Vulnerability Summary for the Week of February 7, 2022

02/14/2022 09:03 AM EST
Original release date: February 14, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
[gwa]_autoresponder_project — [gwa]_autoresponder Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. 2022-02-04 7.5 CVE-2021-44779
CONFIRM
CONFIRM
advantech — adam-3600_firmware The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. 2022-02-04 7.5 CVE-2022-22987
CONFIRM
apache — gobblin Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 2022-02-04 7.5 CVE-2021-36152
MISC
debian — perm perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) 2022-02-05 7.5 CVE-2021-38172
MISC
MISC
MISC
CONFIRM
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. 2022-02-04 7.5 CVE-2021-46227
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. 2022-02-04 7.5 CVE-2021-46229
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. 2022-02-04 7.5 CVE-2021-46233
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. 2022-02-04 7.5 CVE-2021-46232
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. 2022-02-04 7.5 CVE-2021-46231
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. 2022-02-04 7.5 CVE-2021-46226
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. 2022-02-04 7.5 CVE-2021-46230
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. 2022-02-04 7.5 CVE-2021-46228
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. 2022-02-04 7.5 CVE-2021-46455
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. 2022-02-04 7.5 CVE-2021-46452
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. 2022-02-04 7.5 CVE-2021-46457
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. 2022-02-04 7.5 CVE-2021-46456
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. 2022-02-04 7.5 CVE-2021-46453
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. 2022-02-04 7.5 CVE-2021-46454
MISC
MISC
dlink — dir-878_firmware D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 10 CVE-2021-44880
MISC
MISC
dlink — dir-878_firmware D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 10 CVE-2021-44882
MISC
MISC
dlink — dir-882_firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 7.5 CVE-2021-45998
MISC
MISC
dlink — dir-882_firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 10 CVE-2021-44881
MISC
MISC
emlog — emlog Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). 2022-02-04 7.5 CVE-2022-23379
MISC
eset — endpoint_antivirus ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITYSYSTEM. 2022-02-09 7.2 CVE-2021-37852
MISC
MISC
gitea — gitea Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code. 2022-02-08 7.5 CVE-2021-45327
MISC
MISC
MISC
MISC
globalnorthstar — northstar_club_management Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. 2022-02-04 7.5 CVE-2021-29396
MISC
MISC
globalnorthstar — northstar_club_management Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled “command” and “commandvalues” parameters. 2022-02-04 10 CVE-2021-29393
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 7.5 CVE-2022-23587
MISC
MISC
CONFIRM
hyphp — hybbs2 Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. 2022-02-09 7.5 CVE-2022-24677
MISC
idreamsoft — icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. 2022-02-04 7.5 CVE-2021-44978
MISC
MISC
itunesrpc-remastered_project — itunesrpc-remastered iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade. 2022-02-04 7.5 CVE-2022-23611
CONFIRM
MISC
joplin_project — joplin Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. 2022-02-08 7.5 CVE-2022-23340
MISC
korenix — jetwave_2212s_firmware Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. 2022-02-06 9 CVE-2021-39280
MISC
MISC
linux — linux_kernel A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. 2022-02-04 7.2 CVE-2021-4154
MISC
MISC
mruby — mruby NULL Pointer Dereference in Homebrew mruby prior to 3.2. 2022-02-04 7.8 CVE-2022-0481
CONFIRM
MISC
nats — nats_server NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the “dynamically provisioned sandbox accounts” feature. 2022-02-08 9 CVE-2022-24450
MISC
CONFIRM
neutrinolabs — xrdp xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds. 2022-02-07 7.2 CVE-2022-23613
MISC
CONFIRM
putil-merge_project — putil-merge This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 2022-02-04 7.5 CVE-2021-23470
CONFIRM
CONFIRM
radare — radare2 Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. 2022-02-08 7.5 CVE-2022-0139
MISC
CONFIRM
riconmobile — s9922l_firmware The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. 2022-02-04 10 CVE-2022-0365
CONFIRM
sap — content_server SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. 2022-02-09 10 CVE-2022-22536
MISC
MISC
sap — netweaver_application_server_java In SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim’s logon session. 2022-02-09 7.5 CVE-2022-22532
MISC
MISC
schneider-electric — easergy_p3_firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205) 2022-02-04 8.3 CVE-2022-22725
MISC
schneider-electric — easergy_p5_firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 2022-02-04 8.3 CVE-2022-22723
MISC
schneider-electric — ecostruxure_power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 9.3 CVE-2022-22727
MISC
sealevel — seaconnect_370w_firmware A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 7.5 CVE-2021-21960
MISC
sealevel — seaconnect_370w_firmware A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 7.5 CVE-2021-21961
MISC
sealevel — seaconnect_370w_firmware A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 7.1 CVE-2021-21964
MISC
servisnet — tessa An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. 2022-02-06 10 CVE-2022-22832
MISC
MISC
MISC
MISC
servisnet — tessa An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. 2022-02-06 7.5 CVE-2022-22831
MISC
MISC
MISC
MISC
set_project — set This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 2022-02-04 7.5 CVE-2021-23497
CONFIRM
CONFIRM
CONFIRM
silabs — zgm130s037hgn_firmware Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. 2022-02-04 7.9 CVE-2013-20003
MISC
MISC
MISC
skratchdot — object-path-set The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 2022-02-04 7.5 CVE-2021-23507
CONFIRM
CONFIRM
CONFIRM
CONFIRM
starwindsoftware — iscsi_san StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. 2022-02-06 7.5 CVE-2013-20004
MISC
starwindsoftware — nas StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command. 2022-02-06 10 CVE-2022-24552
MISC
starwindsoftware — nas StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users’ passwords. 2022-02-06 9 CVE-2022-24551
MISC
strangerstudios — paid_memberships_pro The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection 2022-02-07 7.5 CVE-2021-25114
MISC
MISC
symfony — twig Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. 2022-02-04 7.5 CVE-2022-23614
MISC
MISC
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
synology — diskstation_manager Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. 2022-02-07 7.5 CVE-2021-43925
CONFIRM
synology — diskstation_manager Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. 2022-02-07 7.5 CVE-2021-43926
CONFIRM
synology — diskstation_manager Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. 2022-02-07 7.5 CVE-2021-43927
CONFIRM
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters. 2022-02-04 7.5 CVE-2022-24144
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24152
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. 2022-02-04 7.5 CVE-2022-24148
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter. 2022-02-04 7.5 CVE-2022-24150
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. 2022-02-04 7.8 CVE-2022-24142
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. 2022-02-04 7.8 CVE-2022-24145
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24146
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. 2022-02-04 7.8 CVE-2022-24147
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. 2022-02-04 7.8 CVE-2022-24149
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. 2022-02-04 7.8 CVE-2022-24151
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 2022-02-04 7.8 CVE-2022-24143
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. 2022-02-04 7.8 CVE-2022-24153
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. 2022-02-04 7.8 CVE-2022-24157
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. 2022-02-04 7.8 CVE-2022-24160
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24158
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter. 2022-02-04 7.8 CVE-2022-24161
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-02-04 7.8 CVE-2022-24162
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter. 2022-02-04 7.8 CVE-2022-24154
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters. 2022-02-04 7.8 CVE-2022-24159
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24156
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 2022-02-04 7.8 CVE-2022-24163
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. 2022-02-04 7.8 CVE-2022-24155
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. 2022-02-04 7.5 CVE-2022-24171
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. 2022-02-04 7.5 CVE-2022-24168
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. 2022-02-04 7.5 CVE-2022-24167
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter. 2022-02-04 7.5 CVE-2022-24165
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter. 2022-02-04 7.8 CVE-2022-24164
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter. 2022-02-04 7.8 CVE-2022-24166
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. 2022-02-04 7.5 CVE-2022-24170
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. 2022-02-04 7.8 CVE-2021-45988
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. 2022-02-04 7.8 CVE-2021-45989
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters. 2022-02-04 7.8 CVE-2021-45995
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. 2022-02-04 7.5 CVE-2021-45990
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. 2022-02-04 7.5 CVE-2021-45987
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. 2022-02-04 7.5 CVE-2021-45986
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter. 2022-02-04 7.8 CVE-2022-24172
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-02-04 7.8 CVE-2021-45997
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-02-04 7.8 CVE-2021-45996
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter. 2022-02-04 7.8 CVE-2021-45994
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters. 2022-02-04 7.8 CVE-2021-45993
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter. 2022-02-04 7.8 CVE-2021-45992
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter. 2022-02-04 7.8 CVE-2021-45991
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter. 2022-02-04 7.8 CVE-2022-24169
MISC
totolink — a720r_firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. 2022-02-04 7.8 CVE-2021-44246
MISC
totolink — a720r_firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. 2022-02-04 7.5 CVE-2021-44247
MISC
ujcms — jspxcms A vulnerability in ${“freemarker.template.utility.Execute”?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. 2022-02-04 7.5 CVE-2022-23329
MISC
voipmonitor — voipmonitor An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. 2022-02-04 7.5 CVE-2022-24259
MISC
voipmonitor — voipmonitor A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. 2022-02-04 10 CVE-2022-24260
MISC
zephyrproject — zephyr The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj 2022-02-07 7.2 CVE-2021-3861
N/A

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — opc_server_for_ac_800m Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. 2022-02-04 6.5 CVE-2021-22284
MISC
abb — pni800_firmware Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 5 CVE-2021-22286
MISC
abb — pni800_firmware Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 5 CVE-2021-22285
MISC
abb — pni800_firmware Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 5 CVE-2021-22288
MISC
acronis — agent Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.6 CVE-2022-24113
MISC
acronis — true_image Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.6 CVE-2021-44204
MISC
acronis — true_image Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.4 CVE-2021-44206
