Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25082 | 1 Totolink | 2 A950rg, A950rg Firmware | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25336 | 1 Ibexa | 1 Ez Platform Kernel | 2022-03-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | |||||
| CVE-2022-25080 | 1 Totolink | 2 A830r, A830r Firmware | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25079 | 1 Totolink | 1 A810r Firmware | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25078 | 1 Totolink | 1 A3600r Firmware | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25077 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25076 | 1 Totolink | 2 A800r, A800r Firmware | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2016-20013 | 2 Sha256crypt Project, Sha512crypt Project | 2 Sha256crypt, Sha512crypt | 2022-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. | |||||
| CVE-2022-24599 | 1 Audio File Library Project | 1 Audio File Library | 2022-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. | |||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | |||||
| CVE-2022-25402 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | |||||
| CVE-2022-25401 | 1 Cuppacms | 1 Cuppacms | 2022-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | |||||
| CVE-2022-25101 | 1 Wbce | 1 Wbce Cms | 2022-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-25099 | 1 Wbce | 1 Wbce Cms | 2022-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-20320 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2022-03-03 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. | |||||
| CVE-2021-3557 | 2 Linuxfoundation, Redhat | 2 Argo-cd, Openshift Gitops | 2022-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-24680 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-03-03 | 7.2 HIGH | 7.8 HIGH |
| A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-24679 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-03-03 | 7.2 HIGH | 7.8 HIGH |
| A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-44610 | 1 Bloofox | 1 Bloofoxcms | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php. | |||||
| CVE-2021-44608 | 1 Bloofox | 1 Bloofoxcms | 2022-03-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. | |||||