CVE List - 2022 / March
Showing 1901 - 2000 of 2065 CVEs for March 2022 (Page 20 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24693 | 2022-03-30 | Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The... |
| CVE-2022-27816 | 2022-03-30 | SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. |
| CVE-2022-1163 | 2022-03-30 | Cross-site Scripting (XSS) - Stored in mineweb/minewebcms |
| CVE-2022-25598 | 2022-03-30 | Apache DolphinScheduler user registration is vulnerable to ReDoS attacks |
| CVE-2022-1172 | 2022-03-30 | Null Pointer Dereference Caused Segmentation Fault in gpac/gpac |
| CVE-2022-23868 | 2022-03-30 | RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. |
| CVE-2022-23869 | 2022-03-30 | In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the... |
| CVE-2022-1178 | 2022-03-30 | Stored Cross Site Scripting in openemr/openemr |
| CVE-2022-1177 | 2022-03-30 | Accounting User Can Download Patient Reports in openemr in openemr/openemr |
| CVE-2022-1181 | 2022-03-30 | Stored Cross Site Scripting in openemr/openemr |
| CVE-2022-1180 | 2022-03-30 | Reflected Cross Site Scripting in openemr/openemr |
| CVE-2022-1179 | 2022-03-30 | Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr |
| CVE-2022-24131 | 2022-03-30 | DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. |
| CVE-2022-1155 | 2022-03-30 | Old sessions are not blocked by the login enable function. in snipe/snipe-it |
| CVE-2022-25620 | 2022-03-30 | Stored Cross-Site Scripting (XSS) |
| CVE-2022-25619 | 2022-03-30 | Authenticated Command Injection to RCE |
| CVE-2022-23793 | 2022-03-30 | [20220301] - Core - Zip Slip within the Tar extractor |
| CVE-2022-23794 | 2022-03-30 | [20220302] - Core - Path Disclosure within filesystem error messages |
| CVE-2022-23795 | 2022-03-30 | [20220303] - Core - User row are not bound to a authentication mechanism |
| CVE-2022-23796 | 2022-03-30 | [20220304] - Core - Missing input validation within com_fields class inputs |
| CVE-2022-23797 | 2022-03-30 | [20220305] - Core - Inadequate filtering on the selected Ids |
| CVE-2022-23798 | 2022-03-30 | [20220306] - Core - Inadequate validation of internal URLs |
| CVE-2022-23799 | 2022-03-30 | [20220307] - Core - Variable Tampering on JInput $_REQUEST data |
| CVE-2022-23800 | 2022-03-30 | [20220308] - Core - Inadequate content filtering within the filter code |
| CVE-2022-23801 | 2022-03-30 | [20220309] - Core - XSS attack vector through SVG |
| CVE-2022-27907 | 2022-03-30 | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. |
| CVE-2021-3456 | 2022-03-30 | An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This... |
| CVE-2022-23136 | 2022-03-30 | There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user... |
| CVE-2021-1000 | 2022-03-30 | In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-1033 | 2022-03-30 | In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-39739 | 2022-03-30 | In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2021-39740 | 2022-03-30 | In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-39741 | 2022-03-30 | In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-39742 | 2022-03-30 | In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-39743 | 2022-03-30 | In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2021-39744 | 2022-03-30 | In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39745 | 2022-03-30 | In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39746 | 2022-03-30 | In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2021-39747 | 2022-03-30 | In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional... |
| CVE-2021-39748 | 2022-03-30 | In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution... |
| CVE-2021-39749 | 2022-03-30 | In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2021-39750 | 2022-03-30 | In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2021-39751 | 2022-03-30 | In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no... |
| CVE-2021-39752 | 2022-03-30 | In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-39753 | 2022-03-30 | In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution... |
| CVE-2021-39755 | 2022-03-30 | In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local... |
| CVE-2021-39756 | 2022-03-30 | In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39757 | 2022-03-30 | In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2021-39758 | 2022-03-30 | In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2021-39759 | 2022-03-30 | In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-39760 | 2022-03-30 | In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39761 | 2022-03-30 | In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39762 | 2022-03-30 | In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-39763 | 2022-03-30 | In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39764 | 2022-03-30 | In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with... |
| CVE-2021-39765 | 2022-03-30 | In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2021-39766 | 2022-03-30 | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39767 | 2022-03-30 | In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with... |
| CVE-2021-39768 | 2022-03-30 | In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of... |
| CVE-2021-39769 | 2022-03-30 | In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information... |
| CVE-2021-39770 | 2022-03-30 | In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-39771 | 2022-03-30 | In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege... |
| CVE-2021-39772 | 2022-03-30 | In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2021-39773 | 2022-03-30 | In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-39774 | 2022-03-30 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2021-39775 | 2022-03-30 | In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2021-39776 | 2022-03-30 | In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is... |
| CVE-2021-39777 | 2022-03-30 | In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure... |
| CVE-2021-39778 | 2022-03-30 | In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with... |
| CVE-2021-39779 | 2022-03-30 | In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction... |
| CVE-2021-39780 | 2022-03-30 | In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2021-39781 | 2022-03-30 | In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed.... |
| CVE-2021-39782 | 2022-03-30 | In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2021-39783 | 2022-03-30 | In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-39784 | 2022-03-30 | In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39786 | 2022-03-30 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-39787 | 2022-03-30 | In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2021-39788 | 2022-03-30 | In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead... |
| CVE-2021-39789 | 2022-03-30 | In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-39790 | 2022-03-30 | In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-39791 | 2022-03-30 | In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20002 | 2022-03-30 | In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2021-39754 | 2022-03-30 | In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-22996 | 2022-03-30 | SanDisk Professional G-RAID 4/8 Software Utility, Privilege Escalation |
| CVE-2021-23850 | 2022-03-30 | Buffer Overflow vulnerability in the recovery image telnet server |
| CVE-2021-23851 | 2022-03-30 | Buffer Overflow vulnerability in the recovery image web-based interface |
| CVE-2022-0998 | 2022-03-30 | An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to... |
| CVE-2021-44310 | 2022-03-30 | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation... |
| CVE-2021-44312 | 2022-03-30 | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. |
| CVE-2022-22772 | 2022-03-30 | TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability |
| CVE-2022-24132 | 2022-03-30 | phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. |
| CVE-2022-27772 | 2022-03-30 | spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer... |
| CVE-2022-28223 | 2022-03-30 | Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. |
| CVE-2022-24135 | 2022-03-30 | QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. |
| CVE-2021-45031 | 2022-03-30 | Weak Authentication in Login Function of USC+ |
| CVE-2019-12266 | 2022-03-30 | Stack buffer overflow in Wyze Cam Pan v2, Cam v2 and Cam v3 |
| CVE-2019-9564 | 2022-03-30 | Authentication bypass in Wyze Cam Pan v2, Cam v2 and Cam v3 |
| CVE-2021-40644 | 2022-03-30 | An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. |
| CVE-2021-40645 | 2022-03-30 | An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. |
| CVE-2021-43142 | 2022-03-30 | An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. |