Vulnerability Summary for the Week of May 23, 2022

05/30/2022 01:15 PM EDT

Original release date: May 30, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. 2022-05-24 7.5 CVE-2022-30455
MISC
battleye — battleye BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-27095
MISC
chatbot_application_with_a_suggestion_feature_project — chatbot_application_with_a_suggestion_feature ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. 2022-05-20 7.5 CVE-2022-30518
MISC
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. 2022-05-26 7.5 CVE-2022-29660
MISC
covid-19_directory_on_vaccination_system_project — covid-19_directory_on_vaccination_system Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. 2022-05-20 7.5 CVE-2022-28531
MISC
MISC
covid_19_travel_pass_management_system_project — covid_19_travel_pass_management_system Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status 2022-05-24 7.5 CVE-2022-30838
MISC
merchandise_online_store_project — merchandise_online_store Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. 2022-05-24 7.5 CVE-2022-30454
MISC
minitool — partition_wizard MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-29320
MISC
multi-vendor_online_groceries_management_system_project — multi-vendor_online_groceries_management_system Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. 2022-05-20 7.5 CVE-2022-26632
MISC
nirweb — nirweb_support The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection 2022-05-23 7.5 CVE-2022-0781
MISC
online_sports_complex_booking_system_project — online_sports_complex_booking_system Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. 2022-05-20 7.5 CVE-2022-28106
MISC
online_sports_complex_booking_system_project — online_sports_complex_booking_system Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. 2022-05-20 7.5 CVE-2022-28105
MISC
pharmacy_management_system_project — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. 2022-05-20 7.5 CVE-2022-30887
MISC
privateinternetaccess — private_internet_access Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-27092
MISC
rengine_project — rengine Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. 2022-05-20 7.5 CVE-2022-28995
MISC
rengine_project — rengine OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. 2022-05-22 7.5 CVE-2022-1813
MISC
CONFIRM
school_dormitory_management_system_project — school_dormitory_management_system School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. 2022-05-20 7.5 CVE-2022-30886
MISC
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-05-20 7.5 CVE-2022-29873
CONFIRM
simple_student_quarterly_result/grade_system_project — simple_student_quarterly_result/grade_system Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. 2022-05-20 7.5 CVE-2022-26633
MISC
sony — playmemories_home Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-27094
MISC
vmware — identity_manager VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. 2022-05-20 7.5 CVE-2022-22972
MISC
vmware — identity_manager VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. 2022-05-20 7.2 CVE-2022-22973
MISC
water_billing_system_project — water_billing_system Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id 2022-05-24 7.5 CVE-2022-30461
MISC
wp_contacts_manager_project — wp_contacts_manager The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. 2022-05-23 7.5 CVE-2022-1014
MISC

Back to top

&#xA0;

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. 2022-05-24 6.5 CVE-2022-30463
MISC
avast — premium_security Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. 2022-05-20 4.4 CVE-2022-28965
MISC
MISC
chatbot_app_with_suggestion_in_php/oop_project — chatbot_app_with_suggestion_in_php/oop ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. 2022-05-24 6.5 CVE-2022-30459
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29676
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. 2022-05-26 6.5 CVE-2022-29683
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29669
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. 2022-05-26 6.5 CVE-2022-29687
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29686
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. 2022-05-26 6.5 CVE-2022-29685
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. 2022-05-26 6.5 CVE-2022-29682
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. 2022-05-26 6.5 CVE-2022-29681
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. 2022-05-26 6.5 CVE-2022-29680
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. 2022-05-26 6.5 CVE-2022-29684
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. 2022-05-26 6.5 CVE-2022-29665
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29666
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. 2022-05-26 6.5 CVE-2022-29667
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. 2022-05-26 6.5 CVE-2022-29689
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. 2022-05-26 6.5 CVE-2022-29664
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. 2022-05-26 6.5 CVE-2022-29663
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. 2022-05-26 6.5 CVE-2022-29662
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. 2022-05-26 6.5 CVE-2022-29661
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. 2022-05-26 6.5 CVE-2022-29688
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. 2022-05-26 6.5 CVE-2022-29670
MISC
disable_right_click_for_wp_wordpress — disable_right_click_for_wp Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni’s Disable Right Click For WP plugin <= 1.1.6 at WordPress. 2022-05-20 6.8 CVE-2022-29427
CONFIRM
CONFIRM
donate_extra_project — donate_extra The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting 2022-05-23 4.3 CVE-2022-1268
MISC
duogeek — domain_replace The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-23 4.3 CVE-2022-1218
MISC
e-diary_management_system_project — e-diary_management_system Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. 2022-05-23 4.3 CVE-2022-29004
MISC
MISC
MISC
gnu — libredwg A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. 2022-05-23 6.8 CVE-2021-42586
MISC
gnu — libredwg A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. 2022-05-23 6.8 CVE-2021-42585
MISC
gwyns_imagemap_selector_project — gwyns_imagemap_selector The Gwyn’s Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. 2022-05-23 4.3 CVE-2022-1221
MISC
imgurl_project — imgurl imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. 2022-05-24 6.8 CVE-2022-29305
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. 2022-05-23 5 CVE-2022-31487
MISC
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. 2022-05-23 5 CVE-2022-31489
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. 2022-05-23 5 CVE-2022-31488
MISC
jgraph — drawio Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. 2022-05-20 5 CVE-2022-1784
MISC
CONFIRM
kubiq — cpt_base Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. 2022-05-20 5.8 CVE-2022-29431
CONFIRM
CONFIRM
online_banquet_booking_system_project — online_banquet_booking_system A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. 2022-05-20 6.8 CVE-2022-28992
MISC
online_birth_certificate_system_project — online_birth_certificate_system Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. 2022-05-23 4.3 CVE-2022-29005
MISC
MISC
MISC
openrazer_project — openrazer A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 5 CVE-2022-29021
MISC
openrazer_project — openrazer A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 5 CVE-2022-29022
MISC
openrazer_project — openrazer A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 5 CVE-2022-29023
MISC
oracle — e-business_suite Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 2022-05-20 5 CVE-2022-21500
MISC
png_to_jpg_project — png_to_jpg Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. 2022-05-20 4.3 CVE-2022-29430
CONFIRM
CONFIRM
publify_project — publify Improper Access Control in GitHub repository publify/publify prior to 9.2.9. 2022-05-23 4 CVE-2022-1810
MISC
CONFIRM
rescue_dispatch_management_system_project — rescue_dispatch_management_system Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via localhost/rdms/admin/?page=system_info. 2022-05-23 6.5 CVE-2022-30016
MISC
MISC
room_rent_portal_site_project — room_rent_portal_site Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. 2022-05-24 6.5 CVE-2022-30843
MISC
room_rent_portal_site_project — room_rent_portal_site Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. 2022-05-24 4.3 CVE-2022-30839
MISC
rtx_project — rtx Cross-site Scripting (XSS) – Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. 2022-05-20 4.3 CVE-2022-1806
CONFIRM
MISC
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. 2022-05-20 5 CVE-2022-29874
CONFIRM
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks. 2022-05-20 4.3 CVE-2022-29876
CONFIRM
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-05-20 6.5 CVE-2022-29872
CONFIRM
siemens — teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. 2022-05-20 5 CVE-2022-29801
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-05-20 6.8 CVE-2022-29032
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29031
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-05-20 6.8 CVE-2022-29033
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29028
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash. 2022-05-20 5 CVE-2022-24290
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29029
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29030
CONFIRM
simple_food_website_project — simple_food_website Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. 2022-05-23 6.8 CVE-2022-30014
MISC
MISC
MISC
trudesk_project — trudesk Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 4 CVE-2022-1754
MISC
CONFIRM
trudesk_project — trudesk Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-21 6 CVE-2022-1752
CONFIRM
MISC
trudesk_project — trudesk Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 6.5 CVE-2022-1770
CONFIRM
MISC
turn_off_all_comments_project — turn_off_all_comments The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-23 4.3 CVE-2022-1192
MISC
wasm3_project — wasm3 WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. 2022-05-20 4.6 CVE-2022-28990
MISC
MISC
wow-estore — herd_effects Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Herd Effects plugin <= 5.2 at WordPress. 2022-05-20 4 CVE-2022-29448
CONFIRM
CONFIRM
wpchill — check_ amp;_log_email The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-23 4.3 CVE-2022-1547
MISC
wpwham — checkout_files_upload_for_woocommerce Cross-Site Scripting (XSS) vulnerability in WP Wham’s Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. 2022-05-20 4.3 CVE-2022-29425
CONFIRM
CONFIRM
xmlsitemapgenerator — xml_sitemap_generator The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. 2022-05-23 4.3 CVE-2022-0346
MISC

Back to top

&#xA0;

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — sliderby10web The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-23 3.5 CVE-2022-1320
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. 2022-05-24 3.5 CVE-2022-30458
MISC
badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. 2022-05-24 3.5 CVE-2022-30456
MISC
chatbot_app_with_suggestion_in_php/oop_project — chatbot_app_with_suggestion_in_php/oop ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. 2022-05-24 3.5 CVE-2022-30464
MISC
collectiveaccess — providence Cross-site Scripting (XSS) – Reflected in GitHub repository collectiveaccess/providence prior to 1.8. 2022-05-23 3.5 CVE-2022-1825
CONFIRM
MISC
covid_19_travel_pass_management_system_project — covid_19_travel_pass_management_system Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. 2022-05-24 3.5 CVE-2022-30842
MISC
curtain_project — curtain The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 2022-05-23 3.5 CVE-2022-1558
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29193
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29196
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29195
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29198
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29197
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29199
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
joomunited — wp_meta_seo The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. 2022-05-23 3.5 CVE-2022-1093
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31622
MISC
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31624
MISC
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31623
MISC
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31621
MISC
MISC
mc4wp — mc4wp Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode’s MC4WP plugin <= 4.8.6 at WordPress. 2022-05-20 3.5 CVE-2021-36833
CONFIRM
CONFIRM
muneeb — wp_slider Cross-Site Scripting (XSS) vulnerability in Muneeb’s WP Slider Plugin <= 1.4.5 at WordPress. 2022-05-20 3.5 CVE-2022-29428
CONFIRM
CONFIRM
orangehrm — orangehrm A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. 2022-05-20 3.5 CVE-2022-28985
MISC
oxilab — image_hover_effects_ultimate Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari’s Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. 2022-05-20 3.5 CVE-2022-29424
CONFIRM
CONFIRM
rescue_dispatch_management_system_project — rescue_dispatch_management_system Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. 2022-05-23 3.5 CVE-2022-30017
MISC
MISC
simple_food_website_project — simple_food_website In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on 127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. 2022-05-23 3.5 CVE-2022-30015
MISC
MISC
simple_social_networking_site_project — simple_social_networking_site Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. 2022-05-24 3.5 CVE-2022-30460
MISC
tms-outsource — wpdatatables Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. 2022-05-20 3.5 CVE-2022-29432
CONFIRM
CONFIRM
toll_tax_management_system_project — toll_tax_management_system Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. 2022-05-24 3.5 CVE-2022-30837
MISC
water_billing_system_project — water_billing_system Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. 2022-05-24 3.5 CVE-2022-30462
MISC
wpshopmart — tabs_responsive The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-23 3.5 CVE-2022-1298
MISC

Back to top

&#xA0;