MISC
acronis — true_image Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.4 CVE-2021-44205
MISC
acronis — true_image Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 2022-02-04 4.6 CVE-2022-24115
MISC
acronis — true_image Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 2022-02-04 4.4 CVE-2022-24114
MISC
amd — radeon_pro_software AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. 2022-02-04 4.4 CVE-2020-12891
MISC
amd — ryzen_pro_5650g_firmware When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. 2022-02-04 5 CVE-2020-12965
MISC
apache — activemq_artemis In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. 2022-02-04 5 CVE-2022-23913
MISC
apache — traffic_control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. 2022-02-06 5 CVE-2022-23206
MISC
arangodb — arangodb In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost. 2022-02-09 4 CVE-2021-25939
MISC
MISC
MISC
arista — eos The impact of this vulnerability is that Arista’s EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. 2022-02-04 6.8 CVE-2021-28503
MISC
atftp_project — atftp options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. 2022-02-04 5 CVE-2021-46671
MISC
MISC
beanstalk_console_project — beanstalk_console Cross-site Scripting (XSS) – Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. 2022-02-05 4.3 CVE-2022-0501
MISC
CONFIRM
blog_project — blog m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-02-08 6.5 CVE-2022-23626
CONFIRM
MISC
bracketspace — advanced_cron_manager The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress plugin before 2.5.3 does not have authorisation checks in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example 2022-02-07 4 CVE-2021-25084
MISC
broadcom — ca_harvest_software_change_manager CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. 2022-02-04 6.5 CVE-2022-22689
MISC
chatwoot — chatwoot Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. 2022-02-09 4.3 CVE-2022-0527
MISC
CONFIRM
chatwoot — chatwoot Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. 2022-02-09 4 CVE-2021-3813
MISC
CONFIRM
chatwoot — chatwoot Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. 2022-02-09 4.3 CVE-2022-0526
CONFIRM
MISC
codemiq — wordpress_email_template_designer The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. 2022-02-04 4.3 CVE-2022-0218
MISC
MISC
codex_project — codex A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. 2022-02-04 4.3 CVE-2021-43635
MISC
MISC
MISC
dataease_project — dataease In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. 2022-02-08 6.5 CVE-2022-23331
MISC
dounokouno — transmitmail Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 2022-02-08 4.3 CVE-2022-22146
MISC
MISC
dounokouno — transmitmail Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. 2022-02-08 5 CVE-2022-21193
MISC
MISC
econosys-system — php_mailform Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 2022-02-08 4.3 CVE-2022-22142
MISC
MISC
econosys-system — php_mailform Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 2022-02-08 4.3 CVE-2022-21805
MISC
MISC
embed_swagger_project — embed_swagger The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. 2022-02-04 4.3 CVE-2022-0381
MISC
MISC
MISC
etoilewebdesign — ultimate_product_catalog The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin’s settings for example 2022-02-07 4 CVE-2021-24993
CONFIRM
MISC
f-secure — atlant A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2022-02-09 5 CVE-2021-40837
MISC
MISC
ffjpeg_project — ffjpeg Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. 2022-02-08 4.3 CVE-2021-44956
MISC
ffjpeg_project — ffjpeg Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. 2022-02-08 4.3 CVE-2021-44957
MISC
filebrowser — filebrowser A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. 2022-02-04 6.8 CVE-2021-46398
MISC
MISC
MISC
MISC
MISC
fisco-bcos — fisco-bcos FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. 2022-02-07 5 CVE-2021-46359
MISC
follow-redirects_project — follow-redirects Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8. 2022-02-09 4.3 CVE-2022-0536
CONFIRM
MISC
fotobook_project — fotobook The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER[‘PHP_SELF’] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. 2022-02-04 4.3 CVE-2022-0380
MISC
MISC
foxit — pdf_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-02-04 6.8 CVE-2021-40420
MISC
foxit — pdf_reader A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-02-04 6.8 CVE-2022-22150
MISC
frourio — frourio Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. 2022-02-07 6.5 CVE-2022-23623
CONFIRM
MISC
frourio — frourio-express Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. 2022-02-07 6.5 CVE-2022-23624
MISC
CONFIRM
gerbv_project — gerbv A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 6.8 CVE-2021-40401
MISC
gerbv_project — gerbv An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 4.3 CVE-2021-40403
MISC
gitea — gitea Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (‘Open Redirect’) via internal URLs. 2022-02-08 5.8 CVE-2021-45328
MISC
MISC
gitea — gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. 2022-02-08 5 CVE-2021-45325
MISC
MISC
gitea — gitea Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. 2022-02-08 4.3 CVE-2021-45329
MISC
MISC
gitea — gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. 2022-02-08 6.8 CVE-2021-45326
MISC
MISC
MISC
globalnorthstar — northstar_club_management Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. 2022-02-04 5 CVE-2021-29395
MISC
MISC
globalnorthstar — northstar_club_management Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. 2022-02-04 5 CVE-2021-29397
MISC
MISC
globalnorthstar — northstar_club_management Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled “userID” parameter of the HTTP POST request. 2022-02-04 4 CVE-2021-29394
MISC
MISC
globalnorthstar — northstar_club_management Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. 2022-02-04 5 CVE-2021-29398
MISC
MISC
google — android In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05850708; Issue ID: ALPS05850708. 2022-02-09 4.6 CVE-2022-20031
MISC
google — android In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793. 2022-02-09 4.6 CVE-2022-20030
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID: ALPS06198663. 2022-02-09 4.6 CVE-2022-20028
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. 2022-02-09 4.6 CVE-2022-20025
MISC
google — android In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806. 2022-02-09 4.6 CVE-2022-20034
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. 2022-02-09 4.6 CVE-2022-20026
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826. 2022-02-09 4.6 CVE-2022-20027
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23591
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23570
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23571
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23572
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23575
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23576
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23579
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23580
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23581
CONFIRM
MISC
MISC
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23577
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 2022-02-04 5 CVE-2022-23593
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23564
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23578
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23582
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don’t match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23583
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23584
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(…, &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23585
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23586
MISC
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23588
MISC
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23589
CONFIRM
MISC
MISC
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23595
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23565
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. 2022-02-04 5 CVE-2022-23590
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23561
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. 2022-02-04 6.5 CVE-2022-23560
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23557
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. TensorFlow’s type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 2022-02-04 5.5 CVE-2022-23592
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow’s `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23574
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23573
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23566
CONFIRM
MISC
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23562
MISC
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23558
MISC
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. 2022-02-04 6.5 CVE-2022-23559
MISC
CONFIRM
MISC
MISC
MISC
gpac — gpac A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. 2022-02-04 4.3 CVE-2022-24249
MISC
gpac — gpac NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. 2022-02-04 4.3 CVE-2021-4043
CONFIRM
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-02-08 6.8 CVE-2022-21703
MISC
MISC
CONFIRM
high_resolution_streaming_image_server_project — high_resolution_streaming_image_server IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. 2022-02-07 5 CVE-2021-46389
MISC
MISC
hpe — agentless_management A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. 2022-02-04 4.6 CVE-2021-29218
MISC
hpe — flexnetwork_5130_jg932a_firmware A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. 2022-02-04 4.6 CVE-2021-29219
MISC
hyphp — hybbs2 update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. 2022-02-09 6.5 CVE-2022-24676
MISC
ibm — power_system_ac922_(8335-gtx)_firmware IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. 2022-02-04 5 CVE-2021-38960
XF
CONFIRM
idreamsoft — icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. 2022-02-04 5 CVE-2021-44977
MISC
ip2location — country_blocker The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. 2022-02-07 4.3 CVE-2021-25108
CONFIRM
MISC
ip2location — country_blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL 2022-02-07 6.4 CVE-2021-25096
CONFIRM
MISC
ip2location — country_blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. 2022-02-07 5.5 CVE-2021-25095
CONFIRM
MISC
itunesrpc-remastered_project — itunesrpc-remastered iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible. 2022-02-04 6.4 CVE-2022-23609
CONFIRM
MISC
jenkins — jenkins Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. 2022-02-09 5 CVE-2022-0538
CONFIRM
MLIST
jpress — jpress A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. 2022-02-04 6.5 CVE-2022-23330
MISC
karma_project — karma Cross-site Scripting (XSS) – DOM in NPM karma prior to 6.3.14. 2022-02-05 4.3 CVE-2022-0437
CONFIRM
MISC
kicad — kicad_eda A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 6.8 CVE-2022-23947
MISC
kicad — kicad_eda A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 6.8 CVE-2022-23946
MISC
linuxfoundation — argo-cd Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. 2022-02-04 4 CVE-2022-24348
MISC
CONFIRM
mahara — mahara In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) 2022-02-09 4 CVE-2022-24694
MISC
MISC
microfocus — voltage_securemail A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. 2022-02-04 4 CVE-2021-38130
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Tampering Vulnerability. 2022-02-07 5 CVE-2022-23261
N/A
microsoft — edge_chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. 2022-02-07 4.4 CVE-2022-23263
N/A
microsoft — edge_chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. 2022-02-07 6.8 CVE-2022-23262
N/A
microweber — microweber Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. 2022-02-08 4.3 CVE-2022-0505
MISC
CONFIRM
microweber — microweber Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. 2022-02-08 4 CVE-2022-0504
MISC
CONFIRM
