Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22433 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22432 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-22431 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2020-14502 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2022-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. | |||||
| CVE-2021-22429 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-24898 | 1 Editable-table Project | 1 Editable Table | 2022-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24901 | 1 Securemoz | 1 Security Audit | 2022-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-22426 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-24903 | 1 Codeasily | 1 Grand Flagallery | 2022-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-22395 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-24913 | 1 Infornweb | 1 Logo Showcase With Slick Slider | 2022-03-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. | |||||
| CVE-2021-22394 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. | |||||
| CVE-2021-22319 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. | |||||
| CVE-2022-24594 | 1 Waline | 1 Waline | 2022-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. | |||||
| CVE-2022-25328 | 1 Google | 1 Fscrypt | 2022-03-07 | 7.2 HIGH | 7.3 HIGH |
| The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-23655 | 1 Octobercms | 1 October | 2022-03-07 | 2.6 LOW | 5.3 MEDIUM |
| Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation. | |||||
| CVE-2022-24979 | 1 Mittwald | 1 Varnishcache | 2022-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements. | |||||
| CVE-2021-24920 | 1 Statcounter | 1 Statcounter | 2022-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-25366 | 1 Cryptomator | 1 Cryptomator | 2022-03-07 | 4.6 MEDIUM | 7.8 HIGH |
| Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable. | |||||
| CVE-2022-23653 | 1 Backblaze | 1 B2 Command Line Tool | 2022-03-07 | 1.9 LOW | 4.7 MEDIUM |
| B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CONFIG_HOME/b2/account_info`, `~/.b2_account_info` or a user-defined path) when `b2 authorize-account` is first run. This happens regardless of whether a valid key is provided or not. When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory is readable by a local attacker and the user did not yet run `b2 authorize-account` then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Users that have not yet run `b2 authorize-account` should upgrade to B2 Command-Line Tool v3.2.1 before running it. Users that have run `b2 authorize-account` are safe if at the time of the file creation no other local users had read access to the local configuration file. Users that have run `b2 authorize-account` where the designated path could be opened by another local user should upgrade to B2 Command-Line Tool v3.2.1 and remove the database and regenerate all application keys. Note that `b2 clear-account` does not remove the database file and it should not be used to ensure that all open handles to the file are invalidated. If B2 Command-Line Tool cannot be upgraded to v3.2.1 due to a dependency conflict, a binary release can be used instead. Alternatively a new version could be installed within a virtualenv, or the permissions can be changed to prevent local users from opening the database file. | |||||