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — macos_monterey_and_masos_big_sur An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26718
MISC
MISC
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20670
CISCO
phpgurukul — zoo_managment_system A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. 2022-05-26 not yet calculated CVE-2021-4232
N/A
zyxel — cgi_program A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. 2022-05-24 not yet calculated CVE-2022-0910
CONFIRM
74cmsse_v3.5.1–74cmsse_v3.5.1 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. 2022-05-26 not yet calculated CVE-2022-29721
MISC
74cmsse_v3.5.1–74cmsse_v3.5.1 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component indexcontrollerDownload.php. 2022-05-26 not yet calculated CVE-2022-29720
MISC
academy-lm –academy-lms Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. 2022-05-25 not yet calculated CVE-2022-29380
MISC
action_pack — action_pack An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. 2022-05-26 not yet calculated CVE-2022-22577
MISC
action_view_tag_helpers — action_view_tag_helpers A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. 2022-05-26 not yet calculated CVE-2022-27777
MISC
aerialwei– zkeacms A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. 2022-05-25 not yet calculated CVE-2022-29362
MISC
agg_software — web_server The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. 2022-05-24 not yet calculated CVE-2021-32964
MISC
agg_software — web_server The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-32962
MISC
airfield — online A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without proper authentication. It is recommended to the change the configuration settings. 2022-05-24 not yet calculated CVE-2021-4230
N/A
angular — angular A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. 2022-05-26 not yet calculated CVE-2021-4231
MISC
MISC
MISC
MISC
apache — archiva In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 2022-05-25 not yet calculated CVE-2022-29405
MISC
apache –maven-shared-utils In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. 2022-05-23 not yet calculated CVE-2022-29599
MISC
MISC
MLIST
apple — ios_15.5_and_ipados15.5 An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. 2022-05-26 not yet calculated CVE-2022-26703
MISC
apple — ios_and_ipados A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26744
MISC
apple — itunes A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. 2022-05-26 not yet calculated CVE-2022-26774
MISC
apple — itunes A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. 2022-05-26 not yet calculated CVE-2022-26773
MISC
apple — macos_big_sur A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. 2022-05-26 not yet calculated CVE-2022-26745
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26750
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26742
MISC
apple — macos_monterey A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. 2022-05-26 not yet calculated CVE-2022-26725
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26749
MISC
apple — macos_monterey This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application’s permissions and access user data. 2022-05-26 not yet calculated CVE-2022-26693
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26754
MISC
apple — macos_monterey A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26772
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26752
MISC
apple — macos_monterey This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application’s permissions and access user data. 2022-05-26 not yet calculated CVE-2022-26694
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26753
MISC
apple — macos_monterey Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. 2022-05-26 not yet calculated CVE-2022-26690
MISC
apple — macos_monterey An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. 2022-05-26 not yet calculated CVE-2022-26743
MISC
apple — macos_monterey This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26708
MISC
apple — macos_monterey A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26704
MISC
apple — macos_monterey_and_masos_big_sur A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26723
MISC
MISC
apple — macos_monterey_and_masos_big_sur This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system. 2022-05-26 not yet calculated CVE-2022-26712
MISC
MISC
apple — multiple_products An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26775
MISC
MISC
apple — multiple_products A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. 2022-05-26 not yet calculated CVE-2022-22662
MISC
MISC
apple — multiple_products A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26701
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-22672
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26771
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26737
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user’s screen. 2022-05-26 not yet calculated CVE-2022-26726
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26756
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26770
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. 2022-05-26 not yet calculated CVE-2022-22674
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26768
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26740
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26720
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26736
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26738
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. 2022-05-26 not yet calculated CVE-2022-26755
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. 2022-05-26 not yet calculated CVE-2022-26727
MISC
MISC
apple — multiple_products A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. 2022-05-26 not yet calculated CVE-2022-26766
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26741
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26748
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode. 2022-05-26 not yet calculated CVE-2022-26731
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. 2022-05-26 not yet calculated CVE-2022-26728
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26715
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 2022-05-26 not yet calculated CVE-2022-26765
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. 2022-05-26 not yet calculated CVE-2022-26764
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-05-26 not yet calculated CVE-2022-26698
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26757
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. 2022-05-26 not yet calculated CVE-2022-22663
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. 2022-05-26 not yet calculated CVE-2022-26746
MISC
MISC
MISC
apple — multiple_products The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. 2022-05-26 not yet calculated CVE-2022-26767
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26761
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service. 2022-05-26 not yet calculated CVE-2022-22673
MISC
apple — multiple_products A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. 2022-05-26 not yet calculated CVE-2022-26721
MISC
MISC
MISC
apple — multiple_products An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. 2022-05-26 not yet calculated CVE-2022-26763
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. 2022-05-26 not yet calculated CVE-2022-22616
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26739
MISC
MISC
MISC
apple — multiple_products An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26711
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26702
MISC
MISC
MISC
apple — multiple_products A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. 2022-05-26 not yet calculated CVE-2022-26722
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26691
MISC
MISC
MISC
apple — multiple_products An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. 2022-05-26 not yet calculated CVE-2022-26706
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26751
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26776
MISC
MISC
apple — multiple_products An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. 2022-05-26 not yet calculated CVE-2022-26688
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26769
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26714
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-05-26 not yet calculated CVE-2022-26697
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 2022-05-26 not yet calculated CVE-2022-22675
MISC
MISC
MISC
MISC
MISC
apple — tvos An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication. 2022-05-26 not yet calculated CVE-2022-26724
MISC
apple — xcode This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26747
MISC
apple — xpc_services_api An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. 2022-05-26 not yet calculated CVE-2022-22676
MISC
archer — archer_platform Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. 2022-05-26 not yet calculated CVE-2022-30584
MISC
MISC
archer — archer_platform The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. 2022-05-26 not yet calculated CVE-2022-30585
MISC
MISC
archibus — web_central In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. 2022-05-25 not yet calculated CVE-2022-28862
MISC
MISC
arista — eos This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. 2022-05-26 not yet calculated CVE-2021-28509
MISC
arista — eos This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. 2022-05-26 not yet calculated CVE-2021-28508
MISC
aveva — intouch_access_anywhere_and_plant_scada_access_anywhere_applications Windows OS can be configured to overlay a &#x201C;language bar&#x201D; on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. 2022-05-23 not yet calculated CVE-2022-1467
MISC
MISC
azure — rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected. 2022-05-24 not yet calculated CVE-2022-29246
CONFIRM
MISC
MISC
azure — rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 – `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10. 2022-05-24 not yet calculated CVE-2022-29223
CONFIRM
MISC
badmington_center — management_system A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src=”https://us-cert.cisa.gov” onerror=”alert(1)”><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. 2022-05-23 not yet calculated CVE-2022-1817
MISC
MISC
beego — beego The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). 2022-05-21 not yet calculated CVE-2022-31259
MISC
MISC
MISC
bentley_nevada — 3500_rack_configuration The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. 2022-05-25 not yet calculated CVE-2021-32997
MISC
bfabiszewski_libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-05-27 not yet calculated CVE-2022-1907
CONFIRM
MISC
bfabiszewski_libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-05-27 not yet calculated CVE-2022-1908
CONFIRM
MISC
c-data — d702xw-x-r430 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. 2022-05-24 not yet calculated CVE-2022-29337
MISC
camptocamp — terraboard SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. 2022-05-25 not yet calculated CVE-2022-1883
MISC
CONFIRM
cardo_systems — scala_rider_q3 A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended. 2022-05-24 not yet calculated CVE-2014-125001
MISC
MISC
causefx_organizr Cross-site Scripting (XSS) – Stored in GitHub repository causefx/organizr prior to 2.1.2200. 2022-05-27 not yet calculated CVE-2022-1909
MISC
CONFIRM
chainsafe — lodestar Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus. 2022-05-24 not yet calculated CVE-2022-29219
CONFIRM
MISC
MISC
circutor — compact_dc-s_basic A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any “Address” value and it would be copied to a second variable with a “strcpy” vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address. 2022-05-24 not yet calculated CVE-2022-1669
MISC
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20668
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20667
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20666
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20672
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20673
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20669
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20674
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20671
CISCO
cisco — expressway_series_and_telepresence Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-27 not yet calculated CVE-2022-20807
CISCO
cisco — expressway_series_and_telepresence Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-27 not yet calculated CVE-2022-20806
CISCO
cisco — expressway_series_and_telepresence Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-26 not yet calculated CVE-2022-20809
CISCO
cisco — ios_xr A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. 2022-05-26 not yet calculated CVE-2022-20821
CISCO
cisco — secure_network_analytics A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. 2022-05-27 not yet calculated CVE-2022-20797
CISCO
cisco — web_applications A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. 2022-05-27 not yet calculated CVE-2022-20765
CISCO
cisco — enterprise_chat_and_email A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. 2022-05-27 not yet calculated CVE-2022-20802
CISCO
citrix — gateway_plug-in An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. 2022-05-26 not yet calculated CVE-2022-21827
MISC
claroty — secure_remote_access_site Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation. 2022-05-23 not yet calculated CVE-2021-32958
MISC
cognex — in-sight_opc_server Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). 2022-05-23 not yet calculated CVE-2021-32941
MISC
cognex — in-sight_opc_server The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. 2022-05-23 not yet calculated CVE-2021-32935
MISC
cszcms — cszcms CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. 2022-05-23 not yet calculated CVE-2022-28997
MISC
MISC
MISC
MISC
MISC
curl — curl An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). 2022-05-26 not yet calculated CVE-2022-22576
MISC
cyberlink — power_director A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. 2022-05-24 not yet calculated CVE-2022-29333
MISC
MISC
MISC
MISC
d-link — dsl-g2452dg D-Link DSL-G2452DG HW:T1tFW:ME_2.00 was discovered to contain insecure permissions. 2022-05-23 not yet calculated CVE-2022-28932
MISC
MISC
MISC
MISC
dedecms — dedecms DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. 2022-05-26 not yet calculated CVE-2022-30508
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-05-26 not yet calculated CVE-2022-24418
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-05-26 not yet calculated CVE-2022-24417
MISC
dell — emc_cloudlink Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. 2022-05-26 not yet calculated CVE-2022-24414
MISC
dell — emc_networker Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. 2022-05-26 not yet calculated CVE-2022-29082
MISC
dell — idrac9 Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. 2022-05-26 not yet calculated CVE-2022-24422
MISC
dell — multiple_products Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user’s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2022-05-26 not yet calculated CVE-2022-29091
MISC
dell — openmanage_enterprise Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. 2022-05-26 not yet calculated CVE-2022-26857
MISC
dell — support_assist_os_recovery Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. 2022-05-26 not yet calculated CVE-2022-26865
MISC
delta_electronics — diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-32965
MISC
delta_electronics — diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-32969
MISC
dev-cpp — dev-cpp Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. 2022-05-23 not yet calculated CVE-2022-28999
MISC
divvydrives — aciklama_parameter A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive’s “aciklama” parameter could allow anyone to gain users’ session informations. 2022-05-23 not yet calculated CVE-2022-0900
CONFIRM
docker — desktop Docker Desktop 4.3.0 has Incorrect Access Control. 2022-05-25 not yet calculated CVE-2021-44719
MISC
MISC
MISC
dpkg — dpkg Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. 2022-05-26 not yet calculated CVE-2022-1664
MISC
MISC
MISC
MISC
MISC
MISC
emco — emco_software Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. &#xB6;&#xB6; Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. 2022-05-23 not yet calculated CVE-2022-28944
MISC
MISC
MISC
epub2txt2 — epub2txt2 epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file. 2022-05-25 not yet calculated CVE-2022-29358
MISC
erudika — para Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. 2022-05-24 not yet calculated CVE-2022-1848
MISC
CONFIRM
f-secure– atlant A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-05-25 not yet calculated CVE-2022-28875
MISC
MISC
f-secure– atlant Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-05-23 not yet calculated CVE-2022-28874
MISC
MISC
filegator — filegator Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. 2022-05-24 not yet calculated CVE-2022-1850
CONFIRM
MISC
filegator — filegator Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. 2022-05-24 not yet calculated CVE-2022-1849
MISC
CONFIRM
fortiguard — fortios An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. 2022-05-24 not yet calculated CVE-2022-22306
CONFIRM
gibbon — v23 Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. 2022-05-25 not yet calculated CVE-2022-27305
MISC
MISC
MISC
ginadmin — ginadmin In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. 2022-05-25 not yet calculated CVE-2022-30427
MISC
ginadmin — ginadmin In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. 2022-05-25 not yet calculated CVE-2022-30428
MISC
gitblit — gitblit Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext ‘attacker@example.comntrole = “#admin”‘ value. 2022-05-21 not yet calculated CVE-2022-31267
MISC
MISC
gitblit — gitblit A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). 2022-05-21 not yet calculated CVE-2022-31268
MISC
gjson — gjson GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input. 2022-05-24 not yet calculated CVE-2021-42248
MISC
gost — gost_engine GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround. 2022-05-24 not yet calculated CVE-2022-29242
MISC
MISC
MISC
MISC
CONFIRM
guzzle — guzzle Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with [‘cookies’ => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. 2022-05-25 not yet calculated CVE-2022-29248
MISC
MISC
CONFIRM
CONFIRM
h — h An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. 2022-05-24 not yet calculated CVE-2022-29334
MISC
halibut — halibut A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. 2022-05-24 not yet calculated CVE-2021-42612
MISC
halibut — halibut A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. 2022-05-24 not yet calculated CVE-2021-42614
MISC
halibut — halibut A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. 2022-05-24 not yet calculated CVE-2021-42613
MISC
hashicorp — go-getter HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3). 2022-05-25 not yet calculated CVE-2022-30323
MISC
MISC
MISC
hashicorp — go-getter HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3). 2022-05-25 not yet calculated CVE-2022-30322
MISC
MISC
MISC
hashicorp — go-getter HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3). 2022-05-25 not yet calculated CVE-2022-30321
MISC
MISC
MISC
hashicorp — go-getter HashiCorp go-getter before 2.0.2 allows Command Injection. 2022-05-25 not yet calculated CVE-2022-26945
MISC
MISC
hcl_software — bigfix_mobile/modern_client_management_version The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. 2022-05-27 not yet calculated CVE-2021-27780
CONFIRM
hcl_software — bigfix_mobile/modern_client_management_version The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. 2022-05-27 not yet calculated CVE-2021-27781
CONFIRM
hcl_software — bigfix_mobile/modern_client_management_version User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. 2022-05-25 not yet calculated CVE-2021-27783
MISC
hcl_software –hcl_versionvault_express VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. 2022-05-25 not yet calculated CVE-2021-27779
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1840
MISC
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%’/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/’frfq%’=’frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1839
MISC
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1837
MISC
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%’/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/’frfq%’=’frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1838
MISC
MISC
hospital-management-system — hospital-management-system In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. 2022-05-26 not yet calculated CVE-2022-30516
MISC
ibm — aspera_faspex IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. 2022-05-24 not yet calculated CVE-2022-22497
XF
CONFIRM
ibm — elastic_storage_system A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600. 2022-05-24 not yet calculated CVE-2020-4926
XF
CONFIRM
CONFIRM
ibm — i IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. 2022-05-24 not yet calculated CVE-2022-22495
XF
CONFIRM
ibm — power_systems The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095. 2022-05-24 not yet calculated CVE-2022-22309
CONFIRM
XF
java — javaez JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading. 2022-05-24 not yet calculated CVE-2022-29249
CONFIRM
MISC
jfinal — jfinal_cms Jfinal cms 5.1.0 is vulnerable to SQL Injection. 2022-05-26 not yet calculated CVE-2022-30500
MISC
jfrog — artifactory JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. 2022-05-23 not yet calculated CVE-2021-41834
CONFIRM
jgraph — drawio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. 2022-05-25 not yet calculated CVE-2022-1815
CONFIRM
MISC
kkfileview — kkfileview kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. 2022-05-25 not yet calculated CVE-2022-29349
MISC
kuka — kr_c4 An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. 2022-05-26 not yet calculated CVE-2021-33016
MISC
kuka — kr_c4 An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. 2022-05-26 not yet calculated CVE-2021-33014
MISC
lcds– laquis_scada_application When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. 2022-05-25 not yet calculated CVE-2021-32989
MISC
limesurvey — limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. 2022-05-25 not yet calculated CVE-2022-29710
MISC
linglong — linglong An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. 2022-05-26 not yet calculated CVE-2022-29633
MISC
linux — linux_kernel An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. 2022-05-25 not yet calculated CVE-2022-1678
MISC
CONFIRM
MISC
MISC
linux — linux_kernel A flaw use after free in the Linux kernel pipes functionality was found in the way user do some manipulations with pipe ex. with the post_one_notification() after free_pipe_info() already called. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. 2022-05-26 not yet calculated CVE-2022-1882
MISC
logrotate — logrotate A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. 2022-05-25 not yet calculated CVE-2022-1348
MISC
MLIST
MLIST
MLIST
luxsoft — luxcal_web_calendar In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator. 2022-05-24 not yet calculated CVE-2021-45914
MISC
MISC
MISC
CONFIRM
luxsoft — luxcal_web_calendar In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator. 2022-05-24 not yet calculated CVE-2021-45915
MISC
MISC
MISC
CONFIRM
manageengine — appmanager15 ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the ‘working’ folder through the ‘Upload Files / Binaries’ functionality. 2022-05-24 not yet calculated CVE-2022-23050
MISC
MISC
mastodon — mastodon app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. 2022-05-24 not yet calculated CVE-2022-31263
CONFIRM
CONFIRM
matrikon — matrikon_opc_server Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. 2022-05-26 not yet calculated CVE-2022-1261
CONFIRM
mindoc — mindoc An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. 2022-05-26 not yet calculated CVE-2022-29637
MISC
mini-xml — mini-xml A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. 2022-05-26 not yet calculated CVE-2021-42860
MISC
mini-xml — mini-xml A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. 2022-05-26 not yet calculated CVE-2021-42859
MISC
morpheus — morpheus An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. 2022-05-24 not yet calculated CVE-2022-31261
MISC
MISC
mysiteforme — mysistefome mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. 2022-05-24 not yet calculated CVE-2022-29309
MISC
nginx — njs Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. 2022-05-25 not yet calculated CVE-2022-29379
MISC
MISC
MISC
nokia — broadcast_message_center Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. 2022-05-25 not yet calculated CVE-2021-35487
MISC
MISC
oas — oas_platform An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26833
MISC
oas — oas_platform An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26303
MISC
oas — oas_platform An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-27169
MISC
oas — oas_platform An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26043
MISC
oas — oas_platform An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26067
MISC
oas — oas_platform A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26077
MISC
oas — oas_platform A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26082
MISC
oas — oas_platform A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26026
MISC
online_food — ordering_system Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. 2022-05-25 not yet calculated CVE-2022-29650
MISC
online_food — ordering_system An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-05-25 not yet calculated CVE-2022-29651
MISC
opencast — opencast Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user’s own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast’s ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7. 2022-05-24 not yet calculated CVE-2022-29237
CONFIRM
MISC
oretnom23 — automotive_shop_management_system In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). 2022-05-26 not yet calculated CVE-2022-30493
MISC
oretnom23 — automotive_shop_management_system In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR – Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) 2022-05-26 not yet calculated CVE-2022-30495
MISC
oretnom23 — automotive_shop_management_system In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. 2022-05-26 not yet calculated CVE-2022-30494
MISC
pallets — werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. 2022-05-25 not yet calculated CVE-2022-29361
MISC
philips — interoperability_solution_xds Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. 2022-05-25 not yet calculated CVE-2021-32966
MISC
php — zoo_management_system A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. 2022-05-23 not yet calculated CVE-2022-1816
MISC
MISC
pillow — pyhton_pillow libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. 2022-05-25 not yet calculated CVE-2022-30595
MISC
MISC
piwigo — piwigo Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. 2022-05-26 not yet calculated CVE-2021-40317
MISC
protobufjs — protobufjs The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files 2022-05-27 not yet calculated CVE-2022-25878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
publify — publify Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. 2022-05-23 not yet calculated CVE-2022-1811
MISC
CONFIRM
pyjwt — python PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. 2022-05-24 not yet calculated CVE-2022-29217
CONFIRM
MISC
MISC
qnap –qnap_nas_running_proxy_server A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later 2022-05-26 not yet calculated CVE-2021-34360
MISC
quick_heal — total_security Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation. 2022-05-23 not yet calculated CVE-2022-31467
MISC
quick_heal — total_security Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check. 2022-05-23 not yet calculated CVE-2022-31466
MISC
radareorg — radare2 Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. 2022-05-21 not yet calculated CVE-2022-1809
CONFIRM
MISC
radereorg — radare radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. 2022-05-25 not yet calculated CVE-2021-44974
MISC
MISC
MLIST
radereorg — radare radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. 2022-05-24 not yet calculated CVE-2021-44975
MISC
MISC
MLIST
radereorg — radare2 Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. 2022-05-26 not yet calculated CVE-2022-1899
CONFIRM
MISC
rails — active_storage A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. 2022-05-26 not yet calculated CVE-2022-21831
MISC
roncoo — roncoo_education An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. 2022-05-26 not yet calculated CVE-2022-29632
MISC
school_club_application_system –school_club_application_system A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. 2022-05-25 not yet calculated CVE-2022-29359
MISC
MISC
sharp — sharp sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5. 2022-05-25 not yet calculated CVE-2022-29256
CONFIRM
MISC
siteserver — cms SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. 2022-05-24 not yet calculated CVE-2021-42655
MISC
MISC
MISC
siteserver — cms SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-42654
MISC
MISC
MISC
siteserver — cms SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. 2022-05-24 not yet calculated CVE-2021-42656
MISC
MISC
MISC
smarty-php — smarty Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. 2022-05-24 not yet calculated CVE-2022-29221
MISC
CONFIRM
MISC
MISC
solana — solana_rbpf Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. 2022-05-21 not yet calculated CVE-2022-31264
MISC
MISC
sox — sox In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. 2022-05-25 not yet calculated CVE-2022-31651
MISC
sox — sox In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. 2022-05-25 not yet calculated CVE-2022-31650
MISC
student_information_system — student_information_system A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1819
MISC
MISC
suse — rancher A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. 2022-05-25 not yet calculated CVE-2022-21951
CONFIRM
CONFIRM
tableau — tableau_server Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable. 2022-05-25 not yet calculated CVE-2022-22127
MISC
talend_administration_center — sso_login_endpoint Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 2022-05-26 not yet calculated CVE-2022-31648
MISC
MISC
telecommunication_software_gmbh — software_samwin_contact_center_suite A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2013-10004
MISC
MISC
telecommunication_software_gmbh — software_samwin_contact_center_suite A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2013-10002
MISC
MISC
telecommunication_software_gmbh — software_samwin_contact_center_suite A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2013-10003
MISC
MISC
tenda — web_server_httpd There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. 2022-05-24 not yet calculated CVE-2021-42659
MISC
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. 2022-05-26 not yet calculated CVE-2022-30474
MISC
tenda — ac_series_router Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat 2022-05-26 not yet calculated CVE-2022-30472
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set 2022-05-26 not yet calculated CVE-2022-30473
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. 2022-05-26 not yet calculated CVE-2022-30475
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. 2022-05-26 not yet calculated CVE-2022-30476
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. 2022-05-26 not yet calculated CVE-2022-30477
MISC
thorfdbg&#xA0;– libjpeg In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. 2022-05-25 not yet calculated CVE-2022-31620
MISC
MISC
tinytoml — tinytoml There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. 2022-05-26 not yet calculated CVE-2021-42692
MISC
tipask — tipask In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. 2022-05-23 not yet calculated CVE-2021-41714
MISC
MISC
MISC
totolink — a3600r Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. 2022-05-24 not yet calculated CVE-2022-29377
MISC
tp-link — tl-wr840n TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. 2022-05-25 not yet calculated CVE-2022-29402
MISC
trend_micro — maximum_security Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files. 2022-05-27 not yet calculated CVE-2022-30687
N/A
N/A
trend_micro — apex_one  An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-05-27 not yet calculated CVE-2022-30700
N/A
N/A
trend_micro — apex_one An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-05-27 not yet calculated CVE-2022-30701
N/A
N/A
trend_micro — password_manager
 
