Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4219 | 1 Imagemagick | 1 Imagemagick | 2022-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | |||||
| CVE-2022-24775 | 2 Drupal, Guzzlephp | 2 Drupal, Psr-7 | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. | |||||
| CVE-2022-27228 | 1 Bitrix24 | 1 Bitrix24 | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | |||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | |||||
| CVE-2021-39701 | 1 Google | 1 Android | 2022-03-23 | 9.3 HIGH | 7.8 HIGH |
| In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 | |||||
| CVE-2022-25839 | 1 Url-js Project | 1 Url-js | 2022-03-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is. | |||||
| CVE-2019-1740 | 1 Cisco | 2 Ios, Ios Xe | 2022-03-18 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2021-38910 | 1 Ibm | 1 Datapower Gateway | 2022-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. | |||||
| CVE-2022-26100 | 1 Sap | 1 Sapcar | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. | |||||
| CVE-2022-25818 | 1 Google | 1 Android | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. | |||||
| CVE-2021-42786 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. | |||||
| CVE-2021-42787 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2021-42853 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2021-42854 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2021-42856 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. | |||||
| CVE-2021-42857 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected. | |||||
| CVE-2022-0675 | 1 Puppet | 1 Firewall | 2022-03-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. | |||||
| CVE-2021-32586 | 1 Fortinet | 1 Fortimail | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. | |||||
| CVE-2021-26617 | 2 Firstmall, Microsoft | 2 Firstmall, Windows | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | |||||
| CVE-2021-37996 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. | |||||