CVE List - 2022 / March
Showing 1401 - 1500 of 2065 CVEs for March 2022 (Page 15 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-46390 | 2022-03-21 | An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely... |
| CVE-2021-38745 | 2022-03-21 | Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user... |
| CVE-2021-40662 | 2022-03-21 | A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. |
| CVE-2022-27090 | 2022-03-21 | Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. |
| CVE-2022-27333 | 2022-03-21 | idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. |
| CVE-2022-26174 | 2022-03-21 | A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. |
| CVE-2022-27607 | 2022-03-21 | Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. |
| CVE-2022-26283 | 2022-03-21 | Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via... |
| CVE-2022-26284 | 2022-03-21 | Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database... |
| CVE-2022-26285 | 2022-03-21 | Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via... |
| CVE-2022-0386 | 2022-03-21 | A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. |
| CVE-2022-0652 | 2022-03-21 | Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in... |
| CVE-2021-45810 | 2022-03-22 | GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN... |
| CVE-2022-25517 | 2022-03-22 | MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement... |
| CVE-2022-24764 | 2022-03-22 | Stack buffer overflow in pjproject |
| CVE-2022-1034 | 2022-03-22 | There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc |
| CVE-2021-45809 | 2022-03-22 | GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as... |
| CVE-2022-0667 | 2022-03-22 | Assertion failure on delayed DS lookup |
| CVE-2022-1036 | 2022-03-22 | Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber |
| CVE-2021-43650 | 2022-03-22 | WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. |
| CVE-2022-21718 | 2022-03-22 | Renderers can obtain access to random bluetooth device without permission in Electron |
| CVE-2022-24774 | 2022-03-22 | Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server |
| CVE-2022-25484 | 2022-03-22 | tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. |
| CVE-2021-41736 | 2022-03-22 | Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. |
| CVE-2022-27228 | 2022-03-22 | In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. |
| CVE-2022-26260 | 2022-03-22 | Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). |
| CVE-2022-1031 | 2022-03-22 | Use After Free in op_is_set_bp in radareorg/radare2 |
| CVE-2022-26186 | 2022-03-22 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. |
| CVE-2022-26187 | 2022-03-22 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. |
| CVE-2022-26188 | 2022-03-22 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. |
| CVE-2022-26189 | 2022-03-22 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. |
| CVE-2021-33961 | 2022-03-22 | A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. |
| CVE-2022-25518 | 2022-03-22 | In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who... |
| CVE-2021-28275 | 2022-03-23 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a... |
| CVE-2021-28276 | 2022-03-23 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. |
| CVE-2021-28277 | 2022-03-23 | A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. |
| CVE-2021-28278 | 2022-03-23 | A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. |
| CVE-2021-3618 | 2022-03-23 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access... |
| CVE-2021-4156 | 2022-03-23 | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise)... |
| CVE-2021-44226 | 2022-03-23 | Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may... |
| CVE-2022-27666 | 2022-03-23 | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel... |
| CVE-2022-1033 | 2022-03-23 | Unrestricted Upload of File with Dangerous Type in crater-invoice/crater |
| CVE-2022-0396 | 2022-03-23 | DoS from specifically crafted TCP packets |
| CVE-2021-45756 | 2022-03-23 | Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. |
| CVE-2021-45757 | 2022-03-23 | ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). |
| CVE-2022-0635 | 2022-03-23 | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. |
| CVE-2021-25220 | 2022-03-23 | DNS forwarders - cache poisoning vulnerability |
| CVE-2021-44040 | 2022-03-23 | HTTP request line fuzzing attacks |
| CVE-2021-44759 | 2022-03-23 | Improper authentication vulnerability in TLS origin verification |
| CVE-2022-0842 | 2022-03-23 | ePO blind SQL Injection vulnerability |
| CVE-2022-0857 | 2022-03-23 | ePO Reflected Cross-site scripting vulnerability |
| CVE-2022-0859 | 2022-03-23 | ePO database restoration vulnerability |
| CVE-2022-0858 | 2022-03-23 | Cross-site scripting vulnerability in ePO |
| CVE-2022-0862 | 2022-03-23 | ePO password change vulnerability |
| CVE-2022-0861 | 2022-03-23 | ePO XML extended entity vulnerability |
| CVE-2021-43735 | 2022-03-23 | CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. |
| CVE-2022-23242 | 2022-03-23 | TeamViewer Linux - Deletion command not properly executed after process crash |
| CVE-2021-43736 | 2022-03-23 | CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule |
| CVE-2021-43738 | 2022-03-23 | An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account. |
| CVE-2021-43737 | 2022-03-23 | An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password. |
| CVE-2022-22316 | 2022-03-23 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID:... |
| CVE-2021-44139 | 2022-03-23 | Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). |
| CVE-2021-46064 | 2022-03-23 | IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image. |
| CVE-2021-38278 | 2022-03-23 | Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. |
| CVE-2021-38772 | 2022-03-23 | Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. |
| CVE-2022-26243 | 2022-03-23 | Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. |
| CVE-2021-3589 | 2022-03-23 | An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from... |
| CVE-2022-25221 | 2022-03-23 | Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript... |
| CVE-2022-25222 | 2022-03-23 | Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. |
| CVE-2022-25223 | 2022-03-23 | Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. |
| CVE-2022-1030 | 2022-03-23 | Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has... |
| CVE-2022-0854 | 2022-03-23 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from... |
| CVE-2022-0996 | 2022-03-23 | A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. |
| CVE-2021-4219 | 2022-03-23 | A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash... |
| CVE-2022-24292 | 2022-03-23 | Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| CVE-2022-24291 | 2022-03-23 | Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| CVE-2022-24293 | 2022-03-23 | Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| CVE-2021-4180 | 2022-03-23 | An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible... |
| CVE-2021-27456 | 2022-03-23 | Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control |
| CVE-2022-25608 | 2022-03-23 | WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete |
| CVE-2022-25609 | 2022-03-23 | WordPress Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-27418 | 2022-03-23 | GE UR family input validation |
| CVE-2021-27420 | 2022-03-23 | GE UR family input validation |
| CVE-2021-27424 | 2022-03-23 | GE UR family exposure of sensitive information to an unauthorized actor |
| CVE-2021-27428 | 2022-03-23 | GE UR family Unrestricted Upload of File with Dangerous Type |
| CVE-2021-27430 | 2022-03-23 | GE UR family hardcoded credentials |
| CVE-2021-27426 | 2022-03-23 | GE UR family insecure default variable initialization |
| CVE-2021-27422 | 2022-03-23 | GE UR family exposure of sensitive information to an unauthorized actor |
| CVE-2021-27460 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data |
| CVE-2021-27462 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data |
| CVE-2021-27464 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre SQL Injection |
| CVE-2021-27472 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre SQL Injection |
| CVE-2021-27468 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre SQL Injection |
| CVE-2021-27474 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function |
| CVE-2021-27466 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data |
| CVE-2021-27470 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data |
| CVE-2021-27473 | 2022-03-23 | Rockwell Automation Connected Components Workbench Improper Input Validation |
| CVE-2021-27476 | 2022-03-23 | Rockwell Automation FactoryTalk AssetCentre OS Command Injection |
| CVE-2021-27471 | 2022-03-23 | Rockwell Automation Connected Components Workbench Path Traversal |
| CVE-2021-27475 | 2022-03-23 | Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data |