EOL Product CVE – Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). 2022-05-27 not yet calculated CVE-2022-28394
N/A
N/A
N/A
truestack — direct_connect TrueStack Direct Connect 1.4.7 has Incorrect Access Control. 2022-05-25 not yet calculated CVE-2022-23775
MISC
MISC
tuxera — ntfs-3g An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. 2022-05-26 not yet calculated CVE-2022-30783
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30786
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30784
MISC
MISC
tuxera — ntfs-3g A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 2022-05-26 not yet calculated CVE-2022-30785
MISC
MISC
tuxera — ntfs-3g An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 2022-05-26 not yet calculated CVE-2022-30787
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30789
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30788
MISC
MISC
ua-parser-js — ua-parser-js A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2021-4229
MISC
MISC
MISC
undertow — undertow A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. 2022-05-24 not yet calculated CVE-2021-3597
MISC
undertow — undertow A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. 2022-05-24 not yet calculated CVE-2021-3629
MISC
vaadin — vaadin The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. 2022-05-24 not yet calculated CVE-2022-29567
MISC
MISC
vim — vim Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-05-25 not yet calculated CVE-2022-1851
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-05-26 not yet calculated CVE-2022-1886
CONFIRM
MISC
vim — vim Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-05-27 not yet calculated CVE-2022-1897
CONFIRM
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 8.2. 2022-05-27 not yet calculated CVE-2022-1898
MISC
CONFIRM
vmware — vmware_tools_for_windows VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. 2022-05-24 not yet calculated CVE-2022-22977
MISC
wildfly — wildfly A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. 2022-05-24 not yet calculated CVE-2021-3717
MISC
wondercms — simple_blog_plugin The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers’ site, XSS may occur. 2022-05-23 not yet calculated CVE-2021-42233
MISC
MISC
MISC
wordpress — vsourz_digitial_advanced_contact_form Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital’s Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. 2022-05-25 not yet calculated CVE-2022-29408
CONFIRM
CONFIRM
world_of_warships — wargaming The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. 2022-05-26 not yet calculated CVE-2022-31265
MISC
xampp_for_windows — xampp_for_windows Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-05-23 not yet calculated CVE-2022-29376
MISC
xlight — ftp Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. 2022-05-23 not yet calculated CVE-2022-28998
MISC
MISC
MISC
MISC
xwiki — xwiki_platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with “..” in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. 2022-05-25 not yet calculated CVE-2022-29253
MISC
CONFIRM
MISC
xwiki — xwiki_platform_flamingo_theme_ui XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the “requestJoin” field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. 2022-05-25 not yet calculated CVE-2022-29252
MISC
MISC
CONFIRM
xwiki — xwiki_platform_flamingo_theme_ui XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the “newThemeName” form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. 2022-05-25 not yet calculated CVE-2022-29251
MISC
MISC
CONFIRM
xxl-job — xxl-job A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. 2022-05-23 not yet calculated CVE-2022-29002
MISC
zyxel — cgi_program A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script. 2022-05-24 not yet calculated CVE-2022-0734
CONFIRM
zyxel — multiple_products A argument injection vulnerability in the ‘packet-trace’ CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. 2022-05-24 not yet calculated CVE-2022-26532
CONFIRM
zyxel — multiple_products Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. 2022-05-24 not yet calculated CVE-2022-26531
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of May 2, 2022

