Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27829 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27828 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27827 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-27826 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2019-0271 | 1 Sap | 3 Advanced Business Application Programming Platform, Advanced Business Application Programming Server, Sap Kernel | 2022-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. | |||||
| CVE-2018-0387 | 3 Apple, Cisco, Microsoft | 3 Macos, Webex Teams, Windows | 2022-04-18 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. | |||||
| CVE-2022-25595 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2022-04-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | |||||
| CVE-2020-29013 | 1 Fortinet | 1 Fortisandbox | 2022-04-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | |||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2022-04-12 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | |||||
| CVE-2018-10929 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2022-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. | |||||
| CVE-2018-10926 | 4 Debian, Gluster, Opensuse and 1 more | 6 Debian Linux, Glusterfs, Leap and 3 more | 2022-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | |||||
| CVE-2021-3422 | 1 Splunk | 1 Splunk | 2022-04-11 | 4.3 MEDIUM | 7.5 HIGH |
| The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. | |||||
| CVE-2021-32970 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2022-04-11 | 7.8 HIGH | 7.5 HIGH |
| Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. | |||||
| CVE-2021-22277 | 1 Abb | 4 800xa, Base Software, Compact Product Suite and 1 more | 2022-04-11 | 7.8 HIGH | 7.5 HIGH |
| Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | |||||
| CVE-2022-22311 | 1 Ibm | 1 Security Verify Access | 2022-04-09 | 5.8 MEDIUM | 6.5 MEDIUM |
| IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. | |||||
| CVE-2021-26624 | 1 Escanav | 1 Escan Anti-virus | 2022-04-09 | 10.0 HIGH | 8.8 HIGH |
| An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. | |||||
| CVE-2022-24299 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2022-04-07 | 6.5 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. | |||||
| CVE-2017-8046 | 2 Pivotal Software, Vmware | 2 Spring Data Rest, Spring Boot | 2022-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | |||||
| CVE-2015-8538 | 1 Libdwarf Project | 1 Libdwarf | 2022-04-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | |||||
| CVE-2017-18359 | 2 Debian, Postgis | 2 Debian Linux, Postgis | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | |||||