CVE List - 2022 / March
Showing 401 - 500 of 2065 CVEs for March 2022 (Page 5 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24408 | 2022-03-08 | A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands... |
| CVE-2022-24661 | 2022-03-08 | A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an... |
| CVE-2022-26313 | 2022-03-08 | A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the... |
| CVE-2022-26314 | 2022-03-08 | A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial... |
| CVE-2022-26317 | 2022-03-08 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not... |
| CVE-2022-0877 | 2022-03-08 | Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack |
| CVE-2022-24398 | 2022-03-08 | Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. |
| CVE-2022-24396 | 2022-03-08 | The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due... |
| CVE-2022-26102 | 2022-03-08 | Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any... |
| CVE-2022-26100 | 2022-03-08 | SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to... |
| CVE-2022-24395 | 2022-03-08 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. |
| CVE-2022-24399 | 2022-03-08 | The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS)... |
| CVE-2022-22547 | 2022-03-08 | Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering... |
| CVE-2022-26101 | 2022-03-08 | Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2022-26103 | 2022-03-08 | Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. |
| CVE-2022-26104 | 2022-03-08 | SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. |
| CVE-2022-24928 | 2022-03-08 | Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. |
| CVE-2022-24929 | 2022-03-08 | Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. |
| CVE-2022-24930 | 2022-03-08 | An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission |
| CVE-2022-24931 | 2022-03-08 | Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission |
| CVE-2022-24932 | 2022-03-08 | Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. |
| CVE-2022-25814 | 2022-03-08 | PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
| CVE-2022-25815 | 2022-03-08 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
| CVE-2022-25816 | 2022-03-08 | Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication |
| CVE-2022-25817 | 2022-03-08 | Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. |
| CVE-2022-25818 | 2022-03-08 | Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. |
| CVE-2022-25819 | 2022-03-08 | OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. |
| CVE-2022-25820 | 2022-03-08 | A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. |
| CVE-2022-25821 | 2022-03-08 | Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. |
| CVE-2022-25822 | 2022-03-08 | An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. |
| CVE-2022-25823 | 2022-03-08 | Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. |
| CVE-2022-25824 | 2022-03-08 | Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. |
| CVE-2022-25825 | 2022-03-08 | Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. |
| CVE-2022-25826 | 2022-03-08 | Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log |
| CVE-2022-25827 | 2022-03-08 | Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log |
| CVE-2022-25828 | 2022-03-08 | Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log |
| CVE-2022-25829 | 2022-03-08 | Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log |
| CVE-2022-25830 | 2022-03-08 | Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log |
| CVE-2021-3981 | 2022-03-08 | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This... |
| CVE-2021-4095 | 2022-03-08 | A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may... |
| CVE-2022-0516 | 2022-03-08 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to... |
| CVE-2021-3698 | 2022-03-08 | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows... |
| CVE-2022-25225 | 2022-03-08 | Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in... |
| CVE-2021-41180 | 2022-03-08 | Geolocation preview links can be set to arbitrary links in nextcloud talk |
| CVE-2021-41181 | 2022-03-08 | Nextcloud Talk app exposes chat messages on lockscreen |
| CVE-2021-41239 | 2022-03-08 | User enumeration setting not respected in Nextcloud server |
| CVE-2021-41241 | 2022-03-08 | Advanced permissions is not respected for subfolders in Nextcloud server |
| CVE-2022-24713 | 2022-03-08 | Regular expression denial of service in Rust's regex crate |
| CVE-2022-24714 | 2022-03-08 | Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2 |
| CVE-2022-24739 | 2022-03-08 | Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube |
| CVE-2022-26319 | 2022-03-08 | An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an... |
| CVE-2022-26337 | 2022-03-08 | Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file... |
| CVE-2022-24286 | 2022-03-08 | Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In... |
| CVE-2022-24285 | 2022-03-08 | Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this... |
| CVE-2021-28488 | 2022-03-08 | Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in... |
| CVE-2022-0891 | 2022-03-09 | A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file... |
| CVE-2022-0204 | 2022-03-09 | A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or... |
| CVE-2022-25943 | 2022-03-09 | The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. |
| CVE-2022-24960 | 2022-03-09 | Use after free vulnerability in PDFTron SDK |
| CVE-2022-26778 | 2022-03-09 | Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has... |
| CVE-2022-0881 | 2022-03-09 | Insecure Storage of Sensitive Information in chocobozzz/peertube |
| CVE-2022-0482 | 2022-03-09 | Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments |
| CVE-2022-0896 | 2022-03-09 | Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber |
| CVE-2021-44750 | 2022-03-09 | Arbitrary Code Execution |
| CVE-2022-24618 | 2022-03-09 | Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by... |
| CVE-2022-24600 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. |
| CVE-2022-24601 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. |
| CVE-2022-24602 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. |
| CVE-2022-24603 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. |
| CVE-2022-24604 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. |
| CVE-2022-24605 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. |
| CVE-2022-24606 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. |
| CVE-2022-24607 | 2022-03-09 | Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. |
| CVE-2022-24608 | 2022-03-09 | Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. |
| CVE-2022-24609 | 2022-03-09 | Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file. |
| CVE-2022-22795 | 2022-03-09 | Signiant - Manager+Agents XML External Entity (XXE) |
| CVE-2022-26355 | 2022-03-09 | Citrix Federated Authentication Service (FAS) |
| CVE-2022-0813 | 2022-03-09 | PhpMyAdmin exposure of sensitive information |
| CVE-2022-0507 | 2022-03-09 | Vulnerability: Authenticated SQL Injection in API |
| CVE-2022-0903 | 2022-03-09 | Stack overflow in SAML login in Mattermost |
| CVE-2022-0904 | 2022-03-09 | Stack overflow in document extractor in Mattermost |
| CVE-2022-26143 | 2022-03-09 | The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of... |
| CVE-2022-21146 | 2022-03-09 | ICSA-22-062-01 IPCOMM ipDIO |
| CVE-2022-22985 | 2022-03-09 | ICSA-22-062-01 IPCOMM ipDIO |
| CVE-2022-24915 | 2022-03-09 | ICSA-22-062-01 IPCOMM ipDIO |
| CVE-2022-24432 | 2022-03-09 | ICSA-22-062-01 IPCOMM ipDIO |
| CVE-2022-25090 | 2022-03-09 | Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. |
| CVE-2021-35251 | 2022-03-09 | Sensitive Data Disclosure Vulnerability |
| CVE-2021-36777 | 2022-03-09 | login-proxy sends password to attacker-provided domain |
| CVE-2021-20269 | 2022-03-09 | A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information... |
| CVE-2022-0433 | 2022-03-09 | A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows... |
| CVE-2022-24397 | 2022-03-09 | SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used... |
| CVE-2021-4023 | 2022-03-09 | A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new... |
| CVE-2021-42853 | 2022-03-09 | Directory Traversal Delete/Read at AgentDiagnosticServlet |
| CVE-2021-42786 | 2022-03-09 | Remote Code Execution at AgentControllerServlet |
| CVE-2021-42855 | 2022-03-09 | Local privilege escalation due to misconfigured write permission on .debug_command.config file |
| CVE-2021-42857 | 2022-03-09 | Directory Traversal Partial Write at AgentDaServlet |
| CVE-2021-42787 | 2022-03-09 | Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet |
| CVE-2021-42856 | 2022-03-09 | Reflected Cross-site Scripting at DsaDataTest |
| CVE-2021-42854 | 2022-03-09 | Directory Traversal Read/Write/Delete at PluginServlet |