05/09/2022 06:20 AM EDT

Original release date: May 9, 2022 | Last revised: May 11, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
N/A — N/A
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 7.5 CVE-2022-1388
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
livehelperchat — live_helper_chat Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 2022-04-29 4.3 CVE-2022-1530
MISC
CONFIRM
mediawiki — mediawiki The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 2022-04-29 4.3 CVE-2022-29907
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
tecson_and_gok — multiple_products
 
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn’t properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules. 2022-05-06 not yet calculated CVE-2019-12254
CONFIRM
piwigo — piwigo
 
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. 2022-05-06 not yet calculated CVE-2020-19212
MISC
piwigo — piwigo
 
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. 2022-05-06 not yet calculated CVE-2020-19213
MISC
piwigo — piwigo
 
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. 2022-05-06 not yet calculated CVE-2020-19215
MISC
piwigo — piwigo
 
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. 2022-05-06 not yet calculated CVE-2020-19216
MISC
piwigo — piwigo
 
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. 2022-05-06 not yet calculated CVE-2020-19217
MISC
totolink — n200re_andn100re_routers
 
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. 2022-05-02 not yet calculated CVE-2020-23617
MISC
MISC
xtend — voice_logger
 
A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. 2022-05-02 not yet calculated CVE-2020-23618
MISC
MISC
orlansoft — erp
 
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. 2022-05-02 not yet calculated CVE-2020-23620
MISC
MISC
MISC
squire-technologies — ms_management_system
 
The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. 2022-05-02 not yet calculated CVE-2020-23621
MISC
MISC
MISC
sonicwall — global_vpn_client
 
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. 2022-05-04 not yet calculated CVE-2021-20051
CONFIRM
fuchsia — multiple_products
 
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. 2022-05-03 not yet calculated CVE-2021-22556
MISC
MISC
google — idtoken
 
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token’s payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above 2022-05-03 not yet calculated CVE-2021-22573
MISC
multiple_vendors — multiple_products
 
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-22680
CONFIRM
topthink — framework
 
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. 2022-05-06 not yet calculated CVE-2021-23592
CONFIRM
CONFIRM
CONFIRM
twelvemonkeys — twelvemonkeys
 
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered. 2022-05-06 not yet calculated CVE-2021-23792
CONFIRM
CONFIRM
wordpress — tipsacarrier_wordpress_plugin
 
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL 2022-05-02 not yet calculated CVE-2021-25002
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it 2022-05-02 not yet calculated CVE-2021-25086
MISC
wordpress — all_in_one_wp_security_&_firewall_wordpress_plugin
 
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk 2022-05-02 not yet calculated CVE-2021-25102
MISC
sophos — firewall
 
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. 2022-05-05 not yet calculated CVE-2021-25267
CONFIRM
sophos — firewall
 
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. 2022-05-05 not yet calculated CVE-2021-25268
CONFIRM
kubernetes — ingress-nginx
 
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 2022-05-06 not yet calculated CVE-2021-25745
MISC
MISC
kubernetes — ingress-nginx
 
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 2022-05-06 not yet calculated CVE-2021-25746
MISC
MISC
splunk — enterprise
 
A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. 2022-05-06 not yet calculated CVE-2021-26253
MISC
micriumos — multiple_products
 
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. 2022-05-03 not yet calculated CVE-2021-27411
CONFIRM
CONFIRM
ecoscentric — ecospro_rtos
 
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. 2022-05-03 not yet calculated CVE-2021-27417
CONFIRM
CONFIRM
uclibc-ng — uclibc-ng
 
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27419
CONFIRM
CONFIRM
nxp — mcuxpresso
 
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. 2022-05-03 not yet calculated CVE-2021-27421
CONFIRM
CONFIRM
cesanta_software — mongoose-os
 
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27425
CONFIRM
CONFIRM
riot — os
 
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27427
CONFIRM
CONFIRM
arm — cmsis_rtos2
 
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. 2022-05-03 not yet calculated CVE-2021-27431
CONFIRM
arm — mbed-ualloc
 
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27433
CONFIRM
CONFIRM
arm — mbed-ualloc
 
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27435
CONFIRM
CONFIRM
tencentos-tiny — tencentos-tiny TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function ‘tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27439
CONFIRM
hcl_software — commerce
 
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. 2022-05-06 not yet calculated CVE-2021-27751
CONFIRM
hcl_software — bigfix_inventory
 
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim’s account. 2022-05-06 not yet calculated CVE-2021-27758
CONFIRM
hcl_software — bigfix_inventory 
 
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim’s browser to emit an HTTP request to an arbitrary URL in the application. 2022-05-06 not yet calculated CVE-2021-27759
CONFIRM
hcl_software — notes
 
An issue was discovered in the Sametime chat feature in the Notes 11.0 – 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. 2022-05-06 not yet calculated CVE-2021-27760
CONFIRM
hcl_software — weak_tls
 
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks 2022-05-06 not yet calculated CVE-2021-27761
CONFIRM
hcl_software — bigfix_platform
 
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses 2022-05-06 not yet calculated CVE-2021-27762
CONFIRM
hcl_software — hcl_software
 
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) 2022-05-06 not yet calculated CVE-2021-27764
CONFIRM
hcl_software — installshield
 
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. 2022-05-06 not yet calculated CVE-2021-27765
CONFIRM
hcl_software — bigfix_client_installer
 
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. 2022-05-06 not yet calculated CVE-2021-27766
CONFIRM
hcl_software — bigfix_console_installer
 
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. 2022-05-06 not yet calculated CVE-2021-27767
CONFIRM
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. 2022-05-03 not yet calculated CVE-2021-29854
CONFIRM
XF
ibm — user_management_system_component
 
IBM ICP4A – User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. 2022-05-02 not yet calculated CVE-2021-29859
CONFIRM
XF
splunk — enterprise_indexer
 
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. 2022-05-06 not yet calculated CVE-2021-31559
MISC
cyclos — cyclos_4_pro
 
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. 2022-05-02 not yet calculated CVE-2021-31673
MISC
MISC
cyclos — cyclos_4_pro
 
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. 2022-05-02 not yet calculated CVE-2021-31674
MISC
MISC
secomea — multiple_products
 
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2021-32010
MISC
splunk — enterprise
 
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. 2022-05-06 not yet calculated CVE-2021-33845
MISC
MISC
red_hat — sox
 
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. 2022-05-02 not yet calculated CVE-2021-3643
MISC
suse — rancher
 
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. 2022-05-02 not yet calculated CVE-2021-36778
CONFIRM
suse — rancher
 
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. 2022-05-02 not yet calculated CVE-2021-36784
CONFIRM
wordpress — mythemeshop_wp_subscribe_plugin
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. 2022-05-02 not yet calculated CVE-2021-36844
CONFIRM
CONFIRM
wordpress — andrea_pernici_news_sitemap_for_google_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. 2022-05-06 not yet calculated CVE-2021-36912
CONFIRM
CONFIRM
qemu — qemu
 
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller’s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. 2022-05-02 not yet calculated CVE-2021-3750
MISC
MISC
MISC
gurum_networks — gurumdds
 
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. 2022-05-05 not yet calculated CVE-2021-38423
CONFIRM
eprosima — fast_dds
 
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-38425
CONFIRM
CONFIRM
rti — connext_dds_professional_and_connext_dds_secure
 
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38427
CONFIRM
CONFIRM
oci — opendds
 
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-38429
CONFIRM
CONFIRM
rti — connext_dds_professional_and_connext_dds_secure
 
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38433
CONFIRM
CONFIRM
rti — connext_dds_professional_and_connext_dds_secure
 
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. 2022-05-05 not yet calculated CVE-2021-38435
CONFIRM
CONFIRM
gurumd — gurumdds
 
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38439
CONFIRM
eclipse — cyclonedds
 
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. 2022-05-05 not yet calculated CVE-2021-38441
CONFIRM
CONFIRM
eclipse — cyclonedds
 
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. 2022-05-05 not yet calculated CVE-2021-38443
CONFIRM
CONFIRM
oci — opendds
 
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38445
CONFIRM
CONFIRM
oci — opendds
 
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition. 2022-05-05 not yet calculated CVE-2021-38447
CONFIRM
CONFIRM
rti — connext_versions
 
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-38487
CONFIRM
CONFIRM
qnap — multiple_products A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 2022-05-05 not yet calculated CVE-2021-38693
MISC
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855. 2022-05-05 not yet calculated CVE-2021-39020
XF
CONFIRM
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. 2022-05-06 not yet calculated CVE-2021-39023
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. 2022-05-06 not yet calculated CVE-2021-39027
XF
CONFIRM
partkeeper — partkeepr
 
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. 2022-05-03 not yet calculated CVE-2021-39390
MISC
MISC
MISC
geoserver — geoserver
 
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. 2022-05-02 not yet calculated CVE-2021-40822
MISC
CONFIRM
MISC
MISC
fortiguard — fortilsolator_versions
 
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. 2022-05-04 not yet calculated CVE-2021-41020
CONFIRM
fortiguard — fortios
 
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. 2022-05-04 not yet calculated CVE-2021-41032
CONFIRM
mozilla — geckodriver
 
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. 2022-05-02 not yet calculated CVE-2021-4138
MISC
MISC
artica — artica_proxy
 
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. 2022-05-05 not yet calculated CVE-2021-41739
MISC
m-files — m-files
 
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable 2022-05-02 not yet calculated CVE-2021-41810
MISC
jerryscript — jerryscript_project
 
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. 2022-05-03 not yet calculated CVE-2021-41959
MISC
MISC
pingidentity — pingid
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
suse — rancher
 
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. 2022-05-02 not yet calculated CVE-2021-4200
CONFIRM
pingidentity — pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
mitrastar — gpt-2541ngnac-n1
 
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command “deviceinfo show file &&/bin/bash” because of incorrect sanitization of parameter “path”. 2022-05-03 not yet calculated CVE-2021-42165
MISC
MISC
MISC
masacms — masacms
 
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. 2022-05-05 not yet calculated CVE-2021-42183
MISC
MISC
wdja — wdja
 
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. 2022-05-04 not yet calculated CVE-2021-42185
MISC
MISC
konga — konga
 
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. 2022-05-04 not yet calculated CVE-2021-42192
MISC
MISC
MISC
ompl — ompl
 
OMPL v1.5.2 contains a memory leak in VFRRT.cpp 2022-05-03 not yet calculated CVE-2021-42218
MISC
osticket — osticket
 
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. 2022-05-04 not yet calculated CVE-2021-42235
MISC
jfinal — jfinal_cms
 
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. 2022-05-05 not yet calculated CVE-2021-42242
MISC
adobe — xmp_toolkit
 
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-02 not yet calculated CVE-2021-42528
MISC
adobe — xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42529
MISC
adobe — xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42530
MISC
adobe — xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42531
MISC
adobe — xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42532
MISC
splunk — enterprise
 