mirantis — container_cloud_lens_extension Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. 2022-02-04 6.8 CVE-2022-0484
MISC
mongodb — mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. 2022-02-04 5.5 CVE-2021-32036
MISC
mruby — mruby Out-of-bounds Read in Homebrew mruby prior to 3.2. 2022-02-09 6.4 CVE-2022-0525
CONFIRM
MISC
msi — app_player Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44900
MISC
MISC
msi — center Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44899
MISC
MISC
msi — center_pro Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44903
MISC
MISC
msi — dragon_center Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44901
MISC
MISC
nvidia — gpu_display_driver NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. 2022-02-07 4.9 CVE-2022-21815
CONFIRM
nvidia — virtual_gpu NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. 2022-02-07 4.9 CVE-2022-21816
CONFIRM
MISC
ocproducts — composr Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. 2022-02-09 6.5 CVE-2021-46360
MISC
octopus — octopus_deploy In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. 2022-02-07 5.8 CVE-2022-23184
MISC
openzeppelin — openzeppelin In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution. 2022-02-04 5 CVE-2021-46320
MISC
publify_project — publify Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. 2022-02-08 5 CVE-2022-0524
MISC
CONFIRM
quickbox — quickbox QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at “adminuseredit.php?usertoedit=XSS”, as the user supplied input for the value of this parameter is not properly sanitized. 2022-02-07 4.3 CVE-2021-45281
MISC
radare — radare2 Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 6.8 CVE-2022-0523
MISC
CONFIRM
radare — radare2 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0518
MISC
CONFIRM
radare — radare2 Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0519
MISC
CONFIRM
radare — radare2 Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0521
MISC
CONFIRM
radare — radare2 Use After Free in NPM radare2.js prior to 5.6.2. 2022-02-08 6.8 CVE-2022-0520
MISC
CONFIRM
radare — radare2 Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0522
CONFIRM
MISC
rearrange_woocommerce_products_project — rearrange_woocommerce_products The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post. 2022-02-07 4 CVE-2021-24928
MISC
sap — netweaver_application_server_java Due to improper error handling in SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. 2022-02-09 5 CVE-2022-22533
MISC
MISC
schneider-electric — bmxp342020_firmware A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) 2022-02-04 6.8 CVE-2020-7534
MISC
schneider-electric — easergy_p5_firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 2022-02-04 5.4 CVE-2022-22722
MISC
schneider-electric — ecostruxure_power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 4 CVE-2022-22726
MISC
sealevel — seaconnect_370w_firmware An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 4.3 CVE-2021-21971
MISC
MISC
sealevel — seaconnect_370w_firmware An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 2022-02-04 6.8 CVE-2021-21969
MISC
sealevel — seaconnect_370w_firmware An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 4.3 CVE-2021-21963
MISC
sealevel — seaconnect_370w_firmware A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. 2022-02-04 6.8 CVE-2021-21959
MISC
sealevel — seaconnect_370w_firmware A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 6.4 CVE-2021-21965
MISC
sealevel — seaconnect_370w_firmware A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 5.8 CVE-2021-21968
MISC
sealevel — seaconnect_370w_firmware An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 2022-02-04 6.8 CVE-2021-21970
MISC
sealevel — seaconnect_370w_firmware A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. 2022-02-04 6.8 CVE-2021-21962
MISC
seeddms — seeddms Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the “referuri” parameter. 2022-02-04 5.8 CVE-2021-45408
MISC
servisnet — tessa An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. 2022-02-06 5 CVE-2022-22833
MISC
MISC
MISC
MISC
seur_oficial_project — seur_oficial The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. 2022-02-07 4 CVE-2021-25004
MISC
shibboleth — oidc_op The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. 2022-02-04 6.4 CVE-2022-24129
MISC
MISC
CONFIRM
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593) 2022-02-09 6.8 CVE-2021-46155
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602) 2022-02-09 6.8 CVE-2021-46158
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050) 2022-02-09 6.8 CVE-2021-46159
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286) 2022-02-09 6.8 CVE-2021-46160
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684) 2022-02-09 6.8 CVE-2021-46156
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302) 2022-02-09 6.8 CVE-2021-46161
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304) 2022-02-09 6.8 CVE-2021-46154
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757) 2022-02-09 6.8 CVE-2021-46157
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599) 2022-02-09 6.8 CVE-2021-46153
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) 2022-02-09 6.8 CVE-2021-46152
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082) 2022-02-09 6.8 CVE-2021-46151
MISC
MISC
MISC
silabs — zgm130s037hgn_firmware The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. 2022-02-04 4.8 CVE-2018-25029
CONFIRM
MISC
silverstripe — silverstripe Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1. 2022-02-04 4 CVE-2022-0227
CONFIRM
MISC
starwindsoftware — iscsi_san StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion. 2022-02-06 5 CVE-2007-20001
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue 2022-02-07 4.3 CVE-2021-24878
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. 2022-02-07 4.3 CVE-2021-24843
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it. 2022-02-07 6.8 CVE-2021-24879
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well. 2022-02-07 4.3 CVE-2021-24839
MISC
synology — diskstation_manager Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. 2022-02-07 5 CVE-2022-22680
CONFIRM
synology — diskstation_manager Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. 2022-02-07 4 CVE-2022-22679
CONFIRM
synology — diskstation_manager Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2022-02-07 4 CVE-2021-43929
CONFIRM
synology — mail_station Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in mail sending and receiving component in Synology Mail Station before 7.0.1-42218-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2022-02-07 6.5 CVE-2021-43928
CONFIRM
MISC
taogogo — taocms An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. 2022-02-04 4 CVE-2022-23316
MISC
taogogo — taocms In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. 2022-02-04 4 CVE-2021-44983
MISC
thinkupthemes — responsive_vector_maps The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server 2022-02-07 4 CVE-2021-24947
MISC
tp-link — wn886n_firmware TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. 2022-02-08 4 CVE-2021-44864
MISC
twistedmatrix — twisted twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. 2022-02-07 5 CVE-2022-21712
MISC
MISC
CONFIRM
virustotal — yara A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. 2022-02-04 4.3 CVE-2021-45429
MISC
visser — store_exporter_for_woocommerce The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. 2022-02-07 4.3 CVE-2022-0149
CONFIRM
MISC
visser — store_toolkit_for_woocommerce The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting 2022-02-07 4.3 CVE-2021-25077
MISC
CONFIRM
vmware — cloud_foundation VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. 2022-02-04 4 CVE-2022-22939
MISC
voipmonitor — voipmonitor The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. 2022-02-04 6.8 CVE-2022-24262
MISC
xwiki — xwiki ### Impact It’s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it’s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: – a first one to fix the CSRF problem – a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It’s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsern… In version after 13.x it’s also possible to edit manually the forgotusername.vm file, but it’s really encouraged to upgrade the version here. ### References * jira.xwiki.org/browse/XWIKI-18384 * jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org) 2022-02-04 4.3 CVE-2021-32732
MISC
MISC
CONFIRM
MISC
MISC
yet_another_stars_rating_project — yet_another_stars_rating Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter ‘source’. 2022-02-04 4.3 CVE-2022-23980
CONFIRM
CONFIRM
zammad — zammad In Zammad 5.0.2, agents can configure “out of office” periods and substitute persons. If the substitute persons didn’t have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. 2022-02-04 5 CVE-2021-44886
MISC
zammad — zammad With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. 2022-02-04 5.5 CVE-2021-43145
MISC
zephyrproject — zephyr Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf 2022-02-07 5.8 CVE-2021-3835
N/A
zimbra — collaboration An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. 2022-02-09 4.3 CVE-2022-24682
MISC
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — epyc_7763_firmware AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. 2022-02-04 2.1 CVE-2020-12966
MISC
apache — gobblin In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 2022-02-04 2.1 CVE-2021-36151
MISC
beanstalk_console_project — beanstalk_console Cross-site Scripting (XSS) – Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. 2022-02-09 3.5 CVE-2022-0539
CONFIRM
MISC
cluevo — learning_management_system The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course’s module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-07 3.5 CVE-2021-25029
MISC
elecom — wrc-300febk-r_firmware Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. 2022-02-08 2.9 CVE-2022-21799
MISC
MISC
fleetdm — fleet fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider (SP) could reuse the SAML response to log into Fleet as a user — only if the user has an account with the same email in Fleet, _and_ the user signs into the malicious SP via SAML SSO from the same Identity Provider (IdP) configured with Fleet. 2. A user with an account in Fleet could reuse a SAML response intended for another SP to log into Fleet. This is only a concern if the user is blocked from Fleet in the IdP, but continues to have an account in Fleet. If the user is blocked from the IdP entirely, this cannot be exploited. Fleet 4.9.1 resolves this issue. Users unable to upgrade should: Reduce the length of sessions on your IdP to reduce the window for malicious re-use, Limit the amount of SAML Service Providers/Applications used by user accounts with access to Fleet, and When removing access to Fleet in the IdP, delete the Fleet user from Fleet as well. 2022-02-04 3.5 CVE-2022-23600
MISC
CONFIRM
google — android In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. 2022-02-09 2.1 CVE-2022-20029
MISC
google — android In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862973; Issue ID: ALPS05862973. 2022-02-09 2.1 CVE-2022-20033
MISC
google — android In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675. 2022-02-09 2.1 CVE-2022-20035
MISC
google — android In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. 2022-02-09 2.1 CVE-2022-20042
MISC
google — android In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822. 2022-02-09 1.9 CVE-2022-20032
MISC
google — go-attestation An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above. 2022-02-04 2.1 CVE-2022-0317
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. 2022-02-04 2.1 CVE-2022-23594
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. 2022-02-04 3.3 CVE-2022-23563
CONFIRM
grafana — grafana Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. 2022-02-08 2.1 CVE-2022-21702
CONFIRM
MISC
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-02-08 3.5 CVE-2022-21713
MISC
MISC
CONFIRM
gtranslate — translate_wordpress_with_gtranslate The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY 2022-02-07 2.6 CVE-2021-25103
MISC
ivorysearch — ivory_search The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-07 3.5 CVE-2021-25105
