CVE List - 2022 / March
Showing 801 - 900 of 2065 CVEs for March 2022 (Page 9 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-0938 | 2022-03-14 | Stored XSS via file upload in star7th/showdoc |
| CVE-2022-22719 | 2022-03-14 | mod_lua Use of uninitialized value of in r:parsebody |
| CVE-2022-22720 | 2022-03-14 | HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier |
| CVE-2022-22721 | 2022-03-14 | core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody |
| CVE-2022-23943 | 2022-03-14 | mod_sed: Read/write beyond bounds |
| CVE-2022-0940 | 2022-03-14 | Stored XSS due to Unrestricted File Upload in star7th/showdoc |
| CVE-2022-24387 | 2022-03-14 | File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010 |
| CVE-2022-0941 | 2022-03-14 | Stored XSS due to Unrestricted File Upload in star7th/showdoc |
| CVE-2022-0946 | 2022-03-14 | Stored XSS viva cshtm file upload in star7th/showdoc |
| CVE-2022-24575 | 2022-03-14 | GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. |
| CVE-2022-24576 | 2022-03-14 | GPAC 1.0.1 is affected by Use After Free through MP4Box. |
| CVE-2021-44964 | 2022-03-14 | Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. |
| CVE-2021-24692 | 2022-03-14 | Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal |
| CVE-2021-24895 | 2022-03-14 | Cybersoldier < 1.7.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24897 | 2022-03-14 | Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24940 | 2022-03-14 | Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting |
| CVE-2021-24950 | 2022-03-14 | Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS |
| CVE-2021-24958 | 2022-03-14 | Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-24959 | 2022-03-14 | WP Email Users <= 1.7.6 - Subscriber+ SQL Injection |
| CVE-2021-24966 | 2022-03-14 | Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing |
| CVE-2021-24982 | 2022-03-14 | Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting |
| CVE-2021-24995 | 2022-03-14 | HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24996 | 2022-03-14 | IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting |
| CVE-2021-25003 | 2022-03-14 | WPCargo < 6.9.0 - Unauthenticated RCE |
| CVE-2021-25006 | 2022-03-14 | MOLIE <= 0.5 - Reflected Cross-Site Scripting |
| CVE-2021-25007 | 2022-03-14 | MOLIE <= 0.5 - Authenticated SQL Injection |
| CVE-2021-25026 | 2022-03-14 | Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0147 | 2022-03-14 | Cookie Information < 2.0.8 - Reflected Cross-Site Scripting |
| CVE-2022-0161 | 2022-03-14 | ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting |
| CVE-2022-0165 | 2022-03-14 | Page Builder KingComposer <= 2.9.6 - Open Redirect |
| CVE-2022-0169 | 2022-03-14 | Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection |
| CVE-2022-0230 | 2022-03-14 | Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-0248 | 2022-03-14 | Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS |
| CVE-2022-0254 | 2022-03-14 | Zero Spam < 5.2.11 - Admin+ SQL Injection |
| CVE-2022-0321 | 2022-03-14 | WP Voting Contest < 3.0 - Reflected Cross-Site Scripting |
| CVE-2022-0327 | 2022-03-14 | Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting |
| CVE-2022-0399 | 2022-03-14 | Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting |
| CVE-2022-0449 | 2022-03-14 | Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting |
| CVE-2022-0478 | 2022-03-14 | Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection |
| CVE-2022-0503 | 2022-03-14 | Multisite Content Copier/Updater < 2.1.2 - Reflected Cross-Site Scripting |
| CVE-2022-0593 | 2022-03-14 | Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion |
| CVE-2022-0601 | 2022-03-14 | Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting |
| CVE-2022-0648 | 2022-03-14 | Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting |
| CVE-2022-0658 | 2022-03-14 | CommonsBooking < 2.6.8 - Unauthenticated SQL Injection |
| CVE-2022-0659 | 2022-03-14 | Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0674 | 2022-03-14 | Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0684 | 2022-03-14 | WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0700 | 2022-03-14 | Simple Theme Options < 1.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0701 | 2022-03-14 | SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0702 | 2022-03-14 | Petfinder Listings <= 1.0.18 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0703 | 2022-03-14 | GD Mylist <= 1.1.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-22734 | 2022-03-14 | Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting |