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. 2022-05-06 not yet calculated CVE-2021-42743
MISC
ruijie_networks — ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. 2022-05-04 not yet calculated CVE-2021-43159
MISC
MISC
ruijie_networks — ruijie_rg-ew A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. 2022-05-04 not yet calculated CVE-2021-43160
MISC
MISC
ruijie_networks — ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. 2022-05-04 not yet calculated CVE-2021-43161
MISC
MISC
ruijie_networks — ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. 2022-05-04 not yet calculated CVE-2021-43162
MISC
MISC
ruijie_networks — ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. 2022-05-04 not yet calculated CVE-2021-43163
MISC
MISC
ruijie_networks — ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. 2022-05-04 not yet calculated CVE-2021-43164
MISC
MISC
fortinet — fortios
 
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy’s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. 2022-05-04 not yet calculated CVE-2021-43206
CONFIRM
twinoaks — coredx_dds
 
TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-43547
CONFIRM
CONFIRM
qnap — nas
 
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later 2022-05-05 not yet calculated CVE-2021-44051
MISC
qnap — multiple_products
 
An improper link resolution before file access (‘Link Following’) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 2022-05-05 not yet calculated CVE-2021-44052
MISC

qnap — multiple_products

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later 2022-05-05 not yet calculated CVE-2021-44053
MISC
qnap — multiple_products
 
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 2022-05-05 not yet calculated CVE-2021-44054
MISC
qnap — multiple_products
 
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later 2022-05-05 not yet calculated CVE-2021-44055
MISC
qnap — multiple_products
 
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later 2022-05-05 not yet calculated CVE-2021-44056
MISC
qnap — multiple_products An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later 2022-05-05 not yet calculated CVE-2021-44057
MISC
bookeen — notea_firmware
 
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. 2022-05-05 not yet calculated CVE-2021-45783
MISC
MISC
strapi — strapi
 
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a base64 decode on the victim’s cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. 2022-05-03 not yet calculated CVE-2021-46440
MISC
MISC
MISC
MISC
ntfsk — ntfsck
 
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. 2022-05-02 not yet calculated CVE-2021-46790
MISC
wordpress — ad_invalid_click_protector_plugin
 
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans 2022-05-02 not yet calculated CVE-2022-0191
CONFIRM
MISC
wordpress — event_list_wordpress_plugin
 
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed 2022-05-02 not yet calculated CVE-2022-0418
MISC
wordpress — content_egg_wordpress_plugin
 
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting 2022-05-02 not yet calculated CVE-2022-0428
MISC
wordpress — adrotate_plugin
 
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-02 not yet calculated CVE-2022-0649
MISC
wordpress — adrotate_plugin
 
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-02 not yet calculated CVE-2022-0662
MISC
wordpress — sitesupercharger_plugin
 
The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections 2022-05-02 not yet calculated CVE-2022-0771
MISC
wordpress — documentor_plugin
 
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. 2022-05-02 not yet calculated CVE-2022-0773
MISC
wordpress — multiple_shipping_address_woocommerce_plugin
 
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections 2022-05-02 not yet calculated CVE-2022-0783
MISC
fuschia — fuchsia
 
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. 2022-05-03 not yet calculated CVE-2022-0882
MISC
logitech — logitech_options
 
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. 2022-05-03 not yet calculated CVE-2022-0916
MISC
wordpress — sitemap
 
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. 2022-05-02 not yet calculated CVE-2022-0952
MISC
wordpress — visual_form_builder_plugin
 
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form’s ‘Email to’ field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-02 not yet calculated CVE-2022-1046
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
DEBIAN
keylime — keylime Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1, 2022-05-06 not yet calculated CVE-2022-1053
MISC
MISC
MISC
linux — linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
DEBIAN
axios — axios Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26. 2022-05-03 not yet calculated CVE-2022-1214
CONFIRM
MISC
wordpress — hubspot_plugin
 
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks 2022-05-02 not yet calculated CVE-2022-1239
MISC
wordpress — lifterlms_paypal_plugin
 
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue 2022-05-02 not yet calculated CVE-2022-1250
MISC
MISC
wordpress — import_and_export_users_and customers_plugin
 
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues 2022-05-02 not yet calculated CVE-2022-1255
MISC
wordpress — fast_flow_plugin
 
The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting 2022-05-02 not yet calculated CVE-2022-1269
MISC
wordpress — import_wp_plugin
 
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE 2022-05-02 not yet calculated CVE-2022-1273
MISC
wordpress — photo_gallery_wordpress_plugin
 
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST[‘filter_tag’] parameter, which is appended to an SQL query, making SQL Injection attacks possible. 2022-05-02 not yet calculated CVE-2022-1281
CONFIRM
MISC
wordpress — photo_gallery_wordpress_plugin
 
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[‘image_url’] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. 2022-05-02 not yet calculated CVE-2022-1282
MISC
CONFIRM
openssl — openssl
 
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). 2022-05-03 not yet calculated CVE-2022-1292
CONFIRM
CONFIRM
CONFIRM
CONFIRM
trumpf — trutops Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service. 2022-05-02 not yet calculated CVE-2022-1300
CONFIRM
dmars — dmars
 
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. 2022-05-03 not yet calculated CVE-2022-1331
MISC
openssl — openssl
 
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL “ocsp” application. When verifying an ocsp response with the “-no_cert_checks” option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). 2022-05-03 not yet calculated CVE-2022-1343
CONFIRM
CONFIRM
linux — pfkey_register
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
DEBIAN
delta_electronics — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1366
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1367
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1369
CONFIRM
delta_electronics — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1370
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1371
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1372
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1374
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1375
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1376
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1377
CONFIRM
delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1378
CONFIRM
f5 — big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-1389
MISC
yetiforcecompany — yetiforcecrm
 
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim’s cookie leads to account takeover. 2022-05-05 not yet calculated CVE-2022-1411
CONFIRM
MISC
openssl — openssl
 
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite – they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). 2022-05-03 not yet calculated CVE-2022-1434
CONFIRM
CONFIRM
gogs — gogs
 
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . 2022-05-05 not yet calculated CVE-2022-1464
MISC
CONFIRM
f5 — big-ip
 
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-1468
MISC
openssl — openssl
 
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). 2022-05-03 not yet calculated CVE-2022-1473
CONFIRM
CONFIRM
ffmpeg — ffmpeg
 
An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. 2022-05-02 not yet calculated CVE-2022-1475
MISC
MISC
octopus — octopus_server
 
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. 2022-05-04 not yet calculated CVE-2022-1502
MISC
matio — matio A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. 2022-05-02 not yet calculated CVE-2022-1515
MISC
MISC
linux — linux_kernel A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. 2022-05-05 not yet calculated CVE-2022-1516
MISC
oracle — oracle
 
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data. 2022-05-01 not yet calculated CVE-2022-1544
CONFIRM
MISC
mattemost — playbooks_plugin Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. 2022-05-03 not yet calculated CVE-2022-1548
MISC
clinical-genomics — scouts
 
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. 2022-05-03 not yet calculated CVE-2022-1554
MISC
CONFIRM
microweber — microweber
 
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie… 2022-05-04 not yet calculated CVE-2022-1555
CONFIRM
MISC
neorazorx –facturascripts
 
Cross-site scripting – Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user’cookie, perform HTTP request, get content of `same origin` page, etc … 2022-05-04 not yet calculated CVE-2022-1571
CONFIRM
MISC
jgraph — drawio Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. – Arbitrary (remote) code execution in the desktop app. – Stored XSS in the web app. 2022-05-05 not yet calculated CVE-2022-1575
MISC
CONFIRM
microweber — microweber
 
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim 2022-05-04 not yet calculated CVE-2022-1584
MISC
CONFIRM
contao — contao Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application 🙂 2022-05-05 not yet calculated CVE-2022-1588
MISC
CONFIRM
bludit — bludit
 
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used. 2022-05-05 not yet calculated CVE-2022-1590
MISC
MISC
clinical_genomics — scout
 
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss… 2022-05-05 not yet calculated CVE-2022-1592
CONFIRM
MISC
vim — vim
 
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 2022-05-07 not yet calculated CVE-2022-1616
MISC
CONFIRM
mediatek — telephony
 
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. 2022-05-03 not yet calculated CVE-2022-20084
MISC
mediatek — netdiag
 
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. 2022-05-03 not yet calculated CVE-2022-20085
MISC
mediatek — ccu
 
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. 2022-05-03 not yet calculated CVE-2022-20087
MISC
mediatek — aee_driver
 
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. 2022-05-03 not yet calculated CVE-2022-20088
MISC
mediatek — aee_driver
 
In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. 2022-05-03 not yet calculated CVE-2022-20089
MISC
mediatek — aee_driver
 
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197. 2022-05-03 not yet calculated CVE-2022-20090
MISC
mediatek — aee_driver
 
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345. 2022-05-03 not yet calculated CVE-2022-20091
MISC
mediatek — alac
 
In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061. 2022-05-03 not yet calculated CVE-2022-20092
MISC
mediatek — telephony
 
In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. 2022-05-03 not yet calculated CVE-2022-20093
MISC
mediatek — imgsensor
 
In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734. 2022-05-03 not yet calculated CVE-2022-20094
MISC
mediatek — imgsensor
 
In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763. 2022-05-03 not yet calculated CVE-2022-20095
MISC
mediatek — camera
 
In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. 2022-05-03 not yet calculated CVE-2022-20096
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944. 2022-05-03 not yet calculated CVE-2022-20097
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. 2022-05-03 not yet calculated CVE-2022-20098
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442. 2022-05-03 not yet calculated CVE-2022-20099
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. 2022-05-03 not yet calculated CVE-2022-20100
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870. 2022-05-03 not yet calculated CVE-2022-20101
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. 2022-05-03 not yet calculated CVE-2022-20102
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. 2022-05-03 not yet calculated CVE-2022-20103
MISC
mediatek — aee_daemon
 
In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104. 2022-05-03 not yet calculated CVE-2022-20104
MISC
mediatek — mm_service
 
In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. 2022-05-03 not yet calculated CVE-2022-20105
MISC
mediatek — mm_service
 
In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. 2022-05-03 not yet calculated CVE-2022-20106
MISC
mediatek — subtitle_service
 
In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673. 2022-05-03 not yet calculated CVE-2022-20107
MISC
mediatek — voice_service
 
In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702. 2022-05-03 not yet calculated CVE-2022-20108
MISC
mediatek — ion
 
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915. 2022-05-03 not yet calculated CVE-2022-20109
MISC
mediatek — ion
 
In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901. 2022-05-03 not yet calculated CVE-2022-20110
MISC
mediatek — ion
 
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. 2022-05-03 not yet calculated CVE-2022-20111
MISC
cisco — firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-03 not yet calculated CVE-2022-20627
CISCO
cisco — firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-03 not yet calculated CVE-2022-20628
CISCO
cisco — firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-03 not yet calculated CVE-2022-20629
CISCO
cisco — adaptive_security_and_firepower_threat_defense
 
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20715
CISCO
cisco — firepower_threat_defense
 
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output. 2022-05-03 not yet calculated CVE-2022-20729
CISCO
cisco — firepower_threat_defense

 

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device. 2022-05-03 not yet calculated CVE-2022-20730
CISCO
cisco — sd-wan_vmanager
 
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. 2022-05-04 not yet calculated CVE-2022-20734
CISCO
cisco — adaptive_security_appliance
 
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. 2022-05-03 not yet calculated CVE-2022-20737
CISCO
cisco — firepower_management_center
 
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. 2022-05-03 not yet calculated CVE-2022-20740
CISCO
cisco — adaptive_security_appliance A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel. 2022-05-03 not yet calculated CVE-2022-20742
CISCO
cisco — firepower_management_center
 
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. 2022-05-03 not yet calculated CVE-2022-20743
CISCO
cisco — firepower_management_center
 
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. 2022-05-03 not yet calculated CVE-2022-20744
CISCO
cisco — adaptive_security_and_firepower_threat_defense A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20745
CISCO
cisco — firepower_threat_defense_software
 
A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20746
CISCO
cisco — firepower_threat_defense_software

 

A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted. 2022-05-03 not yet calculated CVE-2022-20748
CISCO
cisco — firepower_threat_defense_software

 

A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20751
CISCO
cisco — small_business_rv340_and_rv345_routers
 
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. 2022-05-04 not yet calculated CVE-2022-20753
CISCO
cisco — firepower_threat_defense_software

 

A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are reached. An attacker could exploit this vulnerability by sending a high rate of UDP traffic through an affected device. A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20757
CISCO
cisco — adaptive_security_and_firepower_threat_defense
 
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. 2022-05-03 not yet calculated CVE-2022-20759
CISCO
cisco — adaptive_security_and_firepower_threat_defense
 
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20760
CISCO
cisco — multiple_products
 
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20764
CISCO
cisco — firepwer_threat_defense
 
