 | 1 Ametys | 1 Ametys | 2022-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. | |||||
| CVE-2020-36510 | 1 Codetipi | 1 15zine | 2022-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-25114 | 1 Event Management Project | 1 Event Management | 2022-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. | |||||
| CVE-2021-24688 | 1 Orange-form Project | 1 Orange-form | 2022-03-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) | |||||
| CVE-2021-24689 | 1 Wpeverest | 1 Contact Form | 2022-03-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack | |||||
| CVE-2021-24704 | 1 Orange-form Project | 1 Orange-form | 2022-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example | |||||
| CVE-2022-23922 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2022-03-07 | 4.4 MEDIUM | 7.8 HIGH |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | |||||
| CVE-2022-23104 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2022-03-07 | 4.4 MEDIUM | 7.8 HIGH |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | |||||
| CVE-2021-24803 | 1 Core Tweaks Wp Setup Project | 1 Core Tweaks Wp Setup | 2022-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks | |||||
| CVE-2021-24820 | 1 Bold-themes | 1 Cost Calculator | 2022-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout | |||||
| CVE-2021-24823 | 1 Schiocco | 1 Support Board | 2022-03-07 | 4.9 MEDIUM | 8.1 HIGH |
| The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files | |||||
| CVE-2021-24864 | 1 Wpscan | 1 Wp Cloudy | 2022-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue | |||||