CVE List - 2022 / March
Showing 1 - 100 of 2065 CVEs for March 2022 (Page 1 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-26332 | 2022-03-01 | Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. |
| CVE-2022-25018 | 2022-03-01 | Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. |
| CVE-2022-25020 | 2022-03-01 | A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. |
| CVE-2022-25022 | 2022-03-01 | A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. |
| CVE-2021-42767 | 2022-03-01 | A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17,... |
| CVE-2021-42951 | 2022-03-01 | A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number... |
| CVE-2021-44961 | 2022-03-01 | A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious... |
| CVE-2021-44962 | 2022-03-01 | An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can... |
| CVE-2020-12775 | 2022-03-01 | Hicos citizen certificate client-side component - Command Injection |
| CVE-2022-22262 | 2022-03-01 | ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access |
| CVE-2022-24446 | 2022-03-01 | An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server... |
| CVE-2021-43619 | 2022-03-01 | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack... |
| CVE-2021-35036 | 2022-03-01 | A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. |
| CVE-2021-4039 | 2022-03-01 | A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. |
| CVE-2022-0776 | 2022-03-01 | Cross-site Scripting (XSS) - DOM in hakimel/reveal.js |
| CVE-2022-0777 | 2022-03-01 | Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber |
| CVE-2021-44747 | 2022-03-01 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-23377 | 2022-03-01 | Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. |
| CVE-2022-23380 | 2022-03-01 | There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. |
| CVE-2021-46387 | 2022-03-01 | ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an... |
| CVE-2021-44238 | 2022-03-01 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, |
| CVE-2022-23387 | 2022-03-01 | An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. |
| CVE-2020-4925 | 2022-03-01 | A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM... |
| CVE-2021-38955 | 2022-03-01 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the... |
| CVE-2021-38986 | 2022-03-01 | IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:... |
| CVE-2022-22321 | 2022-03-01 | IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. |
| CVE-2021-36171 | 2022-03-01 | The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the... |
| CVE-2021-36166 | 2022-03-01 | An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. |
| CVE-2021-32586 | 2022-03-01 | An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via... |
| CVE-2021-43075 | 2022-03-01 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version... |
| CVE-2022-22300 | 2022-03-01 | A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7,... |
| CVE-2021-41193 | 2022-03-01 | Use of Externally-Controlled Format String in wire-avs |
| CVE-2020-15936 | 2022-03-01 | A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via... |
| CVE-2021-43077 | 2022-03-01 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2... |
| CVE-2022-24717 | 2022-03-01 | Cross Site Scripting (XSS) in ssr-pages |
| CVE-2022-24718 | 2022-03-01 | Path Traversal in ssr-pages |
| CVE-2022-24719 | 2022-03-01 | Unauthorized forwarding of confidential headers in fluture-node |
| CVE-2022-25010 | 2022-03-01 | The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. |
| CVE-2021-41652 | 2022-03-01 | Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. |
| CVE-2022-25012 | 2022-03-01 | Argus Surveillance DVR v4.0 employs weak password encryption. |
| CVE-2021-41282 | 2022-03-01 | diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by... |
| CVE-2022-24251 | 2022-03-01 | Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. |
| CVE-2022-24252 | 2022-03-01 | An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. |
| CVE-2022-24253 | 2022-03-01 | Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. |
| CVE-2022-24254 | 2022-03-01 | An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. |
| CVE-2022-24255 | 2022-03-01 | Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. |
| CVE-2022-25050 | 2022-03-01 | rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2021-45861 | 2022-03-01 | There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. |
| CVE-2021-45864 | 2022-03-01 | tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. |
| CVE-2021-45860 | 2022-03-01 | An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2022-25051 | 2022-03-01 | An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. |
| CVE-2021-45863 | 2022-03-01 | tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. |
| CVE-2021-23192 | 2022-03-02 | A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker... |
| CVE-2021-23222 | 2022-03-02 | A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. |
| CVE-2021-3631 | 2022-03-02 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest,... |
| CVE-2021-3654 | 2022-03-02 | A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. |
| CVE-2021-3677 | 2022-03-02 | A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will.... |
| CVE-2021-3738 | 2022-03-02 | In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb... |
| CVE-2021-3772 | 2022-03-02 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses... |
| CVE-2022-0824 | 2022-03-02 | Improper Access Control to Remote Code Execution in webmin/webmin |
| CVE-2021-3667 | 2022-03-02 | An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission... |
| CVE-2022-0577 | 2022-03-02 | Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy |
| CVE-2022-22303 | 2022-03-02 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to... |
| CVE-2022-22301 | 2022-03-02 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized... |
| CVE-2021-44166 | 2022-03-02 | An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access... |
| CVE-2022-23395 | 2022-03-02 | jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). |
| CVE-2022-0829 | 2022-03-02 | Improper Authorization in webmin/webmin |
| CVE-2022-25634 | 2022-03-02 | Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. |
| CVE-2022-23779 | 2022-03-02 | Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. |
| CVE-2022-24306 | 2022-03-02 | Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. |
| CVE-2022-24305 | 2022-03-02 | Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. |
| CVE-2022-24447 | 2022-03-02 | An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates... |
| CVE-2022-0819 | 2022-03-02 | Code Injection in dolibarr/dolibarr |
| CVE-2021-38996 | 2022-03-02 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force... |
| CVE-2022-22350 | 2022-03-02 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. |
| CVE-2021-43070 | 2022-03-02 | Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve... |
| CVE-2022-25016 | 2022-03-02 | Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted... |
| CVE-2022-23878 | 2022-03-02 | seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. |
| CVE-2021-38268 | 2022-03-02 | The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and... |
| CVE-2022-23640 | 2022-03-02 | Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader |
| CVE-2022-23656 | 2022-03-02 | Cross-site scripting vulnerability in Zulip Server |
| CVE-2022-22944 | 2022-03-02 | VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject... |
| CVE-2022-25045 | 2022-03-02 | Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. |
| CVE-2022-23956 | 2022-03-02 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. |
| CVE-2022-23953 | 2022-03-02 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. |
| CVE-2022-0675 | 2022-03-02 | Puppet Firewall Module May Leave Unmanaged Rules |
| CVE-2021-45074 | 2022-03-02 | JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on... |
| CVE-2021-46270 | 2022-03-02 | JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. |
| CVE-2022-23954 | 2022-03-02 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. |
| CVE-2022-23955 | 2022-03-02 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. |
| CVE-2022-23958 | 2022-03-02 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. |
| CVE-2022-23957 | 2022-03-02 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. |
| CVE-2021-41001 | 2022-03-02 | An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba... |
| CVE-2021-41000 | 2022-03-02 | Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320... |
| CVE-2021-41002 | 2022-03-02 | Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320... |
| CVE-2021-41003 | 2022-03-02 | Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series,... |
| CVE-2022-0711 | 2022-03-02 | A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to... |
| CVE-2021-3623 | 2022-03-02 | A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile... |
| CVE-2021-3658 | 2022-03-02 | bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will... |
| CVE-2021-3715 | 2022-03-02 | A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free... |