CVE List - 2022 / March
Showing 201 - 300 of 2065 CVEs for March 2022 (Page 3 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-18326 | 2022-03-04 | Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to... |
| CVE-2020-18324 | 2022-03-04 | Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. |
| CVE-2020-18325 | 2022-03-04 | Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. |
| CVE-2022-0839 | 2022-03-04 | Improper Restriction of XML External Entity Reference in liquibase/liquibase |
| CVE-2021-46378 | 2022-03-04 | DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. |
| CVE-2021-46379 | 2022-03-04 | DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. |
| CVE-2021-46381 | 2022-03-04 | Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. |
| CVE-2021-46382 | 2022-03-04 | Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. |
| CVE-2022-22946 | 2022-03-04 | In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use... |
| CVE-2022-23729 | 2022-03-04 | When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. |
| CVE-2021-3743 | 2022-03-04 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to... |
| CVE-2021-3744 | 2022-03-04 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is... |
| CVE-2022-25623 | 2022-03-04 | The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. |
| CVE-2022-21828 | 2022-03-04 | A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version... |
| CVE-2021-20319 | 2022-03-04 | An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation... |
| CVE-2021-3428 | 2022-03-04 | A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent.... |
| CVE-2021-3575 | 2022-03-04 | A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions... |
| CVE-2022-23232 | 2022-03-04 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data... |
| CVE-2022-23233 | 2022-03-04 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR)... |
| CVE-2022-26318 | 2022-03-04 | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before... |
| CVE-2022-26483 | 2022-03-04 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated... |
| CVE-2022-26484 | 2022-03-04 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing... |
| CVE-2022-0855 | 2022-03-04 | Improper Resolution of Path Equivalence in microweber-dev/whmcs_plugin |
| CVE-2021-3656 | 2022-03-04 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest... |
| CVE-2021-27757 | 2022-03-04 | " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could... |
| CVE-2022-25106 | 2022-03-04 | D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. |
| CVE-2022-23915 | 2022-03-04 | Remote Code Execution (RCE) |
| CVE-2021-43590 | 2022-03-04 | Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading... |
| CVE-2021-46353 | 2022-03-04 | An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute... |
| CVE-2021-27756 | 2022-03-04 | "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later... |
| CVE-2021-32008 | 2022-03-04 | Logged-in Administrator may get unrestricted file system access |
| CVE-2021-44827 | 2022-03-04 | There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary... |
| CVE-2021-40846 | 2022-03-04 | An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious... |
| CVE-2021-46384 | 2022-03-04 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated... |
| CVE-2022-25312 | 2022-03-04 | An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor |
| CVE-2022-24921 | 2022-03-05 | regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. |
| CVE-2022-25069 | 2022-03-05 | Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. |
| CVE-2022-25044 | 2022-03-05 | Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. |
| CVE-2022-25465 | 2022-03-05 | Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. |
| CVE-2022-0849 | 2022-03-05 | Use After Free in r_reg_get_name_idx in radareorg/radare2 |
| CVE-2022-0845 | 2022-03-05 | Code Injection in pytorchlightning/pytorch-lightning |
| CVE-2022-26495 | 2022-03-06 | In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized... |
| CVE-2022-26496 | 2022-03-06 | In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted... |
| CVE-2022-26505 | 2022-03-06 | A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. |
| CVE-2022-26490 | 2022-03-06 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. |
| CVE-2021-46703 | 2022-03-06 | In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability... |
| CVE-2021-46704 | 2022-03-06 | In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input... |
| CVE-2022-0869 | 2022-03-06 | Multiple Open Redirect in nitely/spirit |