MISC
laracom_project — laracom Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. 2022-02-04 3.5 CVE-2022-0472
CONFIRM
MISC
linux — linux_kernel An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. 2022-02-04 1.9 CVE-2022-24448
MISC
MISC
MISC
MISC
linux — linux_kernel A vulnerability was found in the Linux kernel’s eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 2022-02-04 2.1 CVE-2022-0264
MISC
linux — linux_kernel A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. 2022-02-04 2.1 CVE-2022-0487
MISC
MISC
livehelperchat — live_helper_chat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-02-06 3.5 CVE-2022-0502
MISC
CONFIRM
microweber — microweber Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. 2022-02-08 3.5 CVE-2022-0506
CONFIRM
MISC
nvidia — gpu_display_driver NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 2022-02-07 3.6 CVE-2022-21813
CONFIRM
nvidia — gpu_display_driver NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 2022-02-07 3.6 CVE-2022-21814
CONFIRM
pimcore — pimcore Cross-site Scripting (XSS) – Reflected in Packagist pimcore/pimcore prior to 10.3.1. 2022-02-08 3.5 CVE-2022-0510
MISC
CONFIRM
pimcore — pimcore Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.3.1. 2022-02-08 3.5 CVE-2022-0509
CONFIRM
MISC
premio — mystickyelements The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. 2022-02-07 3.5 CVE-2022-0148
MISC
CONFIRM
schneider-electric — ecostruxure_power_monitoring_expert A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 3.5 CVE-2022-22804
MISC
std42 — elfinder Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. 2022-02-08 3.5 CVE-2021-45919
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2022-02-07 3.5 CVE-2021-24880
MISC
tastyigniter — tastyigniter A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The “items%5B0%5D%5Bpath%5D” parameter of a request made to /admin/allergens/edit/1 is vulnerable. 2022-02-09 3.5 CVE-2022-23378
MISC
MISC
trendmicro — worry-free_business_security A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-02-04 3.6 CVE-2022-23805
MISC
MISC
wire — wire-webapp Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue. 2022-02-04 2.1 CVE-2022-23605
MISC
CONFIRM
wpeka — wplegalpages The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting 2022-02-07 3.5 CVE-2021-25106
MISC
xwiki — xwiki XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it’s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn’t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files. 2022-02-04 3.5 CVE-2021-43841
MISC
MISC
CONFIRM
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acronis — vss_doctor  Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 2022-02-11 not yet calculated CVE-2022-0483
MISC
adobe — illustrator  When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 2022-02-09 not yet calculated CVE-2022-22538
MISC
MISC
apache — apisix  An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX’s data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. 2022-02-11 not yet calculated CVE-2022-24112
MISC
MLIST
apache — apple_cassandra  When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. 2022-02-11 not yet calculated CVE-2021-44521
MISC
MLIST
apache — cayenne  Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne’s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to ‘remote’ applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution. 2022-02-11 not yet calculated CVE-2022-24289
MISC
MLIST
apache — jim  Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: – maildir mailbox store – Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). 2022-02-07 not yet calculated CVE-2022-22931
MISC
MISC
apple — swift-nio-http2  A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-02-09 not yet calculated CVE-2022-24668
MISC
apple — swift-nio-http2  A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-02-09 not yet calculated CVE-2022-24666
MISC
apple — swift-nio-http2  A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time 2022-02-09 not yet calculated CVE-2022-24667
MISC
bd — pyxis_products  Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information. 2022-02-11 not yet calculated CVE-2022-22766
CONFIRM
bd — viper_lt  BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability. 2022-02-12 not yet calculated CVE-2022-22765
CONFIRM
blitzjs — superjson  superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23631
CONFIRM
canon — laser_printers_and_small_office_multifunctional_printers  Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. 2022-02-08 not yet calculated CVE-2021-20877
MISC
MISC
MISC
MISC
MISC
chocobozzz — peertube  Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 2022-02-08 not yet calculated CVE-2022-0508
MISC
CONFIRM
cisco — dna_center  A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. 2022-02-10 not yet calculated CVE-2022-20630
CISCO
cisco — prime_service_catalog  A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. 2022-02-10 not yet calculated CVE-2022-20680
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20749
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20712
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20707
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20711
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20708
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20710
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20705
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20709
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20706
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20704
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20703
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20701
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20700
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20702
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20699
CISCO
cisco — umbrella_secure_web_gateway  A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. 2022-02-10 not yet calculated CVE-2022-20738
CISCO
citrix — workspace_app  An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 – 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. 2022-02-09 not yet calculated CVE-2022-21825
MISC
concrete — cms  A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. 2022-02-09 not yet calculated CVE-2021-22954
MISC
cri-o — cri-o  An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of “safe” sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. 2022-02-09 not yet calculated CVE-2022-0532
MISC
MISC
csv+ — csv+  Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag. 2022-02-08 not yet calculated CVE-2022-21241
MISC
MISC
cuppa — cms  Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. 2022-02-10 not yet calculated CVE-2022-24647
MISC
d-link — routers  A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. 2022-02-10 not yet calculated CVE-2021-41445
MISC
MISC
MISC
MISC
d-link — routers  An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. 2022-02-09 not yet calculated CVE-2021-41442
MISC
MISC
MISC
MISC
d-link — routers  A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot. 2022-02-09 not yet calculated CVE-2021-41441
MISC
MISC
MISC
MISC
dairy_farm_shop_management_system — dairy_farm_shop_management_system  Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. 2022-02-11 not yet calculated CVE-2020-36062
MISC
MISC
MISC
debian — debian-edu-config  It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. 2022-02-11 not yet calculated CVE-2021-20001
MISC
MLIST
MLIST
dell — client_commercial_and_consumer_platforms  Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware. 2022-02-09 not yet calculated CVE-2022-22567
CONFIRM
dell — client_commercial_consumer_platforms  Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. 2022-02-09 not yet calculated CVE-2022-22566
CONFIRM
dell — emc_integrated_system  All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system. 2022-02-09 not yet calculated CVE-2021-36302
CONFIRM
drupal — drupal_core Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. 2022-02-11 not yet calculated CVE-2020-13669
CONFIRM
drupal — drupal_core Cross-site Scripting (XSS) vulnerability in Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. 2022-02-11 not yet calculated CVE-2020-13672
CONFIRM
drupal — drupal_core Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. 2022-02-11 not yet calculated CVE-2020-13677
CONFIRM
drupal — drupal_core Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. 2022-02-11 not yet calculated CVE-2020-13670
CONFIRM
drupal — drupal_core  Drupal’s JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. 2022-02-11 not yet calculated CVE-2020-13675
CONFIRM
drupal — drupal_core  Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. 2022-02-11 not yet calculated CVE-2020-13668
CONFIRM
drupal — entity_embed  The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting. 2022-02-11 not yet calculated CVE-2020-13673
CONFIRM
drupal — quickedit The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. 2022-02-11 not yet calculated CVE-2020-13676
CONFIRM
drupal — quickedit  The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the “access in-place editing” permission from untrusted users will not fully mitigate the vulnerability. 2022-02-11 not yet calculated CVE-2020-13674
CONFIRM
elastic — kibana  An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users 2022-02-11 not yet calculated CVE-2022-23707
MISC
elecom — lan_routers  Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. 2022-02-08 not yet calculated CVE-2022-21173
MISC
MISC
exponent_cms — exponent_cms  Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the “Site/Organization Name”,”Site Title” and “Site Header” parameters while updating the site settings on “/exponentcms/administration/configure_site” 2022-02-09 not yet calculated CVE-2022-23047
MISC
MISC
MISC
exponent_cms — exponent_cms  Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at “themes/simpletheme/{rce}.php” from where can be accessed in order to execute commands. 2022-02-09 not yet calculated CVE-2022-23048
MISC
MISC
MISC
exponent_cms — exponent_cms  Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the “User-Agent” header when logging in. When an administrator user visits the “User Sessions” tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session. 2022-02-09 not yet calculated CVE-2022-23049
MISC
MISC
MISC
fastify — fastify-multipart  This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382). 2022-02-11 not yet calculated CVE-2021-23597
CONFIRM
CONFIRM
CONFIRM
ffjpeg — ffjpeg  A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. 2022-02-11 not yet calculated CVE-2021-45385
MISC
MISC
foxit — pdf_reader Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the ‘subform colSpan=”-2″‘ and ‘draw colSpan=”1″‘ substrings. 2022-02-11 not yet calculated CVE-2022-24954
MISC
MISC
foxit — pdf_reader  Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. 2022-02-11 not yet calculated CVE-2022-24955
MISC
gin-vue-admin — gin-vue-admin  Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. 2022-02-09 not yet calculated CVE-2022-21660
CONFIRM
git — git  The –mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the “GitBleed” issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the –mirror option. 2022-02-11 not yet calculated CVE-2022-24975
MISC
MISC
gitea — gitea  An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. 2022-02-09 not yet calculated CVE-2021-45330
MISC
gitea — gitea  An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. 2022-02-09 not yet calculated CVE-2021-45331
MISC
MISC
gitlab — enterprise_edition  An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call 2022-02-09 not yet calculated CVE-2021-39943
MISC
CONFIRM
MISC
golang — go  Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. 2022-02-11 not yet calculated CVE-2022-23772
MISC
golang — go  cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. 2022-02-11 not yet calculated CVE-2022-23773
MISC
golang — go  Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. 2022-02-11 not yet calculated CVE-2022-23806
MISC
google — android  In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948 2022-02-11 not yet calculated CVE-2021-39619
