CVE List - 2022 / March
Showing 101 - 200 of 2065 CVEs for March 2022 (Page 2 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-3716 | 2022-03-02 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY... |
| CVE-2021-4076 | 2022-03-02 | A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. |
| CVE-2021-23206 | 2022-03-02 | A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. |
| CVE-2021-23191 | 2022-03-02 | A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. |
| CVE-2021-23180 | 2022-03-02 | A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. |
| CVE-2022-25114 | 2022-03-02 | Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. |
| CVE-2022-25115 | 2022-03-02 | A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. |
| CVE-2022-25393 | 2022-03-02 | Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. |
| CVE-2022-25394 | 2022-03-02 | Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. |
| CVE-2022-25395 | 2022-03-02 | Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. |
| CVE-2022-25396 | 2022-03-02 | Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. |
| CVE-2022-25398 | 2022-03-02 | Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. |
| CVE-2022-25399 | 2022-03-02 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. |
| CVE-2022-26169 | 2022-03-02 | Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. |
| CVE-2022-26170 | 2022-03-02 | Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. |
| CVE-2022-26171 | 2022-03-02 | Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. |
| CVE-2022-24722 | 2022-03-02 | Cross-site Scripting in view_component |
| CVE-2021-38266 | 2022-03-02 | The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does... |
| CVE-2021-38265 | 2022-03-02 | Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via... |
| CVE-2021-38264 | 2022-03-02 | Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search... |
| CVE-2022-25471 | 2022-03-02 | An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. |
| CVE-2021-38263 | 2022-03-02 | Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and... |
| CVE-2021-44335 | 2022-03-02 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in "/ok_png.c:533". |
| CVE-2021-38267 | 2022-03-02 | Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to... |
| CVE-2022-25089 | 2022-03-02 | Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. |
| CVE-2021-44343 | 2022-03-02 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c". |
| CVE-2021-38269 | 2022-03-02 | Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13,... |
| CVE-2022-25146 | 2022-03-02 | The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives... |
| CVE-2022-22909 | 2022-03-02 | HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New... |
| CVE-2021-26259 | 2022-03-03 | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. |
| CVE-2021-26948 | 2022-03-03 | Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. |
| CVE-2021-3638 | 2022-03-03 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest... |
| CVE-2022-0492 | 2022-03-03 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges... |
| CVE-2022-0730 | 2022-03-03 | Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. |
| CVE-2022-23648 | 2022-03-03 | Insecure handling of image volumes in containerd CRI plugin |
| CVE-2022-21716 | 2022-03-03 | Buffer Overflow in Twisted |
| CVE-2022-22947 | 2022-03-03 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A... |
| CVE-2022-26125 | 2022-03-03 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. |
| CVE-2022-26126 | 2022-03-03 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. |
| CVE-2022-24563 | 2022-03-03 | In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. |
| CVE-2022-24573 | 2022-03-03 | A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent... |
| CVE-2022-23849 | 2022-03-03 | The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. |
| CVE-2021-42950 | 2022-03-03 | Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits... |
| CVE-2022-0528 | 2022-03-03 | Server-Side Request Forgery (SSRF) in transloadit/uppy |
| CVE-2021-40635 | 2022-03-03 | OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. |
| CVE-2021-40636 | 2022-03-03 | OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. |
| CVE-2021-40637 | 2022-03-03 | OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. |
| CVE-2021-45819 | 2022-03-03 | Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| CVE-2022-25031 | 2022-03-03 | Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| CVE-2022-22706 | 2022-03-03 | Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0... |
| CVE-2021-43774 | 2022-03-03 | A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials)... |
| CVE-2022-0753 | 2022-03-03 | Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp |
| CVE-2022-0841 | 2022-03-03 | OS Command Injection in ljharb/npm-lockfile |
| CVE-2022-25138 | 2022-03-03 | Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. |
| CVE-2022-26127 | 2022-03-03 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. |
| CVE-2022-26128 | 2022-03-03 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. |
| CVE-2022-26129 | 2022-03-03 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. |
| CVE-2022-23898 | 2022-03-03 | MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. |
| CVE-2022-23899 | 2022-03-03 | MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. |
| CVE-2022-25125 | 2022-03-03 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. |
| CVE-2022-22700 | 2022-03-03 | CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can... |
| CVE-2021-3620 | 2022-03-03 | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat... |
| CVE-2021-3609 | 2022-03-03 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash... |
| CVE-2021-3602 | 2022-03-03 | An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and... |
| CVE-2022-24724 | 2022-03-03 | Integer overflow in table parsing extension leads to heap memory corruption |
| CVE-2022-24723 | 2022-03-03 | Improper Input Validation in URI.js |
| CVE-2022-24725 | 2022-03-03 | Exposure of home directory through shescape on Unix with Bash |
| CVE-2022-0265 | 2022-03-03 | Improper Restriction of XML External Entity Reference in hazelcast/hazelcast |
| CVE-2021-3762 | 2022-03-03 | A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for... |
| CVE-2021-4002 | 2022-03-03 | A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to... |
| CVE-2022-23708 | 2022-03-03 | A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with... |
| CVE-2022-23709 | 2022-03-03 | A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create... |
| CVE-2022-23710 | 2022-03-03 | A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. |
| CVE-2021-38578 | 2022-03-03 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. |
| CVE-2022-23051 | 2022-03-03 | PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. |
| CVE-2022-23052 | 2022-03-03 | PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. |
| CVE-2022-25220 | 2022-03-03 | PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. |
| CVE-2022-22943 | 2022-03-03 | VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware... |
| CVE-2021-3640 | 2022-03-03 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call... |
| CVE-2021-20300 | 2022-03-04 | A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer... |
| CVE-2021-20302 | 2022-03-04 | A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception... |
| CVE-2021-20303 | 2022-03-04 | A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to... |
| CVE-2021-23214 | 2022-03-04 | When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is... |
| CVE-2022-23397 | 2022-03-04 | The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This... |
| CVE-2022-26336 | 2022-03-04 | A carefully crafted TNEF file can cause an out of memory exception |
| CVE-2021-3737 | 2022-03-04 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make... |
| CVE-2022-0838 | 2022-03-04 | Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp |
| CVE-2022-0848 | 2022-03-04 | OS Command Injection in part-db/part-db |
| CVE-2022-23327 | 2022-03-04 | A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all... |
| CVE-2022-23328 | 2022-03-04 | A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the... |
| CVE-2022-0752 | 2022-03-04 | Cross-site Scripting (XSS) - Generic in hestiacp/hestiacp |
| CVE-2021-44321 | 2022-03-04 | Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file... |
| CVE-2021-43393 | 2022-03-04 | STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms... |
| CVE-2021-43392 | 2022-03-04 | STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and... |
| CVE-2021-46393 | 2022-03-04 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will... |
| CVE-2021-46394 | 2022-03-04 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will... |
| CVE-2022-26201 | 2022-03-04 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. |
| CVE-2022-0831 | 2022-03-04 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-0832 | 2022-03-04 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2020-18327 | 2022-03-04 | Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 |