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3. 2022-05-03 not yet calculated CVE-2022-20767
CISCO
cisco — clamav
 
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 2022-05-04 not yet calculated CVE-2022-20770
CISCO
cisco — clamav
 
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 2022-05-04 not yet calculated CVE-2022-20771
CISCO
cisco — enterprise_nfv_infrastructure
 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20777
CISCO
cisco — enterprise_nfv_infrastructure
 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20779
CISCO
cisco — enterprise_nfv_infrastructure
 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20780
CISCO
cisco — clamav
 
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 2022-05-04 not yet calculated CVE-2022-20785
CISCO
cisco — multiple_products
 
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20794
CISCO
cisco — clamav
 
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. 2022-05-04 not yet calculated CVE-2022-20796
CISCO
cisco — small_business_rv340_and_rv345_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. 2022-05-04 not yet calculated CVE-2022-20799
CISCO
cisco — small_business_rv340_and_rv345_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. 2022-05-04 not yet calculated CVE-2022-20801
CISCO
snyk — synk This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument’s toString value is not a Function object V8 will crash. 2022-05-01 not yet calculated CVE-2022-21144
MISC
MISC
MISC
snyk — synk
 
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user’s account through the stolen cookie. 2022-05-01 not yet calculated CVE-2022-21149
MISC
MISC
snyk — synk
 
All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. 2022-05-01 not yet calculated CVE-2022-21167
MISC
MISC
snyk — synk
 
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input. 2022-05-01 not yet calculated CVE-2022-21189
MISC
MISC
MISC
MISC
snyk — synk
 
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. 2022-05-01 not yet calculated CVE-2022-21227
MISC
MISC
MISC
snyk — synk
 
This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue. 2022-05-01 not yet calculated CVE-2022-21230
MISC
MISC
MISC
MISC
mediatek — ion
 
In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. 2022-05-03 not yet calculated CVE-2022-21743
MISC
johnsoncontrols — metasys
 
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. 2022-05-06 not yet calculated CVE-2022-21934
CERT
CONFIRM
suse — open_build_service
 
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. 2022-05-03 not yet calculated CVE-2022-21949
CONFIRM
accusoft — imagegear
 
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. 2022-05-03 not yet calculated CVE-2022-22137
MISC
synk — synk
 
The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](security.snyk.io/vuln/SNYK-JS-CONVICT-1062508) 2022-05-01 not yet calculated CVE-2022-22143
MISC
MISC
MISC
ibm — spectrum_scale
 
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. 2022-05-03 not yet calculated CVE-2022-22368
XF
CONFIRM
ibm — robotic_process_automation
 
A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. 2022-05-05 not yet calculated CVE-2022-22415
CONFIRM
XF
ibm — robotic_process_automation
 
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156. 2022-05-05 not yet calculated CVE-2022-22433
XF
CONFIRM
ibm — robotic_process_automation
 
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159. 2022-05-05 not yet calculated CVE-2022-22434
XF
CONFIRM
shopizer — shopizer
 
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab 2022-05-01 not yet calculated CVE-2022-23060
MISC
MISC
shopizer — shopizer

 

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. 2022-05-01 not yet calculated CVE-2022-23061
MISC
MISC
shopizer — shopizer

 

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. 2022-05-03 not yet calculated CVE-2022-23063
MISC
MISC
snipe — snipe-it
 
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. 2022-05-02 not yet calculated CVE-2022-23064
MISC
MISC
vendure — vendure
 
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users. 2022-05-02 not yet calculated CVE-2022-23065
MISC
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-23205
MISC
accusoft — imagegear
 
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. 2022-05-03 not yet calculated CVE-2022-23400
MISC
fortinet — fortisoar
 
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. 2022-05-04 not yet calculated CVE-2022-23443
CONFIRM
pingidentity — pingfederate
 
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. 2022-05-02 not yet calculated CVE-2022-23722
MISC
MISC
pingidentity — pingfederate_pingone_fa_integration_kit
 
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. 2022-05-02 not yet calculated CVE-2022-23723
MISC
MISC
pingidentity — pingid_integration_for_windows_login
 
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. 2022-05-04 not yet calculated CVE-2022-23724
CONFIRM
MISC
joomla — guru_exension
 
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users’ information. Information disclosure Access to private information and components, possibility to view other users’ information. 2022-05-06 not yet calculated CVE-2022-23802
MISC
rainworx_softwares — autionworx
 
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. 2022-05-02 not yet calculated CVE-2022-23904
MISC
MISC
snyk — snyk
 
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object. 2022-05-01 not yet calculated CVE-2022-23923
MISC
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. 2022-05-06 not yet calculated CVE-2022-24098
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-24099
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file. 2022-05-06 not yet calculated CVE-2022-24105
MISC
snyk — snyk
 
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the –upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection. 2022-05-01 not yet calculated CVE-2022-24437
MISC
MISC
MISC
fluxcd — flux2
 
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller’s service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0 2022-05-06 not yet calculated CVE-2022-24817
CONFIRM
netty — netty
 
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one’s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(…) to set the directory to something that is only readable by the current user. 2022-05-06 not yet calculated CVE-2022-24823
MISC
MISC
CONFIRM
fluxcd — flux
 
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. 2022-05-06 not yet calculated CVE-2022-24877
CONFIRM
fluxcd — flux
 
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade. 2022-05-06 not yet calculated CVE-2022-24878
CONFIRM
ecdsautils — ecdsautils
 
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. 2022-05-06 not yet calculated CVE-2022-24884
MISC
CONFIRM
MISC
MLIST
velocity — velocity
 
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-05-02 not yet calculated CVE-2022-24897
MISC
CONFIRM
MISC
MISC
contao — contao
 
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings. 2022-05-06 not yet calculated CVE-2022-24899
CONFIRM
MISC
MISC
apple — apple_game_center
 
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it. 2022-05-04 not yet calculated CVE-2022-24901
CONFIRM
tkvideoplayer — tkvideoplayer
 
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later. 2022-05-06 not yet calculated CVE-2022-24902
CONFIRM
MISC
rsyslog — rsyslog
 
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. 2022-05-06 not yet calculated CVE-2022-24903
CONFIRM
MISC
menlo_security — email_isolation_on_premise Links may not be rewritten according to policy in some specially formatted emails. 2022-05-02 not yet calculated CVE-2022-24974
MISC
jsgui_lang_essentials — multiple_products
 
All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. 2022-05-01 not yet calculated CVE-2022-25301
MISC
MISC
bignum — multiple_products
 
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. 2022-05-06 not yet calculated CVE-2022-25324
CONFIRM
CONFIRM
webjars — multiple_products
 
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as &lt;not-a-tag /&gt;) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component. 2022-05-01 not yet calculated CVE-2022-25349
MISC
MISC
MISC
webjars — multiple_products
 
All versions of package dset are vulnerable to Prototype Pollution via ‘dset/merge’ mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution. 2022-05-01 not yet calculated CVE-2022-25645
MISC
MISC
MISC
mvnrepository.com — multiple_products The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. 2022-05-01 not yet calculated CVE-2022-25647
MISC
MISC
MISC
mvnrepository.com — multiple_products
 
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. 2022-05-01 not yet calculated CVE-2022-25767
MISC
MISC
secomea — secomea_gatemanager
 
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. 2022-05-04 not yet calculated CVE-2022-25778
MISC
secomea — secomea_gatemanager
 
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25779
MISC
secomea — secomea_gatemanager
 
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. 2022-05-04 not yet calculated CVE-2022-25780
MISC
secomea — secomea_gatemanager
 
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. 2022-05-04 not yet calculated CVE-2022-25781
MISC
secomea — secomea_gatemanager
 
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25782
MISC
secomea — secomea_gatemanager
 
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25783
MISC
secomea — secomea_sitemanager
 
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25784
MISC
secomea — secomea_sitemanager
 
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25785
MISC
secomea — secomea_gatemanager
 
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25786
MISC
secomea — secomea_gatemanager
 
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25787
MISC
com_alibaba_ — one_java_agent_plugin
 
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. 2022-05-01 not yet calculated CVE-2022-25842
MISC
MISC
MISC
MISC
org.webjars — angular_package
 
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ‘ ‘.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. 2022-05-01 not yet calculated CVE-2022-25844
MISC
MISC
MISC
MISC
MISC
hoppscotch — proxyscotch
 
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. 2022-05-01 not yet calculated CVE-2022-25850
MISC
MISC
f5 — big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-25946
MISC
anker_eufy_homebase — anker_eufy_homebase 2 2.1.8.5h
 
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. 2022-05-05 not yet calculated CVE-2022-25989
MISC
f5 — f5os-a_software
 
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-25990
MISC
pistacheio_pistache — multiple_products
 
This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server. 2022-05-01 not yet calculated CVE-2022-26068
MISC
MISC
splunk — enterprise
 
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. 2022-05-06 not yet calculated CVE-2022-26070
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26071
MISC
anker_eufy_homebase — anker_eufy_homebase
 
A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. 2022-05-05 not yet calculated CVE-2022-26073
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26130
MISC
netiq — netiq_access_manager Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 2022-05-02 not yet calculated CVE-2022-26325
CONFIRM
netiq — netiq_access_manager Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 2022-05-02 not yet calculated CVE-2022-26326
CONFIRM
f5 — big-ip On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26340
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26370
MISC
f5 — big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-05-05 not yet calculated CVE-2022-26372
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26415
MISC
f5 — big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26517
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26835
MISC
splunk — enterprise The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2. 2022-05-06 not yet calculated CVE-2022-26889
MISC
MISC
f5 — big-ip
 
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the “Use APM Username and Session ID” option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26890
MISC
f5 — big-ip
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27181
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27182
MISC
splunk — enterprise The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. 2022-05-06 not yet calculated CVE-2022-27183
MISC
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27189
MISC
f5 — big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27230
MISC
gitea_io — gitea_io
 
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. 2022-05-03 not yet calculated CVE-2022-27313
MISC
e_commerce_website — e_commerce_website
 
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. 2022-05-03 not yet calculated CVE-2022-27330
MISC
poppler — poppler
 
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-05-05 not yet calculated CVE-2022-27337
MISC
foxit — pdf_reader
 
Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PHP file. 2022-05-05 not yet calculated CVE-2022-27359
MISC
MISC
springblade — springblade
 
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. 2022-05-05 not yet calculated CVE-2022-27360
MISC
MISC
MISC
totolink — totolink_n600r
 
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the “Main” function. 2022-05-05 not yet calculated CVE-2022-27411
MISC
hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. 2022-05-03 not yet calculated CVE-2022-27413
MISC
hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. 2022-05-04 not yet calculated CVE-2022-27420
MISC
wuzhicms — wuzhicms
 
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. 2022-05-04 not yet calculated CVE-2022-27431
MISC
nopCommerce — nopCommerce In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. 2022-05-04 not yet calculated CVE-2022-27461
MISC
MISC
mcms — mcms MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. 2022-05-02 not yet calculated CVE-2022-27466
MISC
sdl — sdl_ttf
 
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. 2022-05-04 not yet calculated CVE-2022-27470
MISC
MISC
nginx — multiple_products
 
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27495
MISC
qnap — qnap We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later 2022-05-05 not yet calculated CVE-2022-27588
MISC
f5 — big-ip
 
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27634
MISC
f5 — big-ip
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27636
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27659
MISC
f5 — traffix_sdc
 
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27662
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. 2022-05-06 not yet calculated CVE-2022-27783
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. 2022-05-06 not yet calculated CVE-2022-27784
MISC
f5 — big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27806
MISC
f5 — access_for_android
 
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27875
MISC
f5 — big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27878
MISC
f5 — traffix_sdc
 
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27880
MISC
eve_ng — multiple_products
 
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. 2022-05-04 not yet calculated CVE-2022-27903
MISC
MISC
joomla — jdownloads_3.9.8.2_stable
 