MISC
google — android  In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A 2022-02-11 not yet calculated CVE-2021-39688
MISC
google — android  In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A 2022-02-11 not yet calculated CVE-2021-39687
MISC
google — android  In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 2022-02-11 not yet calculated CVE-2021-39677
MISC
google — android  In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 2022-02-11 not yet calculated CVE-2021-39676
MISC
google — android  Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 2022-02-11 not yet calculated CVE-2021-39616
MISC
google — android  In clear_data_dlg_text of strings.xml, there is a possible situation when “Clear storage” functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 2022-02-11 not yet calculated CVE-2021-39631
MISC
google — android  In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183 2022-02-11 not yet calculated CVE-2021-39675
MISC
google — android  ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller’s permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 2022-02-11 not yet calculated CVE-2021-39635
MISC
google — android  ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 2022-02-11 not yet calculated CVE-2021-39658
MISC
google — android  In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 2022-02-11 not yet calculated CVE-2021-39662
MISC
google — android  In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135 2022-02-11 not yet calculated CVE-2021-39663
MISC
google — android  In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029 2022-02-11 not yet calculated CVE-2021-39664
MISC
google — android  In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881 2022-02-11 not yet calculated CVE-2021-39665
MISC
google — android  In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 2022-02-11 not yet calculated CVE-2021-39666
MISC
google — android  In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603 2022-02-11 not yet calculated CVE-2021-39668
MISC
google — android  In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 2022-02-11 not yet calculated CVE-2021-39669
MISC
google — android  In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630 2022-02-11 not yet calculated CVE-2021-39671
MISC
google — android  In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701 2022-02-11 not yet calculated CVE-2021-39672
MISC
google — android  In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334 2022-02-11 not yet calculated CVE-2021-0524
MISC
google — android  In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442 2022-02-11 not yet calculated CVE-2021-39674
MISC
google — chrome  Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0117
MISC
MISC
google — chrome  Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0298
MISC
MISC
google — chrome  Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4099
MISC
MISC
google — chrome  Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4098
MISC
MISC
google — chrome  Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0291
MISC
MISC
google — chrome  Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0292
MISC
MISC
google — chrome  Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0293
MISC
MISC
google — chrome  Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0294
MISC
MISC
google — chrome  Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0295
MISC
MISC
google — chrome  Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0296
MISC
MISC
google — chrome  Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0297
MISC
MISC
google — chrome  Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0300
MISC
MISC
google — chrome  Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4101
MISC
MISC
google — chrome  Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0301
MISC
MISC
google — chrome  Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0302
MISC
MISC
google — chrome  Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0304
MISC
MISC
google — chrome  Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0305
MISC
MISC
google — chrome  Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0306
MISC
MISC
google — chrome  Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0307
MISC
MISC
google — chrome  Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0308
MISC
MISC
google — chrome  Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0309
MISC
MISC
google — chrome  Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. 2022-02-12 not yet calculated CVE-2022-0310
MISC
MISC
google — chrome  Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0311
MISC
MISC
google — chrome  Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4100
MISC
MISC
google — chrome  Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4102
MISC
MISC
google — chrome  Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0116
MISC
MISC
google — chrome  Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0118
MISC
MISC
google — chrome  Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0115
MISC
MISC
google — chrome  Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. 2022-02-12 not yet calculated CVE-2022-0114
MISC
MISC
google — chrome  Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0113
MISC
MISC
google — chrome  Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. 2022-02-12 not yet calculated CVE-2022-0112
MISC
MISC
google — chrome  Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0111
MISC
MISC
google — chrome  Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0110
MISC
MISC
google — chrome  Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0109
MISC
MISC
google — chrome  Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0108
MISC
MISC
google — chrome  Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0107
MISC
MISC
google — chrome  Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0105
MISC
MISC
google — chrome  Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0289
MISC
MISC
google — chrome  Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0104
MISC
MISC
google — chrome  Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0103
MISC
MISC
google — chrome  Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0102
MISC
MISC
google — chrome  Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture. 2022-02-12 not yet calculated CVE-2022-0101
MISC
MISC
google — chrome  Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0100
MISC
MISC
google — chrome  Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. 2022-02-12 not yet calculated CVE-2022-0099
MISC
MISC
google — chrome  Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. 2022-02-12 not yet calculated CVE-2022-0098
MISC
MISC
google — chrome  Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0097
MISC
MISC
google — chrome  Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0096
MISC
MISC
google — chrome  Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. 2022-02-12 not yet calculated CVE-2022-0120
MISC
MISC
google — chrome  Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0106
MISC
MISC
google — chrome  Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0290
MISC
MISC
gradle — gradle  Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled. 2022-02-10 not yet calculated CVE-2022-23630
MISC
MISC
CONFIRM
hospital_management_system — hospital_management_system  Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. 2022-02-10 not yet calculated CVE-2022-24646
MISC
htmldoc — htmldoc  A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). 2022-02-09 not yet calculated CVE-2022-0534
MISC
MISC
huawei — huawei There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access. 2022-02-09 not yet calculated CVE-2021-39997
MISC
huawei — huawei There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-40045
MISC
MISC
huawei — huawei There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability. 2022-02-09 not yet calculated CVE-2021-40015
MISC
MISC
huawei — huawei  There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-39991
MISC
huawei — huawei  There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2022-02-09 not yet calculated CVE-2021-39992
MISC
huawei — huawei  There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2022-02-09 not yet calculated CVE-2021-39994
MISC
huawei — huawei  There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-39986
MISC
huawei — huawei  There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access. 2022-02-09 not yet calculated CVE-2021-37107
MISC
huawei — huawei  There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. 2022-02-09 not yet calculated CVE-2021-40044
MISC
huawei — huawei  There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-37115
MISC
huawei — huawei  There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. 2022-02-09 not yet calculated CVE-2021-37109
MISC
ifmeorg — ifme  In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks. 2022-02-10 not yet calculated CVE-2021-25992
MISC
MISC
intel — advisor  Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-23152
MISC
intel — advisor  Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-33129
MISC
intel — amt  Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. 2022-02-09 not yet calculated CVE-2021-33068
MISC
CONFIRM
intel — atom_processors  Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. 2022-02-09 not yet calculated CVE-2021-33120
MISC
intel — capital_global_summit_android_application  Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21153
MISC
intel — core_processors  Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated graphics before version 21.10 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33105
MISC
intel — ethernet controllers_and_adapters  Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-33061
MISC
CONFIRM
intel — ethernet controllers_and_adapters  Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-33096
MISC
CONFIRM
intel — gpa_software  Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-33101
MISC
intel — ipp_crypto_library  Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33147
MISC
intel — kernelflinger  Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-33137
MISC
intel — multiple-products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0176
MISC
intel — multiple-products  Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-02-09 not yet calculated CVE-2021-0162
MISC
intel — multiple-products  Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0147
MISC
intel — multiple-products  Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0179
MISC
intel — multiple-products  Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0178
MISC
intel — multiple-products  Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0177
MISC
intel — multiple-products  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0161
MISC
intel — multiple-products  Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0183
MISC
intel — multiple-products  Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0175
MISC
intel — multiple-products  Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0174
MISC
intel — multiple-products  Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0173
MISC
intel — multiple-products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0172
MISC
intel — multiple-products  Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0171
MISC
intel — multiple-products  Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0170
MISC
intel — multiple-products  Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0169
MISC
intel — multiple-products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0168
MISC
intel — multiple-products  Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0167
MISC
intel — multiple-products  Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0166
MISC
intel — multiple-products  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0165
MISC
intel — multiple-products  Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0164
MISC
intel — multiple-products  Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-02-09 not yet calculated CVE-2021-0163
MISC
intel — multiple_products  Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33139