| CVE-2022-0868 | 2022-03-06 | Open Redirect in medialize/uri.js |
| CVE-2021-44748 | 2022-03-06 | Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android |
| CVE-2021-44749 | 2022-03-06 | Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android |
| CVE-2021-44421 | 2022-03-06 | The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis. |
| CVE-2022-0697 | 2022-03-06 | Open Redirect in archivy/archivy |
| CVE-2022-0755 | 2022-03-07 | Missing Authorization in salesagility/suitecrm |
| CVE-2022-0756 | 2022-03-07 | Missing Authorization in salesagility/suitecrm |
| CVE-2022-0865 | 2022-03-07 | Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with... |
| CVE-2022-26521 | 2022-03-07 | Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring... |
| CVE-2021-3733 | 2022-03-07 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression... |
| CVE-2022-0847 | 2022-03-07 | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and... |
| CVE-2021-40376 | 2022-03-07 | otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well,... |
| CVE-2021-44032 | 2022-03-07 | TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process... |
| CVE-2022-25108 | 2022-03-07 | Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. |
| CVE-2022-0767 | 2022-03-07 | Server-Side Request Forgery (SSRF) in janeczku/calibre-web |
| CVE-2022-0766 | 2022-03-07 | Server-Side Request Forgery (SSRF) in janeczku/calibre-web |
| CVE-2021-24216 | 2022-03-07 | All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE |
| CVE-2021-24777 | 2022-03-07 | Hotscot Contact Form < 1.3 - Admin+ SQL Injection |
| CVE-2021-24778 | 2022-03-07 | Tradetracker-Store < 4.6.60 - Admin+ SQL Injection |
| CVE-2021-24810 | 2022-03-07 | WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24821 | 2022-03-07 | Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24824 | 2022-03-07 | Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access |
| CVE-2021-24825 | 2022-03-07 | Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI |
| CVE-2021-24826 | 2022-03-07 | Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24952 | 2022-03-07 | Conversios.io < 4.6.2 - Subscriber+ SQL Injection |
| CVE-2021-24953 | 2022-03-07 | Advanced iFrame < 2022 - Reflected Cross-Site Scripting |
| CVE-2021-24960 | 2022-03-07 | WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG |
| CVE-2021-24961 | 2022-03-07 | WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Shortcode |
| CVE-2021-25009 | 2022-03-07 | CorreosExpress <= 2.6.0 - Sensitive Information Disclosure |
| CVE-2021-25038 | 2022-03-07 | Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting |
| CVE-2021-25039 | 2022-03-07 | Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting |
| CVE-2021-25087 | 2022-03-07 | Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure |
| CVE-2021-25098 | 2022-03-07 | Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF |
| CVE-2022-0163 | 2022-03-07 | Smart Forms < 2.6.71 - Subscriber+ Form Data Download |
| CVE-2022-0205 | 2022-03-07 | YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting |
| CVE-2022-0267 | 2022-03-07 | AdRotate < 5.8.22 - Admin+ SQL Injection |
| CVE-2022-0347 | 2022-03-07 | LoginPress < 1.5.12 - Reflected Cross-Site Scripting |
| CVE-2022-0349 | 2022-03-07 | NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection |
| CVE-2022-0384 | 2022-03-07 | Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure |
| CVE-2022-0389 | 2022-03-07 | WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0410 | 2022-03-07 | WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection |
| CVE-2022-0420 | 2022-03-07 | RegistrationMagic < 5.0.2.2 - Admin+ SQL Injection |
| CVE-2022-0422 | 2022-03-07 | White Label MS < 2.2.9 - Reflected Cross-Site Scripting |
| CVE-2022-0426 | 2022-03-07 | Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting |
| CVE-2022-0429 | 2022-03-07 | WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-0434 | 2022-03-07 | Page Views Count < 2.4.15 - Unauthenticated SQL Injection |
| CVE-2022-0439 | 2022-03-07 | Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection |
| CVE-2022-0440 | 2022-03-07 | Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution |
| CVE-2022-0441 | 2022-03-07 | MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation |
| CVE-2022-0442 | 2022-03-07 | UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override |
| CVE-2022-0445 | 2022-03-07 | WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF |
| CVE-2022-0448 | 2022-03-07 | CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting |