CVE List - 2022 / March
Showing 1301 - 1400 of 2065 CVEs for March 2022 (Page 14 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-25428 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. |
| CVE-2022-25433 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. |
| CVE-2022-25434 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. |
| CVE-2022-25435 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. |
| CVE-2022-25437 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. |
| CVE-2022-25438 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. |
| CVE-2022-25439 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. |
| CVE-2022-25440 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. |
| CVE-2022-25441 | 2022-03-18 | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. |
| CVE-2022-25445 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. |
| CVE-2022-25446 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. |
| CVE-2022-25447 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. |
| CVE-2022-25448 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. |
| CVE-2022-25449 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. |
| CVE-2022-25450 | 2022-03-18 | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. |
| CVE-2022-25451 | 2022-03-18 | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. |
| CVE-2022-25452 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. |
| CVE-2022-25453 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. |
| CVE-2022-25454 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. |
| CVE-2022-25455 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. |
| CVE-2022-25456 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. |
| CVE-2022-25457 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. |
| CVE-2022-25458 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. |
| CVE-2022-25459 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. |
| CVE-2022-25461 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. |
| CVE-2022-25460 | 2022-03-18 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. |
| CVE-2022-25389 | 2022-03-18 | DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. |
| CVE-2022-25390 | 2022-03-18 | DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. |
| CVE-2022-25578 | 2022-03-18 | taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. |
| CVE-2022-25581 | 2022-03-18 | Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. |
| CVE-2022-26265 | 2022-03-18 | Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. |
| CVE-2022-26266 | 2022-03-18 | Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. |
| CVE-2022-26267 | 2022-03-18 | Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. |
| CVE-2022-27226 | 2022-03-19 | A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute... |
| CVE-2022-0991 | 2022-03-19 | Insufficient Session Expiration in admidio/admidio |
| CVE-2022-24126 | 2022-03-19 | A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than... |
| CVE-2022-25481 | 2022-03-20 | ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third... |
| CVE-2022-24125 | 2022-03-20 | The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to... |
| CVE-2021-44345 | 2022-03-20 | Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. |
| CVE-2022-25464 | 2022-03-20 | A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2022-26246 | 2022-03-20 | TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. |
| CVE-2022-26247 | 2022-03-20 | TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password. |
| CVE-2022-26555 | 2022-03-20 | A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-25462 | 2022-03-20 | Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
| CVE-2020-26007 | 2022-03-20 | An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2020-26008 | 2022-03-20 | The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2021-39383 | 2022-03-20 | DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. |
| CVE-2021-42194 | 2022-03-20 | The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external... |
| CVE-2021-39384 | 2022-03-20 | DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. |
| CVE-2022-1035 | 2022-03-21 | Segmentation Fault caused by MP4Box -lsr in gpac/gpac |
| CVE-2022-26183 | 2022-03-21 | PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing... |
| CVE-2022-26184 | 2022-03-21 | Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing... |
| CVE-2022-25505 | 2022-03-21 | Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. |
| CVE-2021-36100 | 2022-03-21 | Authenticated remote code execution |
| CVE-2022-0475 | 2022-03-21 | Possible XSS attack via translation |
| CVE-2022-1004 | 2022-03-21 | Information disclosure in the External Interface |
| CVE-2021-45876 | 2022-03-21 | Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is... |
| CVE-2021-45877 | 2022-03-21 | Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely... |
| CVE-2022-0415 | 2022-03-21 | Remote Command Execution in uploading repository file in gogs/gogs |
| CVE-2021-45878 | 2022-03-21 | Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information. |
| CVE-2022-24656 | 2022-03-21 | HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. |
| CVE-2022-25570 | 2022-03-21 | In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write... |
| CVE-2021-45117 | 2022-03-21 | The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. |
| CVE-2022-26494 | 2022-03-21 | An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an... |
| CVE-2020-24772 | 2022-03-21 | In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it... |
| CVE-2022-22394 | 2022-03-21 | The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this... |
| CVE-2022-26960 | 2022-03-21 | connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due... |
| CVE-2022-25766 | 2022-03-21 | Remote Code Execution (RCE) |
| CVE-2022-24237 | 2022-03-21 | The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
| CVE-2022-24236 | 2022-03-21 | An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts. |
| CVE-2022-24235 | 2022-03-21 | A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
| CVE-2022-24766 | 2022-03-21 | Insufficient Protection against HTTP Request Smuggling in mitmproxy |
| CVE-2022-0514 | 2022-03-21 | Business Logic Errors in crater-invoice/crater |
| CVE-2022-0515 | 2022-03-21 | Cross-Site Request Forgery (CSRF) in crater-invoice/crater |
| CVE-2021-24905 | 2022-03-21 | Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion |
| CVE-2021-25019 | 2022-03-21 | SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting |
| CVE-2022-0229 | 2022-03-21 | miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion |
| CVE-2022-0364 | 2022-03-21 | Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting |
| CVE-2022-0423 | 2022-03-21 | 3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-0590 | 2022-03-21 | BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS) |
| CVE-2022-0591 | 2022-03-21 | Formcraft3 < 3.8.28 - Unauthenticated SSRF |
| CVE-2022-0616 | 2022-03-21 | Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF |
| CVE-2022-0627 | 2022-03-21 | Amelia < 1.0.46 - Reflected Cross-Site Scripting |
| CVE-2022-0628 | 2022-03-21 | AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting |
| CVE-2022-0640 | 2022-03-21 | AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting |
| CVE-2022-0681 | 2022-03-21 | Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF |
| CVE-2022-0687 | 2022-03-21 | Amelia < 1.0.46 - Manager+ RCE |
| CVE-2022-0694 | 2022-03-21 | Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection |
| CVE-2022-0739 | 2022-03-21 | BookingPress < 1.0.11 - Unauthenticated SQL Injection |
| CVE-2022-0747 | 2022-03-21 | Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection |
| CVE-2022-0760 | 2022-03-21 | Simple Link Directory < 7.7.2 - Unauthenticated SQL injection |
| CVE-2022-24775 | 2022-03-21 | Improper Input Validation in guzzlehttp/psr7 |
| CVE-2022-23347 | 2022-03-21 | BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. |
| CVE-2022-23349 | 2022-03-21 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). |
| CVE-2022-23350 | 2022-03-21 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2022-23348 | 2022-03-21 | BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. |
| CVE-2022-23352 | 2022-03-21 | An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). |
| CVE-2022-23346 | 2022-03-21 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. |
| CVE-2022-23345 | 2022-03-21 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. |
| CVE-2022-26148 | 2022-03-21 | An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and... |