MISC
intel — multiple_products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0072
MISC
intel — multiple_products  Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. 2022-02-09 not yet calculated CVE-2021-33107
MISC
intel — multiple_products  Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33110
MISC
intel — multiple_products  Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0076
MISC
intel — multiple_products  Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33155
MISC
intel — multiple_products  Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. 2022-02-09 not yet calculated CVE-2021-33113
MISC
intel — multiple_products  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0066
MISC
intel — multiple_products  Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0060
MISC
CONFIRM
intel — multiple_products  Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33114
MISC
intel — processors  Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0107
MISC
CONFIRM
intel — processors  Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0156
MISC
CONFIRM
intel — processors  Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0116
MISC
CONFIRM
intel — processors  Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0117
MISC
CONFIRM
intel — processors  Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0118
MISC
CONFIRM
intel — processors  Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0119
MISC
CONFIRM
intel — processors  NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0111
MISC
CONFIRM
intel — processors  Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0103
MISC
CONFIRM
intel — processors  Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0145
MISC
CONFIRM
intel — processors  Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0115
MISC
CONFIRM
intel — processors  Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0093
MISC
CONFIRM
intel — processors  Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0092
MISC
CONFIRM
intel — processors  Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0127
MISC
CONFIRM
intel — processors  Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0091
MISC
CONFIRM
intel — processors  Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0125
MISC
CONFIRM
intel — processors  Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0124
MISC
CONFIRM
intel — processors  Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0099
MISC
CONFIRM
intel — quartus_prime_pro  Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-44454
MISC
intel — quartus_prime_pro_edition  Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21174
MISC
intel — quartus_prime_pro_edition  Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21204
MISC
intel — quartus_prime_standard_edition  Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21203
MISC
intel — realsense_dcm  Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33119
MISC
intel — rxt  Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33166
MISC
intel — smart_campus_android_application  Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21157
MISC
intel — trace_analyzer_and_collector  Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21218
MISC
intel — trace_analyzer_and_collector  Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2022-21133
MISC
intel — trace_analyzer_and_collector  Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21226
MISC
intel — trace_analyzer_and_collector  Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2022-21156
MISC
intel — uefi  Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-02-09 not yet calculated CVE-2021-33115
MISC
intl — quartus_prime_pro_edition  Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. 2022-02-09 not yet calculated CVE-2022-21205
MISC
justarchinet — archisteamfarm  ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn’t adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user’s access against bot `A` – instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible. 2022-02-08 not yet calculated CVE-2022-23627
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
kde — kate_and_ktexteditor  The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. 2022-02-11 not yet calculated CVE-2022-23853
MISC
CONFIRM
libtiff — libtiff  Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 2022-02-11 not yet calculated CVE-2022-0561
MISC
MISC
CONFIRM
libtiff — libtiff  Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 2022-02-11 not yet calculated CVE-2022-0562
MISC
MISC
CONFIRM
linux — linux_kernel  An information leak flaw was found due to uninitialized memory in the Linux kernel’s TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. 2022-02-11 not yet calculated CVE-2022-0382
MISC
linux — linux_kernel  An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. 2022-02-11 not yet calculated CVE-2022-24959
MISC
MISC
linux — linux_kernel  A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. 2022-02-11 not yet calculated CVE-2022-0185
MISC
MISC
MISC
MISC
linux — linux_kernel  drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. 2022-02-11 not yet calculated CVE-2022-24958
MISC
MISC
MISC
linux — linux_kernel  The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a “pointer leak.” 2022-02-11 not yet calculated CVE-2021-45402
MISC
MISC
MISC
magnolia — magnolia  A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. 2022-02-11 not yet calculated CVE-2021-46362
MISC
magnolia — magnolia  An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. 2022-02-11 not yet calculated CVE-2021-46365
MISC
magnolia — magnolia  An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file. 2022-02-11 not yet calculated CVE-2021-46363
MISC
magnolia_cms — magnolia_cms  An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. 2022-02-11 not yet calculated CVE-2021-46361
MISC
magnolia_cms — magnolia_cms  An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users’ credentials. 2022-02-11 not yet calculated CVE-2021-46366
MISC
magnolia_cms — magnolia_cms  A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. 2022-02-11 not yet calculated CVE-2021-46364
MISC
mahara — mahara  In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. 2022-02-10 not yet calculated CVE-2022-24111
MISC
MISC
mediatek — bluetooth  In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. 2022-02-09 not yet calculated CVE-2022-20046
MISC
mediatek — bluetooth  In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820. 2022-02-09 not yet calculated CVE-2022-20045
MISC
mediatek — bluetooth  In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. 2022-02-09 not yet calculated CVE-2022-20043
MISC
mediatek — bluetooth  In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814. 2022-02-09 not yet calculated CVE-2022-20044
MISC
mediatek — bluetooth  In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. 2022-02-09 not yet calculated CVE-2022-20041
MISC
mediatek — ccu_driver  In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345. 2022-02-09 not yet calculated CVE-2022-20039
MISC
mediatek — ccu_driver  In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183335; Issue ID: ALPS06183335. 2022-02-09 not yet calculated CVE-2022-20038
MISC
mediatek — ion_driver  In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. 2022-02-09 not yet calculated CVE-2022-20036
MISC
mediatek — ion_driver  In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. 2022-02-09 not yet calculated CVE-2022-20037
MISC
mediatek — ion_driver  In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. 2022-02-09 not yet calculated CVE-2022-20017
MISC
mediatek — power_hal_manager_service  In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID: ALPS06219150. 2022-02-09 not yet calculated CVE-2022-20040
MISC
mediatek — system_service  In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. 2022-02-09 not yet calculated CVE-2022-20024
MISC
mellium — mellium  In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification. 2022-02-11 not yet calculated CVE-2022-24968
MISC
MISC
microsoft — .net  .NET Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-21986
MISC
microsoft — azure_data_explorer  Azure Data Explorer Spoofing Vulnerability. 2022-02-09 not yet calculated CVE-2022-23256
MISC
microsoft — dynamics_365  Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21957
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23272, CVE-2022-23273. 2022-02-09 not yet calculated CVE-2022-23271
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Spoofing Vulnerability. 2022-02-09 not yet calculated CVE-2022-23269
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-23274
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23273. 2022-02-09 not yet calculated CVE-2022-23272
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23272. 2022-02-09 not yet calculated CVE-2022-23273
MISC
microsoft — excel  Microsoft Excel Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-22716
MISC
microsoft — hevc_video_extensions  HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. 2022-02-09 not yet calculated CVE-2022-21844
MISC
microsoft — hevc_video_extensions  HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. 2022-02-09 not yet calculated CVE-2022-21926
MISC
microsoft — hevc_video_extensions  HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. 2022-02-09 not yet calculated CVE-2022-21927
MISC
microsoft — office_  Microsoft Office Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-23252
MISC
microsoft — office_clicktorun  Microsoft Office ClickToRun Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22004
MISC
microsoft — office_graphics  Microsoft Office Graphics Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22003
MISC
microsoft — office_visio  Microsoft Office Visio Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21988
MISC
microsoft — onedrive  Microsoft OneDrive for Android Security Feature Bypass Vulnerability. 2022-02-09 not yet calculated CVE-2022-23255
MISC
microsoft — outlook_for_mac  Microsoft Outlook for Mac Security Feature Bypass Vulnerability. 2022-02-09 not yet calculated CVE-2022-23280
MISC
MISC
microsoft — power_bi  Microsoft Power BI Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-23254
MISC
microsoft — roaming_security_rights_management_services  Roaming Security Rights Management Services Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21974
MISC
microsoft — sharepoint  Microsoft SharePoint Server Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22005
MISC
microsoft — sharepoint_server  Microsoft SharePoint Server Spoofing Vulnerability. 2022-02-09 not yet calculated CVE-2022-21987
MISC
microsoft — sharepoint_server  Microsoft SharePoint Server Security Feature BypassVulnerability. 2022-02-09 not yet calculated CVE-2022-21968
MISC
microsoft — sql_server_for_linux_containers  SQL Server for Linux Containers Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-23276
MISC
microsoft — teams  Microsoft Teams Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-21965
MISC
microsoft — visual_studio  Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21991
MISC
microsoft — vp9_video_extensions  VP9 Video Extensions Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22709
MISC
microsoft — win32k  Win32k Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-21996
MISC
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22718. 2022-02-09 not yet calculated CVE-2022-22717
MISC
MISC
microsoft — windows  Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22717. 2022-02-09 not yet calculated CVE-2022-22718
MISC
microsoft — windows  Named Pipe File System Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-22715
MISC
microsoft — windows  Windows Runtime Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21971
MISC
microsoft — windows  Windows Remote Access Connection Manager Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-21985
MISC
microsoft — windows  Windows Kernel Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-21989
MISC
microsoft — windows  Windows Hyper-V Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-22712
MISC
microsoft — windows_common_log_file_system  Windows Common Log File System Driver Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-22710
MISC