In Joomla component ‘jDownloads 3.9.8.2 Stable’ the remote user can change some parameters in the address bar and see the names of other users’ files 2022-05-06 not yet calculated CVE-2022-27909
MISC
bluecms — bluecms Bluecms 1.6 has a SQL injection vulnerability at cooike. 2022-05-03 not yet calculated CVE-2022-27962
MISC
rg_nbr_e_enterprise_ gateway — rg_nbr2100g_e RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. 2022-05-02 not yet calculated CVE-2022-27982
MISC
rg_nbr_e_enterprise_ gateway — rg_nbr2100g_e RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. 2022-05-02 not yet calculated CVE-2022-27983
MISC
3cx — phone_system_management_console An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITYSYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:WindowsSystem32. 2022-05-06 not yet calculated CVE-2022-28005
MISC
MISC
MISC
vandyke — vandyke_software Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. 2022-05-02 not yet calculated CVE-2022-28054
MISC
fusionpbx — fusionpbx Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. 2022-05-04 not yet calculated CVE-2022-28055
MISC
shopxo — shopxo ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. 2022-05-02 not yet calculated CVE-2022-28056
MISC
libarchive — libarchivelv Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. 2022-05-04 not yet calculated CVE-2022-28066
MISC
sandboxie_plus — sandboxie_classic An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. 2022-05-04 not yet calculated CVE-2022-28067
MISC
seacms — seacms
 
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. 2022-05-04 not yet calculated CVE-2022-28076
MISC
college_management_system — college_management_system College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. 2022-05-05 not yet calculated CVE-2022-28079
MISC
MISC
event_mobi — royal_event_management_system
 
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. 2022-05-05 not yet calculated CVE-2022-28080
MISC
MISC
MISC
query_php — arphp_v3.6.0
 
A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. 2022-05-04 not yet calculated CVE-2022-28081
MISC
tenda — ax12 Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. 2022-05-04 not yet calculated CVE-2022-28082
MISC
jspxcms — jspxcms Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. 2022-05-04 not yet calculated CVE-2022-28090
MISC
skycaiji — skycaiji Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. 2022-05-04 not yet calculated CVE-2022-28096
MISC
poultry_farm_management_system — poultry_farm_management_system Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. 2022-05-04 not yet calculated CVE-2022-28099
MISC
MISC
MISC
mybatis — pagehelper
 
MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. 2022-05-04 not yet calculated CVE-2022-28111
MISC
MISC
MISC
MISC
siteserver_cms — siteserver_cms
 
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. 2022-05-03 not yet calculated CVE-2022-28118
MISC
MISC
MISC
MISC
beijing_runnier_network_technology_co.,_ltd — teaching management_platform_software Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. 2022-05-05 not yet calculated CVE-2022-28120
MISC
broadcom — brocade_sannav
 
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. 2022-05-06 not yet calculated CVE-2022-28163
MISC
broadcom — brocade_sannav
 
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. 2022-05-06 not yet calculated CVE-2022-28164
MISC
broadcom — brocade_sannav
 
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. 2022-05-06 not yet calculated CVE-2022-28165
MISC
adobe — photoshop Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. 2022-05-06 not yet calculated CVE-2022-28270
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 2022-05-06 not yet calculated CVE-2022-28271
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28272
MISC
adobe — photoshop Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28273
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28274
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28275
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28276
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 2022-05-06 not yet calculated CVE-2022-28277
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28278
MISC
adobe — photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28279
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC
nopcommerce — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. 2022-05-02 not yet calculated CVE-2022-28451
MISC
MISC
mingyuefusu — multiple_products
 
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. 2022-05-05 not yet calculated CVE-2022-28461
MISC
novelplus — novel_plus novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. 2022-05-05 not yet calculated CVE-2022-28462
MISC
ffmeg — ffjpeg
 
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 2022-05-05 not yet calculated CVE-2022-28471
MISC
rubygems — multiple_products
 
CSV-Safe gem < 3.0.0 doesn’t filter out special characters which could trigger CSV Injection. 2022-05-01 not yet calculated CVE-2022-28481
MISC
MISC
MISC
tcpreplay — tcpreplay
 
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. 2022-05-04 not yet calculated CVE-2022-28487
MISC
MISC
libwav — libwav The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. 2022-05-04 not yet calculated CVE-2022-28488
MISC
MISC
jflyfox — jflyfox Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. 2022-05-03 not yet calculated CVE-2022-28505
MISC
dragon_path_technologies — bharti_airtel_routers Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. 2022-05-06 not yet calculated CVE-2022-28507
MISC
MISC
mantisbt — browser_search_plugin.php
 
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. 2022-05-04 not yet calculated CVE-2022-28508
MISC
MISC
MISC
sourcecodester — fantastic_blog_cms
 
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in “/fantasticblog/single.php” via the “id=5” parameters. 2022-05-04 not yet calculated CVE-2022-28512
MISC
MISC
sourcecodester — covid-19_directory Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. 2022-05-05 not yet calculated CVE-2022-28530
MISC
sourcecodester — medical_hub_directory_site
 
Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. 2022-05-05 not yet calculated CVE-2022-28533
MISC
fudforum — fudforum
 
FUDforum 3.1.1 is vulnerable to Stored XSS. 2022-05-06 not yet calculated CVE-2022-28545
MISC
MISC
chshcms — cscms
 
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin. 2022-05-04 not yet calculated CVE-2022-28552
MISC
tenda — ac15
 
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971 2022-05-04 not yet calculated CVE-2022-28556
MISC
tenda — ac15
 
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution 2022-05-04 not yet calculated CVE-2022-28557
MISC
tenda — ac9
 
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload 2022-05-03 not yet calculated CVE-2022-28560
MISC
tenda — ax12
 
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload 2022-05-03 not yet calculated CVE-2022-28561
MISC
sourcecodester — doctors_appointmemt_system
 
Sourcecodester Doctor’s Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. 2022-05-04 not yet calculated CVE-2022-28568
MISC
MISC
MISC
d-link — 882_dir882a1_fw130b06 D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. 2022-05-02 not yet calculated CVE-2022-28571
MISC
MISC
tenda — ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function 2022-05-02 not yet calculated CVE-2022-28572
MISC
d-link — dir-823_pro
 
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. 2022-05-02 not yet calculated CVE-2022-28573
MISC
MISC
totolink — a7100ru It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload 2022-05-05 not yet calculated CVE-2022-28575
MISC
totolink — a7100ru
 
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28577
MISC
totolink — a7100ru
 
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28578
MISC
totolink — a7100ru
 
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28579
MISC
totolink — setwifiadvancedcfg It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28580
MISC
totolink — setwifiadvancedcfg
 
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28581
MISC
totolink — setwifisignalcfg
 
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28582
MISC
totolink — setwifiwpscfg
 
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28583
MISC
totolink — setwifiwpsstart
 
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28584
MISC
empirecms — empirecms EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php 2022-05-03 not yet calculated CVE-2022-28585
MISC
springbootmovie — springbootmovie
 
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. 2022-05-03 not yet calculated CVE-2022-28588
MISC
pixelimity — pixelimity A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new 2022-05-03 not yet calculated CVE-2022-28589
MISC
pixelimity — pixelimity A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. 2022-05-03 not yet calculated CVE-2022-28590
MISC
fuelcms — fuelcms A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. 2022-05-03 not yet calculated CVE-2022-28599
MISC
wenzhou_huoyin_infor,mation_technology_co — wenzhou_huoyin_infor,mation_technology_co An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. 2022-05-05 not yet calculated CVE-2022-28606
MISC
MISC
MISC
cisco — hci_modbus_tcp_component
 
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*. 2022-05-02 not yet calculated CVE-2022-28613
CONFIRM
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28691
MISC
f5 — big-ip_afm
 
On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28695
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28701
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28705
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28706
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28707
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28708
MISC
f5 — big-ip_apm
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28714
MISC
f5 — multiple_products
 
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28716
MISC
samsung — smr Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. 2022-05-03 not yet calculated CVE-2022-28780
MISC
samsung — smr Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. 2022-05-03 not yet calculated CVE-2022-28781
MISC
samsung — contents_to_windows Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. 2022-05-03 not yet calculated CVE-2022-28782
MISC
samsung — galaxy_themes
 
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. 2022-05-03 not yet calculated CVE-2022-28783
MISC
samsung — galaxy_themes
 
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. 2022-05-03 not yet calculated CVE-2022-28784
MISC
samsung — aviextractor_library
 
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28785
MISC
samsung — aviextractor_library Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28786
MISC
samsung — wmfextractor_library
 
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28787
MISC
samsung — aviextractor_library
 
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28788
MISC
samsung — voice_note
 
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. 2022-05-03 not yet calculated CVE-2022-28789
MISC
samsung — link
 
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. 2022-05-03 not yet calculated CVE-2022-28790
MISC
samsung — installagent
 
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. 2022-05-03 not yet calculated CVE-2022-28791
MISC
samsung — gear_iconx_pc_manager DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. 2022-05-03 not yet calculated CVE-2022-28792
MISC
samsung — strongbox
 
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. 2022-05-03 not yet calculated CVE-2022-28793
MISC
fujitsu — insyde_firmware
 
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer’s nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler’s code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM. 2022-05-04 not yet calculated CVE-2022-28806
MISC
MISC
MISC
MISC
f5 — big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28859
MISC
apache — jena
 
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. 2022-05-05 not yet calculated CVE-2022-28890
MISC

h3c — magicr100

 

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. 2022-05-04 not yet calculated CVE-2022-28940
MISC
tenda — ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28969
MISC
tenda — ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28970
MISC
tenda — ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28971
MISC
tenda — ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28972
MISC
tenda — ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28973
MISC
springbootmovie — springbootmovie
 
In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability 2022-05-03 not yet calculated CVE-2022-29001
MISC
openldap — openldap
 
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. 2022-05-04 not yet calculated CVE-2022-29155
MISC
xwiki — xwiki_platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module. 2022-05-06 not yet calculated CVE-2022-29161
MISC
CONFIRM
MISC
argoproj — argo_workflows
 
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. 2022-05-06 not yet calculated CVE-2022-29164
MISC
MISC
CONFIRM
matrix — matrix-appservice-irc
 
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue. 2022-05-05 not yet calculated CVE-2022-29166
MISC
CONFIRM
mozilla — hawk
 
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack – meaning each added character in the attacker’s input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. 2022-05-05 not yet calculated CVE-2022-29167
MISC
CONFIRM
sourcegraph — sourcegraph
 
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds. 2022-05-06 not yet calculated CVE-2022-29171
CONFIRM
auth0 — auth0-lock
 
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fieldsâ€? feature [is configured](github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient’s name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fieldsâ€? feature in your application. Upgrade to version `11.33.0`. 2022-05-05 not yet calculated CVE-2022-29172
MISC
CONFIRM
the_update_framework — go-tuf
 
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading. 2022-05-05 not yet calculated CVE-2022-29173
MISC
CONFIRM
vyperlang — vyper
 
Vyper is a pythonic smart contract language for the ethereum virtual machine. Since version 0.3.2, decimals use the full range of the underlying int168 type. multiplication of 168 bit integers can wrap in 256-bit arithmetic, but safemul does not check for that. This has been patched in v0.3.4. There are no known workarounds for this issue. 2022-05-05 not yet calculated CVE-2022-29175
CONFIRM
MISC
rubygems — rubygems
 
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in –frozen or –deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022. 2022-05-05 not yet calculated CVE-2022-29176
MISC
CONFIRM
charmbracelet — charm
 
A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven’t been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem. 2022-05-07 not yet calculated CVE-2022-29180
MISC
CONFIRM
f5 — big-ip
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29263
MISC
apache — nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC
gpac — gpac
 
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. 2022-05-05 not yet calculated CVE-2022-29339
MISC
MISC
gpac — gpac GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. 2022-05-05 not yet calculated CVE-2022-29340
MISC
MISC
zeitprax — web@rchiv
 
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. 2022-05-04 not yet calculated CVE-2022-29347
MISC
MISC
MISC
wordpress — countdown-and-clock_plugin
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. 2022-05-06 not yet calculated CVE-2022-29420
CONFIRM
CONFIRM
wordpress — countdown-and-clock_plugin
 
Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. 2022-05-06 not yet calculated CVE-2022-29421
CONFIRM
CONFIRM
wordpress — countdown-and-clock_plugin
 
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. 2022-05-06 not yet calculated CVE-2022-29422
CONFIRM
CONFIRM
wordpress — countdown-and-clock_plugin
 
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. 2022-05-06 not yet calculated CVE-2022-29423
CONFIRM
CONFIRM
wordpress — cloudway_breeze_plugin
 
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin’s settings including CDN setting which could be further used for XSS attack. 2022-05-02 not yet calculated CVE-2022-29444
CONFIRM
CONFIRM
f5 — big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29473
MISC
f5 — big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29474
MISC
f5 — big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29479
MISC
f5 — big-ip
 
On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29480
MISC
f5 — multiple_products
 
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29491
MISC
schedmd — slurm
 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. 2022-05-05 not yet calculated CVE-2022-29500
MISC
MISC
MISC
schedmd — slurm
 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. 2022-05-05 not yet calculated CVE-2022-29501
MISC
MISC
MISC
schedmd — slurm
 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. 2022-05-05 not yet calculated CVE-2022-29502
MISC
MISC
MISC
zoho — manageengine_opmanager
 