| CVE-2022-22735 | 2022-03-14 | Simple Quotation <= 1.3.2 - Subscriber+ SQL injection |
| CVE-2022-0960 | 2022-03-14 | Stored XSS viva .properties file upload in star7th/showdoc |
| CVE-2021-42171 | 2022-03-14 | Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources,... |
| CVE-2021-41952 | 2022-03-14 | Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account... |
| CVE-2022-0962 | 2022-03-14 | Stored XSS viva .webma file upload in star7th/showdoc |
| CVE-2021-39051 | 2022-03-14 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability... |
| CVE-2021-39055 | 2022-03-14 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2022-22344 | 2022-03-14 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to... |
| CVE-2022-22354 | 2022-03-14 | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris... |
| CVE-2021-38971 | 2022-03-14 | IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force... |
| CVE-2022-22346 | 2022-03-14 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that... |
| CVE-2022-22348 | 2022-03-14 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator... |
| CVE-2022-22353 | 2022-03-14 | IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking... |
| CVE-2022-21187 | 2022-03-14 | Command Injection |
| CVE-2022-26320 | 2022-03-14 | The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other... |
| CVE-2022-24733 | 2022-03-14 | Improper Restriction of Rendered UI Layers or Frames in Sylius |
| CVE-2022-24742 | 2022-03-14 | Exposure of Sensitive Information Due to Incompatible Policies in Sylius |
| CVE-2022-24743 | 2022-03-14 | Insufficient Session Expiration in Sylius |
| CVE-2022-24749 | 2022-03-14 | Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius |
| CVE-2022-24740 | 2022-03-14 | Improper Authentication in Volto |
| CVE-2021-42389 | 2022-03-14 | Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. |
| CVE-2021-42390 | 2022-03-14 | Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. |
| CVE-2021-42391 | 2022-03-14 | Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. |
| CVE-2022-24762 | 2022-03-14 | Exposure of Sensitive Information to an Unauthorized Actor in sysend.js |
| CVE-2021-45848 | 2022-03-15 | Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file... |
| CVE-2022-0944 | 2022-03-15 | Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad |
| CVE-2022-0945 | 2022-03-15 | Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc |
| CVE-2022-27193 | 2022-03-15 | CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose... |
| CVE-2022-0950 | 2022-03-15 | Unrestricted Upload of File with Dangerous Type in star7th/showdoc |
| CVE-2022-0951 | 2022-03-15 | File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc |
| CVE-2022-0894 | 2022-03-15 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-0893 | 2022-03-15 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-45010 | 2022-03-15 | A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to... |
| CVE-2022-0954 | 2022-03-15 | Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in microweber/microweber |
| CVE-2022-0956 | 2022-03-15 | Stored XSS via File Upload in star7th/showdoc |
| CVE-2022-0957 | 2022-03-15 | Stored XSS via File Upload in star7th/showdoc |
| CVE-2022-0942 | 2022-03-15 | Stored XSS due to Unrestricted File Upload in star7th/showdoc |
| CVE-2022-24721 | 2022-03-15 | Incorrect Authorization in org.cometd.oort |
| CVE-2022-0430 | 2022-03-15 | Exposure of Sensitive Information to an Unauthorized Actor in httpie/httpie |
| CVE-2022-24755 | 2022-03-15 | Incorrect Authorization in Bareos Director |
| CVE-2022-24752 | 2022-03-15 | SQL Injection through sorting parameters in SyliusGridBundle |
| CVE-2022-24756 | 2022-03-15 | Missing Release of Memory after Effective Lifetime in Bareos Director |
| CVE-2022-0961 | 2022-03-15 | The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber |
| CVE-2022-0963 | 2022-03-15 | Unrestricted XML Files Leads to Stored XSS in microweber/microweber |
| CVE-2022-0967 | 2022-03-15 | Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc |
| CVE-2022-0966 | 2022-03-15 | Stored XSS via File Upload in star7th/showdoc in star7th/showdoc |
| CVE-2022-0965 | 2022-03-15 | Stored XSS viva .ofd file upload in star7th/showdoc |
| CVE-2022-0964 | 2022-03-15 | Stored XSS viva .webmv file upload in star7th/showdoc |