microsoft — windows_common_log_file_system_driver  Windows Common Log File System Driver Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-21998
MISC
microsoft — windows_common_log_file_system_driver  Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981. 2022-02-09 not yet calculated CVE-2022-22000
MISC
microsoft — windows_common_log_file_system_driver  Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22000. 2022-02-09 not yet calculated CVE-2022-21981
MISC
microsoft — windows_dns_server Windows DNS Server Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21984
MISC
microsoft — windows_dwm_core_library  Windows DWM Core Library Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-21994
MISC
microsoft — windows_hyper-v  Windows Hyper-V Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21995
MISC
microsoft — windows_mobile_device_management  Windows Mobile Device Management Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21992
MISC
microsoft — windows_print_spooler  Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718. 2022-02-09 not yet calculated CVE-2022-21997
MISC
microsoft — windows_print_spooler  Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. 2022-02-09 not yet calculated CVE-2022-21999
MISC
microsoft — windows_remote_access_connection_manager  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-22001
MISC
microsoft — windows_services_for_nfs_oncrpc_xdr_driver  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-21993
MISC
microsoft — windows_user_account_profile_picture  Windows User Account Profile Picture Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-22002
MISC
MISC
microweber — microweber Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. 2022-02-10 not yet calculated CVE-2022-0558
CONFIRM
MISC
microweber — microweber Open Redirect in Packagist microweber/microweber prior to 1.2.11. 2022-02-11 not yet calculated CVE-2022-0560
CONFIRM
MISC
microweber — microweber  OS Command Injection in Packagist microweber/microweber prior to 1.2.11. 2022-02-11 not yet calculated CVE-2022-0557
CONFIRM
MISC
minicms — minicms  MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. 2022-02-10 not yet calculated CVE-2021-44970
MISC
mitsubishi_electric — factory_automation_engineering_products Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. 2022-02-11 not yet calculated CVE-2020-14523
MISC
mitsubishi_electric — factory_automation_engineering_products  Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. 2022-02-11 not yet calculated CVE-2020-14521
MISC
nexacro — nexacro  improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. 2022-02-09 not yet calculated CVE-2021-26613
MISC
nokia — bts_trs_web_console Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. 2022-02-11 not yet calculated CVE-2021-31932
MISC
novel-plus — novel-plus  Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. 2022-02-10 not yet calculated CVE-2022-24568
MISC
ocs_inventory — ocs_inventory  OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS). 2022-02-11 not yet calculated CVE-2021-46355
MISC
MISC
open-policy-agent — opa  OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths. **All of these** three conditions have to be met to create an adverse effect: 1. An AST of Rego had to be **created programmatically** such that it ends up containing terms without a location (such as wildcard variables). 2. The AST had to be **pretty-printed** using the `github.com/open-policy-agent/opa/format` package. 3. The result of the pretty-printing had to be **parsed and evaluated again** via an OPA instance using the bundles, or the Golang packages. If any of these three conditions are not met, you are not affected. Notably, all three would be true if using **optimized bundles**, i.e. bundles created with `opa build -O=1` or higher. In that case, the optimizer would fulfil condition (1.), the result of that would be pretty-printed when writing the bundle to disk, fulfilling (2.). When the bundle was then used, we’d satisfy (3.). As a workaround users may disable optimization when creating bundles. 2022-02-09 not yet calculated CVE-2022-23628
MISC
CONFIRM
MISC
MISC
optimism — geth_forth  Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. 2022-02-10 not yet calculated CVE-2022-24916
MISC
MISC
MISC
MISC
MISC
otrs — ag_otrs  OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions. 2022-02-07 not yet calculated CVE-2022-0473
CONFIRM
otrs — otrscustomcontactfields  Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions. 2022-02-07 not yet calculated CVE-2022-0474
CONFIRM
palo_alto_networks — cortex_xsoar  A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. 2022-02-10 not yet calculated CVE-2022-0020
CONFIRM
palo_alto_networks — globalprotect_app  An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0019
CONFIRM
palo_alto_networks — globalprotect_app  An improper link resolution before file access (‘link following’) vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0017
CONFIRM
palo_alto_networks — globalprotect_app  An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0016
CONFIRM
palo_alto_networks — globalprotect_app  An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0021
CONFIRM
palo_alto_networks — globalprotect_app  An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user’s local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0018
CONFIRM
palo_alto_networks — pan-os  PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL. 2022-02-10 not yet calculated CVE-2022-0011
CONFIRM
pingidentity — pingfederate  When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. 2022-02-10 not yet calculated CVE-2021-42000
MISC
MISC
piwigo — piwigo  Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. 2022-02-10 not yet calculated CVE-2021-45357
MISC
portainer — agent  In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. 2022-02-11 not yet calculated CVE-2022-24961
MISC
MISC
MISC
MISC
projeqtor — projeqtor  A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. 2022-02-11 not yet calculated CVE-2021-42940
MISC
MISC
puma — puma  Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails’ Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. 2022-02-11 not yet calculated CVE-2022-23634
CONFIRM
MISC
MISC
MISC
MISC
python — python  A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘r’ and ‘n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. 2022-02-09 not yet calculated CVE-2022-0391
MISC
qnap — nas_running_kazoo_server  An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and later 2022-02-11 not yet calculated CVE-2021-38679
MISC
qualcomm — multiple_snapdragon_products  Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-30322
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-02-11 not yet calculated CVE-2021-30323
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-30317
CONFIRM
qualcomm — multiple_snapdragon_products  Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-30309
CONFIRM
qualcomm — multiple_snapdragon_products  Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-30324
CONFIRM
qualcomm — multiple_snapdragon_products  Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-30325
CONFIRM
qualcomm — multiple_snapdragon_products  Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-30326
CONFIRM
qualcomm — multiple_snapdragon_products  Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-02-11 not yet calculated CVE-2021-35068
CONFIRM
qualcomm — multiple_snapdragon_products  Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-35074
CONFIRM
qualcomm — multiple_snapdragon_products  Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-35075
CONFIRM
qualcomm — multiple_snapdragon_products  Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-35077
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-02-11 not yet calculated CVE-2021-30318
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-35069
CONFIRM
quartus — quartus_prime_pro_edition  Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21220
MISC
rails — rails  Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. 2022-02-11 not yet calculated CVE-2022-23633
MISC
CONFIRM
MLIST
ruby-lang — ruby CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. 2022-02-06 not yet calculated CVE-2021-41816
MISC
MISC
CONFIRM
s-cart — s-cart  A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. 2022-02-11 not yet calculated CVE-2021-44111
MISC
samsung — android_application  Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim’s devices. 2022-02-11 not yet calculated CVE-2022-24925
MISC
samsung — bixby_vision  Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. 2022-02-11 not yet calculated CVE-2022-24003
MISC
samsung — bixby_vision  A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. 2022-02-11 not yet calculated CVE-2022-23434
MISC
samsung — camera  Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. 2022-02-11 not yet calculated CVE-2022-23998
MISC
samsung — edge_panel  Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. 2022-02-11 not yet calculated CVE-2022-24001
MISC
samsung — link_sharing  Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. 2022-02-11 not yet calculated CVE-2022-24002
MISC
samsung — livewallpaperservice  An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. 2022-02-11 not yet calculated CVE-2022-24924
MISC
samsung — mobile An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. 2022-02-11 not yet calculated CVE-2022-23432
MISC
samsung — mobile An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. 2022-02-11 not yet calculated CVE-2022-23431
MISC
samsung — mobile An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. 2022-02-11 not yet calculated CVE-2022-23429
MISC
samsung — mobile An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. 2022-02-11 not yet calculated CVE-2022-23428
MISC
samsung — mobile PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. 2022-02-11 not yet calculated CVE-2022-23427
MISC
samsung — mobile A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. 2022-02-11 not yet calculated CVE-2022-23426
MISC
samsung — mobile  PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. 2022-02-11 not yet calculated CVE-2022-23999
MISC
samsung — mobile  PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. 2022-02-11 not yet calculated CVE-2022-24000
MISC
samsung — mobile  Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. 2022-02-11 not yet calculated CVE-2022-23433
MISC
samsung — mobile  Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. 2022-02-11 not yet calculated CVE-2022-22291
MISC
samsung — mobile  A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. 2022-02-10 not yet calculated CVE-2022-23321
MISC
MISC
MISC
samsung — mobile  Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. 2022-02-11 not yet calculated CVE-2022-23425
MISC
samsung — searchwidget  Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. 2022-02-11 not yet calculated CVE-2022-24923
MISC
samsung — smarttagplugin  Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim’s devices. 2022-02-11 not yet calculated CVE-2022-24926
MISC
samsung — telecom  Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. 2022-02-11 not yet calculated CVE-2022-22292
MISC
samsung — video_player  Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. 2022-02-11 not yet calculated CVE-2022-24927
MISC
samsung — wear_os  Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23996
MISC
samsung — wear_os  Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23995
MISC
samsung — wear_os  An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23994
MISC
samsung — wear_os  Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23997
MISC
sap — 3d_visual_enterprise_viewer  When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 2022-02-09 not yet calculated CVE-2022-22537
MISC
MISC
sap — 3d_visual_enterprise_viewer  When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 2022-02-09 not yet calculated CVE-2022-22539
MISC
MISC
sap — adaptive_server_enterprise  SAP Adaptive Server Enterprise (ASE) – version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. 2022-02-09 not yet calculated CVE-2022-22528
MISC
MISC
sap — business_objects_web_intelligence  Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) – version 420. 2022-02-09 not yet calculated CVE-2022-22546