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. 2022-05-05 not yet calculated CVE-2022-29535
MISC
MISC
tenda — tx9_pro
 
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). 2022-05-05 not yet calculated CVE-2022-29592
MISC
gnome — gnome
 
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don’t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2’s buffer functions, for example libxslt through 1.1.35, is affected as well. 2022-05-03 not yet calculated CVE-2022-29824
MISC
MISC
MISC
MISC
FEDORA
progress — openedge
 
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. 2022-05-02 not yet calculated CVE-2022-29849
MISC
MISC
MISC
MISC
librehealth — ehr
 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interfacebillingnew_payment.php via interfacebillingpayment_master.inc.php leads to SQL injection. 2022-05-05 not yet calculated CVE-2022-29938
MISC
MISC
MISC
librehealth — ehr
 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interfacebillingsl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. 2022-05-05 not yet calculated CVE-2022-29939
MISC
MISC
MISC
librehealth — ehr
 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interfaceordersfind_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. 2022-05-05 not yet calculated CVE-2022-29940
MISC
MISC
MISC
talend — administration_center
 
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry ‘Add’ functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 2022-05-04 not yet calculated CVE-2022-29942
MISC
MISC
talend — administration_center
 
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 2022-05-04 not yet calculated CVE-2022-29943
MISC
MISC
experian — hunter
 
Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. 2022-05-04 not yet calculated CVE-2022-29950
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. 2022-05-02 not yet calculated CVE-2022-29968
MISC
mediawiki — mediawiki
 
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). 2022-05-02 not yet calculated CVE-2022-29969
MISC
MISC
sinatra — sinatra
 
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. 2022-05-02 not yet calculated CVE-2022-29970
MISC
exfat — exfat
 
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. 2022-05-02 not yet calculated CVE-2022-29973
MISC
jquery — jquery.json-viewer_library
 
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. 2022-05-04 not yet calculated CVE-2022-30241
MISC
MISC
python — python-libnmap
 
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). 2022-05-04 not yet calculated CVE-2022-30284
MISC
MISC
MISC
agoo — agoo
 
** DISPUTED ** Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: this has been disputed on the grounds that it is not the server’s responsibility to “enforce all the various ways a developer could write code with logic errors.” 2022-05-04 not yet calculated CVE-2022-30288
MISC
MISC
MISC
squirrel — squirrel
 
thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call. 2022-05-04 not yet calculated CVE-2022-30292
MISC
webkit — webkitgtk
 
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. 2022-05-06 not yet calculated CVE-2022-30293
MISC
MISC
webkit — webkitgtk
 
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. 2022-05-06 not yet calculated CVE-2022-30294
MISC
MISC
uclibc-ng — uclibc-ng
 
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. 2022-05-06 not yet calculated CVE-2022-30295
MISC
shapeshift — keepkey_firmware
 
In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware. 2022-05-07 not yet calculated CVE-2022-30330
MISC
MISC
brave — brave_browser
 
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises “Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser.” 2022-05-07 not yet calculated CVE-2022-30334
MISC
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of April 25, 2022

05/02/2022 06:16 AM EDT

Original release date: May 2, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jfinalcms_project — jfinalcms JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. 2022-04-22 7.5 CVE-2022-27341
MISC
link-admin_project — link-admin Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). 2022-04-22 7.5 CVE-2022-27342
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. 2022-04-22 6.8 CVE-2021-38886
XF
CONFIRM
pimcore — pimcore SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 2022-04-22 5 CVE-2022-1429
MISC
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. 2022-04-22 4.3 CVE-2021-38904
XF
CONFIRM
microweber — microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. 2022-04-22 4.3 CVE-2022-1439
CONFIRM
MISC
crypt-server_project — crypt-server Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. 2022-04-22 4.3 CVE-2022-29589
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 4 CVE-2021-20464
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 4 CVE-2021-29824
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. 2022-04-22 4 CVE-2021-38905
XF
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. 2022-04-22 3.5 CVE-2021-38903
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. 2022-04-22 3.5 CVE-2021-38946
CONFIRM
XF

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
artifex — ghostscript
 
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC
wordpress — tatsu_wordpress_plugin
 
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC
wordpress– english_wordpress_admin_wordpress_plugin
 
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC
sophos — authenticator_for_android
 
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM
maxboard — maxboard
 
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC
tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’. 2022-04-26 not yet calculated CVE-2021-26629
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF
nomachine — nomachine_for_windows
 
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM
bender/ebee — cc612
 
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM
3scale — apicast
 
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC
solarwinds — serv-u
 
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC
metasys — ads/adx/oas
 
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM
veryfixpro — veryfixpro
 
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC
wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM
tripetto — tripetto_plugin
 
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM
motorola — multiple_products
 
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC
ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF
lenovo — lenovovariable_smi_handler
 
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC
red_hat — gnome-shell
 
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC
artica — proxy
 
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC
eclipse — openj9
 
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM
novelplus — novel-plus
 
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC
magic_cms_msvod — magic_cms_msvod
 
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC
encode– oss_httpx
 
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms — subrion_cms
 
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC
pingidentity — pingid_windows_login
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid_adnroid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid_ios
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
pingidentity — pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC
lenovo — nvme_driver
 
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC
lenovo — smbios_event_log_driver
 
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC
lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC
wordpress — sp_project_&_document_manager_wordpress_plugin
 
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC
elcomplus — smartptt
 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 2022-04-28 not yet calculated CVE-2021-43932
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. 2022-04-28 not yet calculated CVE-2021-43934
CONFIRM
elcomplus — smartptt_scada_server
 
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. 2022-04-29 not yet calculated CVE-2021-43937
CONFIRM
elcomplus — smartptt_scada_server

 

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. 2022-04-29 not yet calculated CVE-2021-43938
CONFIRM
elcomplus — smartptt_scada
 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 2022-04-28 not yet calculated CVE-2021-43939
CONFIRM
wondershare — dr._fone
 
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 2022-04-29 not yet calculated CVE-2021-44595
MISC
MISC
MISC
wondershare — dr._fone Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 2022-04-29 not yet calculated CVE-2021-44596
MISC
MISC
MISC
terramaster — terramaster
 
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 2022-04-25 not yet calculated CVE-2021-45836
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. 2022-04-25 not yet calculated CVE-2021-45837
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45839
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. 2022-04-25 not yet calculated CVE-2021-45840
MISC
terramaster — terramaster
 
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 2022-04-25 not yet calculated CVE-2021-45841
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45842
MISC
franklin_fueling_systems — ts-550_evo
 
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46420
MISC
franklin_fueling_systems — t5_series
 
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46421
MISC
telesquare — sdt-cw3b1 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. 2022-04-27 not yet calculated CVE-2021-46422
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 2022-04-27 not yet calculated CVE-2021-46423
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. 2022-04-27 not yet calculated CVE-2021-46424
MISC
d-link — dir-825_g1
 
In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 2022-04-27 not yet calculated CVE-2021-46441
MISC
MISC
D-Link DIR-825 G1
 
In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. 2022-04-27 not yet calculated CVE-2021-46442
MISC
MISC
wordpress — easy_google_maps_wordpress_plugin
 
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46780
MISC
wordpress — supsystic_wordpress_plugin
 
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46781
MISC
wordpress — supsystic_wordpress_plugin
 
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46782
MISC
lenovo — pcmanager
 
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 2022-04-22 not yet calculated CVE-2022-0192
MISC
wordpress — mycred_wordpress_plugin
 
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog 2022-04-25 not yet calculated CVE-2022-0287
MISC
lenovo — system_update
 
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 2022-04-22 not yet calculated CVE-2022-0354
MISC
MISC
wordpress — mycred_wordpress_lugin
 
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. 2022-04-25 not yet calculated CVE-2022-0363
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 2022-04-25 not yet calculated CVE-2022-0398
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 2022-04-25 not yet calculated CVE-2022-0477
MISC
CONFIRM
wordpress — flo-launch_wordpress_plugin
 
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. 2022-04-25 not yet calculated CVE-2022-0541
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. 2022-04-25 not yet calculated CVE-2022-0634
MISC
lenovo — thin_installer
 
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 2022-04-22 not yet calculated CVE-2022-0636
MISC
wordpress — web_to_print_shop_udraw_wordpress_plugin
 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) 2022-04-25 not yet calculated CVE-2022-0656
MISC
wordpress — 5_stars_rating_funnel_wordpress_plugin
 
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. 2022-04-25 not yet calculated CVE-2022-0657
MISC
wordpress — master_elements_wordpress_plugin
 
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0693
MISC
wordpress — users_ultra_wordpress_plugin
 
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. 2022-04-25 not yet calculated CVE-2022-0769
MISC
wordpress — donations_wordpress_plugin
 
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0782
MISC
wordpress — wpdevart_wordpress_plugin
 
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-0876
MISC
wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters 2022-04-25 not yet calculated CVE-2022-0953
MISC
linux — linux
 
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 2022-04-29 not yet calculated CVE-2022-0984
MISC
linux — linux
 
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. 2022-04-29 not yet calculated CVE-2022-0985
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 2022-04-29 not yet calculated CVE-2022-1015
MISC
MISC
MISC
wordpress — page_restriction_wordpress_plugin
 
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. 2022-04-25 not yet calculated CVE-2022-1027
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
wordpress — mycred_plugin
 
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog 2022-04-25 not yet calculated CVE-2022-1092
MISC
wordpress — wordpress
 
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1094
MISC
lenovo — thinkpad
 
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 2022-04-22 not yet calculated CVE-2022-1107
MISC
lenovo — thinkpad
 
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2022-1108
MISC
imagemagicks — relinquishdcminfo
 
A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. 2022-04-29 not yet calculated CVE-2022-1114
MISC
wordpress — menubar_plugin
 
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2022-1152
MISC
wordpress — layerslider_plugin
 
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-1153
MISC
wordpress — books_and_papers_plugin
 
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1156
MISC
getgrav — grav
 
stored xss in GitHub repository getgrav/grav prior to 1.7.33. 2022-04-26 not yet calculated CVE-2022-1173
MISC
CONFIRM
linux — linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
podman — podman
 
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. 2022-04-29 not yet calculated CVE-2022-1227
MISC
MISC
wordpress — opensea_plugin
 
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-25 not yet calculated CVE-2022-1228
MISC
linux — linux
 
A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. 2022-04-29 not yet calculated CVE-2022-1249
MISC
linux — linux_kernel
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
wordpress — admin_word_count_column
 
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique 2022-04-25 not yet calculated CVE-2022-1390
MISC
MISC
wordpress — cab_fare_calculator_plugin
 
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. 2022-04-25 not yet calculated CVE-2022-1391
MISC
MISC
wordpress — videos_sync_pdf_plugin
 
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 2022-04-25 not yet calculated CVE-2022-1392
MISC
MISC
wordpress — donorbox_plugin
 
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1396
MISC
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-04-29 not yet calculated CVE-2022-1402
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 2022-04-29 not yet calculated CVE-2022-1403
MISC
mruby — mruby
 
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 2022-04-23 not yet calculated CVE-2022-1427
CONFIRM
MISC
yarkeev — yarkeev
 
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. 2022-04-22 not yet calculated CVE-2022-1440
MISC
CONFIRM
gpac — gpac
 
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 2022-04-25 not yet calculated CVE-2022-1441
MISC
MISC
radareorg — radare2
 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 2022-04-23 not yet calculated CVE-2022-1444
CONFIRM
MISC
snipe — snipe-it
 
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-24 not yet calculated CVE-2022-1445
MISC
CONFIRM
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1451
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1452
CONFIRM
MISC
facturascripts — facturascripts
 
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-25 not yet calculated CVE-2022-1457
CONFIRM
MISC
openemr — openemr
 
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1458
MISC
CONFIRM
openemr — openemr
 
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1459
MISC
CONFIRM
openemr — openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1461
MISC
CONFIRM
getsimple — content_management_system
 
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 2022-04-26 not yet calculated CVE-2022-1466
MISC
MISC
MISC
getsimple — content_management_system A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. 2022-04-27 not yet calculated CVE-2022-1503
MISC
MISC
microweber — microweber
 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 2022-04-27 not yet calculated CVE-2022-1504
CONFIRM
MISC
chafa — chafa
 
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 2022-04-27 not yet calculated CVE-2022-1507
MISC
CONFIRM
hestiacp — hestiacp
 
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitr