CVE List - 2022 / March
Showing 601 - 700 of 2065 CVEs for March 2022 (Page 7 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-25560 | 2022-03-09 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. |
| CVE-2022-25561 | 2022-03-09 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. |
| CVE-2022-25566 | 2022-03-09 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. |
| CVE-2021-46408 | 2022-03-09 | Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. |
| CVE-2022-24995 | 2022-03-09 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. |
| CVE-2022-0715 | 2022-03-09 | A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware.... |
| CVE-2022-22805 | 2022-03-09 | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product:... |
| CVE-2022-22806 | 2022-03-09 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT... |
| CVE-2022-24349 | 2022-03-09 | Reflected XSS in action configuration window of Zabbix Frontend |
| CVE-2022-24917 | 2022-03-09 | Reflected XSS in service configuration window of Zabbix Frontend |
| CVE-2022-24918 | 2022-03-09 | Reflected XSS in item configuration window of Zabbix Frontend |
| CVE-2022-24919 | 2022-03-09 | Reflected XSS in graph configuration window of Zabbix Frontend |
| CVE-2022-22511 | 2022-03-09 | WAGO PLCs WBM vulnerable to reflected XSS |
| CVE-2022-24732 | 2022-03-09 | Maddy Mail Server does not implement account expiry |
| CVE-2022-0618 | 2022-03-09 | A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical... |
| CVE-2021-32025 | 2022-03-09 | An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for... |
| CVE-2021-44622 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. |
| CVE-2021-44623 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface. |
| CVE-2022-24734 | 2022-03-09 | Remote code execution in mybb |
| CVE-2022-24741 | 2022-03-09 | High memory usage in Nextcloud server |
| CVE-2021-44625 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request. |
| CVE-2021-44626 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. |
| CVE-2021-44627 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. |
| CVE-2021-44628 | 2022-03-09 | A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. |
| CVE-2021-44629 | 2022-03-09 | A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. |
| CVE-2021-44630 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. |
| CVE-2021-44631 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. |
| CVE-2021-44632 | 2022-03-09 | A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. |
| CVE-2022-24748 | 2022-03-09 | Incorrect Authentication in shopware |
| CVE-2022-24747 | 2022-03-09 | HTTP caching is marking private HTTP headers as public |
| CVE-2022-24746 | 2022-03-09 | HTML injection possibility in voucher code form |
| CVE-2022-24745 | 2022-03-09 | Guest session is shared between customers in shopware |
| CVE-2022-24744 | 2022-03-09 | Insufficient Session Expiration in shopware |
| CVE-2022-24753 | 2022-03-09 | Code injection in Stripe CLI on windows |
| CVE-2021-22783 | 2022-03-09 | A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) |
| CVE-2022-24322 | 2022-03-09 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software... |
| CVE-2022-24323 | 2022-03-09 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is... |
| CVE-2022-0905 | 2022-03-10 | Missing Authorization in go-gitea/gitea |
| CVE-2022-24750 | 2022-03-10 | Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server |
| CVE-2022-0890 | 2022-03-10 | NULL Pointer Dereference in mruby/mruby |
| CVE-2022-26652 | 2022-03-10 | NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. |
| CVE-2022-26847 | 2022-03-10 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. |
| CVE-2022-26846 | 2022-03-10 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. |
| CVE-2021-38296 | 2022-03-10 | Apache Spark Key Negotiation Vulnerability |
| CVE-2022-0895 | 2022-03-10 | Static Code Injection in microweber/microweber |
| CVE-2021-32434 | 2022-03-10 | abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. |
| CVE-2021-32435 | 2022-03-10 | Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. |
| CVE-2021-32436 | 2022-03-10 | An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. |
| CVE-2021-33293 | 2022-03-10 | Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. |
| CVE-2021-34122 | 2022-03-10 | The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. |
| CVE-2022-0906 | 2022-03-10 | Unrestricted file upload leads to stored XSS in microweber/microweber |
| CVE-2022-22814 | 2022-03-10 | The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. |
| CVE-2021-44269 | 2022-03-10 | An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that... |
| CVE-2022-24651 | 2022-03-10 | sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. |
| CVE-2022-24652 | 2022-03-10 | sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. |
| CVE-2021-44673 | 2022-03-10 | A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. |
| CVE-2022-23036 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2022-23037 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2022-23038 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2022-23039 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2022-23040 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2022-23041 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2022-23042 | 2022-03-10 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device... |
| CVE-2021-38910 | 2022-03-10 | IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message,... |
| CVE-2021-39022 | 2022-03-10 | IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be... |
| CVE-2021-39025 | 2022-03-10 | IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. |
| CVE-2021-44585 | 2022-03-10 | A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. |
| CVE-2021-41233 | 2022-03-10 | Missing authorization in Nextcloud text |
| CVE-2022-24726 | 2022-03-10 | Unauthenticated control plane denial of service attack in Istio |
| CVE-2022-0815 | 2022-03-10 | McAfee WebAdvisor - Extension Fingerprinting vulnerability |
| CVE-2022-0280 | 2022-03-10 | McAfee Total Protection (MTP) - File Deletion vulnerability |
| CVE-2022-0820 | 2022-03-10 | Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore |
| CVE-2022-25506 | 2022-03-10 | FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. |
| CVE-2022-25507 | 2022-03-10 | FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. |
| CVE-2022-25508 | 2022-03-10 | An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or... |
| CVE-2022-25510 | 2022-03-10 | FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. |
| CVE-2022-25511 | 2022-03-10 | An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. |
| CVE-2022-25512 | 2022-03-10 | FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. |
| CVE-2022-0821 | 2022-03-10 | Improper Authorization in orchardcms/orchardcore |
| CVE-2021-32472 | 2022-03-11 | Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to... |
| CVE-2021-32476 | 2022-03-11 | A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8,... |
| CVE-2021-32478 | 2022-03-11 | The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8... |
| CVE-2022-0871 | 2022-03-11 | Missing Authorization in gogs/gogs |
| CVE-2022-0907 | 2022-03-11 | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources,... |
| CVE-2022-0908 | 2022-03-11 | Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF... |
| CVE-2022-0909 | 2022-03-11 | Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is... |
| CVE-2022-0924 | 2022-03-11 | Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available... |
| CVE-2022-0932 | 2022-03-11 | Missing Authorization in saleor/saleor |
| CVE-2022-21819 | 2022-03-11 | NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to... |
| CVE-2020-36518 | 2022-03-11 | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. |
| CVE-2022-0001 | 2022-03-11 | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2022-24754 | 2022-03-11 | Buffer overflow in pjsip |
| CVE-2022-0822 | 2022-03-11 | Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore |
| CVE-2022-26874 | 2022-03-11 | lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. |
| CVE-2022-26878 | 2022-03-11 | drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). |
| CVE-2018-25031 | 2022-03-11 | Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to... |
| CVE-2021-46708 | 2022-03-11 | The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site,... |
| CVE-2022-21177 | 2022-03-11 | There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions... |
| CVE-2022-21194 | 2022-03-11 | The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00... |
| CVE-2022-21808 | 2022-03-11 | Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to... |