MISC
MISC
sap — erp_chm_portugal  SAP ERP HCM Portugal – versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. 2022-02-09 not yet calculated CVE-2022-22535
MISC
MISC
sap — netweaver  Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. 2022-02-09 not yet calculated CVE-2022-22534
MISC
MISC
sap — netweaver_application_server_abap_and_abap_platform  A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. 2022-02-09 not yet calculated CVE-2022-22545
MISC
MISC
sap — netweaver_application_server_for_abap_and_abap_platform  SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) – versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. 2022-02-09 not yet calculated CVE-2022-22543
MISC
MISC
sap — netweaver_as_abap  SAP NetWeaver AS ABAP (Workplace Server) – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. 2022-02-09 not yet calculated CVE-2022-22540
MISC
MISC
sap — s/4hana_supplier_factsheet  S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. 2022-02-09 not yet calculated CVE-2022-22542
MISC
MISC
sap — solution_manager  Solution Manager (Diagnostics Root Cause Analysis Tools) – version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service. 2022-02-09 not yet calculated CVE-2022-22544
MISC
MISC
schneider_electric — conext_combox  A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext ComBox (All Versions) 2022-02-11 not yet calculated CVE-2021-22798
MISC
schneider_electric — connexium_network_manager_software  A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) 2022-02-11 not yet calculated CVE-2021-22801
MISC
schneider_electric — easergy_p40  A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration. 2022-02-09 not yet calculated CVE-2022-22813
MISC
schneider_electric — ecostruxure_ev_charging_expert A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) 2022-02-09 not yet calculated CVE-2022-22807
MISC
schneider_electric — ecostruxure_ev_charging_expert  A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) 2022-02-09 not yet calculated CVE-2022-22808
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22805
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) 2022-02-11 not yet calculated CVE-2021-22824
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22802
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) 2022-02-11 not yet calculated CVE-2021-22823
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22804
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22803
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24317
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24310
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24312
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24314
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24315
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24311
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24316
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24313
MISC
MISC
schneider_electric — modicon_ethernet_programmable_automation_products  A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) 2022-02-11 not yet calculated CVE-2021-22785
MISC
schneider_electric — modicon_ethernet_programmable_automation_products  A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) 2022-02-11 not yet calculated CVE-2021-22787
MISC
schneider_electric — modicon_ethernet_programmable_automation_products  A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) 2022-02-11 not yet calculated CVE-2021-22788
MISC
schneider_electric — modicon_m218_logic_controller  A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior) 2022-02-11 not yet calculated CVE-2021-22800
MISC
schneider_electric — multiple_products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22810
MISC
schneider_electric — multiple_products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22809
MISC
schneider_electric — multiple_products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22811
MISC
schneider_electric — multiple_products  A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24318
MISC
schneider_electric — multiple_products  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) 2022-02-11 not yet calculated CVE-2021-22748
MISC
schneider_electric — multiple_products  A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24319
MISC
schneider_electric — multiple_products  A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24321
MISC
schneider_electric — multiple_products  A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) 2022-02-09 not yet calculated CVE-2021-22817
MISC
schneider_electric — multiple_products  A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) 2022-02-11 not yet calculated CVE-2021-22796
MISC
schneider_electric — multiple_products  A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) 2022-02-11 not yet calculated CVE-2021-22806
MISC
schneider_electric — multiple_products  A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22812
MISC
schneider_electric — multiple_products  A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24320
MISC
secuwiz — secuwayssl  An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments. 2022-02-09 not yet calculated CVE-2021-26616
MISC
servicenow_orlando — servicenow_orlando  The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. 2022-02-10 not yet calculated CVE-2021-45901
MISC
MISC
siemens — comos  A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. 2022-02-09 not yet calculated CVE-2021-37194
MISC
siemens — jt2go  A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) 2022-02-09 not yet calculated CVE-2021-44018
MISC
siemens — jt2go  A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) 2022-02-09 not yet calculated CVE-2021-44016
MISC
siemens — jt2go  A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) 2022-02-09 not yet calculated CVE-2021-44000
MISC
siemens — sicam_toolbox_II  A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. 2022-02-09 not yet calculated CVE-2021-45106
MISC
siemens — simatic_firmware A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. 2022-02-09 not yet calculated CVE-2021-40363
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 2022-02-09 not yet calculated CVE-2021-37185
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. 2022-02-09 not yet calculated CVE-2021-37204
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 2022-02-09 not yet calculated CVE-2021-37205
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server. 2022-02-09 not yet calculated CVE-2021-40360
MISC
siemens — sinema_remote_connect_server  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. 2022-02-09 not yet calculated CVE-2022-23102
MISC
FULLDISC
MISC
siemens — spectrum_power  A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application “Online Help” in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. 2022-02-09 not yet calculated CVE-2022-23312
MISC
statamic_version — statamic_version  A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. 2022-02-10 not yet calculated CVE-2021-45364
MISC
stormshield — stormshield  In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. 2022-02-10 not yet calculated CVE-2021-31814
MISC
MISC
stormshield — stormshield_network_security  Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. 2022-02-10 not yet calculated CVE-2021-37613
MISC
MISC
stormshield — stormshield_network_security  Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. 2022-02-10 not yet calculated CVE-2021-3398
MISC
MISC
taocms — taocms  Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. 2022-02-10 not yet calculated CVE-2021-44969
MISC
tcman_gim — tcman_gim The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. 2022-02-11 not yet calculated CVE-2021-4046
CONFIRM
tcpreplay — tcpreplay  tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. 2022-02-11 not yet calculated CVE-2021-45387
MISC
tcpreplay — tcpreplay  tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c 2022-02-11 not yet calculated CVE-2021-45386
MISC
tenda — routers  A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. 2022-02-11 not yet calculated CVE-2020-26728
MISC
MISC
thinfinity — virtualui  Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter “Addr” in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. 2022-02-09 not yet calculated CVE-2021-46354
MISC
MISC
thinkphp — thinkphp  A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. 2022-02-10 not yet calculated CVE-2021-44892
MISC
tokheim_profleet_dialog — tokheim_profleet_dialog Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. 2022-02-11 not yet calculated CVE-2021-34235
MISC
tp-link — routers  The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. 2022-02-09 not yet calculated CVE-2022-0162
MISC
unzip — unzip  A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 2022-02-09 not yet calculated CVE-2022-0530
MISC
unzip — unzip  A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 2022-02-09 not yet calculated CVE-2022-0529
MISC
vim — vim  Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. 2022-02-10 not yet calculated CVE-2022-0554
MISC
CONFIRM
vm2 — vm2  The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. 2022-02-11 not yet calculated CVE-2021-23555
CONFIRM
CONFIRM
wocu_monitoring — wocu_monitoring  A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. 2022-02-11 not yet calculated CVE-2021-4035
CONFIRM
xe-core — xe-core XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. 2022-02-09 not yet calculated CVE-2021-44911
MISC
xe-core — xe-core  In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL. 2022-02-09 not yet calculated CVE-2021-44912
MISC
xilinx — zynq7000_soc_devices  On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000’s boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card’s transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM. 2022-02-10 not yet calculated CVE-2021-44850
CONFIRM
CONFIRM
xmpie — ustore  XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. 2022-02-07 not yet calculated CVE-2022-23320
MISC
MISC
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23617
MISC
MISC
MISC
CONFIRM
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password. 2022-02-09 not yet calculated CVE-2022-23616
MISC
CONFIRM
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to guess if a user has an account on the wiki by using the “Forgot your password” form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23619
CONFIRM
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23618
CONFIRM
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like “../”, “./”. or “/” in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export. 2022-02-09 not yet calculated CVE-2022-23620
CONFIRM
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString(“/WEB-INF/xwiki.cfg”)`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right. 2022-02-09 not yet calculated CVE-2022-23621
MISC
CONFIRM
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the “Prevent unregistered users from viewing pages, regardless of the page rights” box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=”hidden” name=”xredirect” value=”$escapetool.xml($!request.xredirect)” />`. If for some reason it’s not possible to patch this file, another workaround is to ensure “Prevent unregistered users from viewing pages, regardless of the page rights” is not checked in the rights and apply a better right scheme using groups and rights on spaces. 2022-02-09 not yet calculated CVE-2022-23622
MISC
MISC
CONFIRM
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access. 2022-02-09 not yet calculated CVE-2022-23615
CONFIRM
MISC
MISC
xylem — aquaview  A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. 2022-02-07 not yet calculated CVE-2021-42833
CERT
CONFIRM
zoom — chat  The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. 2022-02-09 not yet calculated CVE-2022-22780
MISC
zoom — keybase_client_for_macos_and_windows  The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. 2022-02-09 not yet calculated CVE-2022-22779
MISC
zzcms_2021 — zzcms_2021  Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. 2022-02-09 not yet calculated CVE-2021-45286
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply

Your email address will not be published.