Vulnerability Summary for the Week of July 25, 2022

08/01/2022 08:44 AM EDT

Original release date: August 1, 2022 | Last revised: August 2, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
@ianwalter/merge — @ianwalter/merge
 
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. 2022-07-25 not yet calculated CVE-2021-23397
CONFIRM
adobe — acrobat_reader Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-07-27 not yet calculated CVE-2022-35669
MISC
adobe — acrobat_reader Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-07-27 not yet calculated CVE-2022-35672
MISC
advantech — iview The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information 2022-07-22 not yet calculated CVE-2022-2137
MISC
advantech — iview The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. 2022-07-22 not yet calculated CVE-2022-2139
MISC
advantech — iview The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. 2022-07-22 not yet calculated CVE-2022-2138
MISC
advantech — iview The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. 2022-07-22 not yet calculated CVE-2022-2136
MISC
advantech — iview The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. 2022-07-22 not yet calculated CVE-2022-2142
MISC
advantech — iview The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. 2022-07-22 not yet calculated CVE-2022-2135
MISC
advantech — iview The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. 2022-07-22 not yet calculated CVE-2022-2143
MISC
amazon — amazon_workspaces When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client. 2022-07-28 not yet calculated CVE-2022-1805
MISC
anvsoft — pdfmate_pdf_converter_pro A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-07-24 not yet calculated CVE-2017-20144
MISC
MISC
apache — calcite_avatica_jdbc_driver
 
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. 2022-07-28 not yet calculated CVE-2022-36364
MISC
MLIST
apache — mxnet
 
A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1. 2022-07-24 not yet calculated CVE-2022-24294
MISC
MLIST
artica — pandora_fms
 
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. 2022-07-25 not yet calculated CVE-2022-2032
CONFIRM
CONFIRM
artica — pandora_fms
 
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. 2022-07-25 not yet calculated CVE-2022-2059
MISC
artica — pandora_fms
 
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. 2022-07-26 not yet calculated CVE-2022-1648
CONFIRM
CONFIRM
atlantis — atlantis
 
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events. 2022-07-29 not yet calculated CVE-2022-24912
CONFIRM
CONFIRM
CONFIRM
atlassian — confluence_server_and_data_center The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality. 2022-07-26 not yet calculated CVE-2020-36290
MISC
atlassian — jira Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2. 2022-07-26 not yet calculated CVE-2021-43959
N/A
atos_unify — openscape An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker (with network access to the admin interface) to disrupt system availability or potentially compromise the confidentiality and integrity of the system. 2022-07-25 not yet calculated CVE-2022-36444
MISC
autodesk — autocad_2023 Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-07-29 not yet calculated CVE-2022-33881
MISC
autodesk — autodesk_design_review A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2022-07-29 not yet calculated CVE-2022-27864
MISC
autodesk — autodesk_design_review A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-07-29 not yet calculated CVE-2022-27866
MISC
autodesk — autodesk_design_review A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code. 2022-07-29 not yet calculated CVE-2022-27865
MISC
autodesk — autodesk_fusion_360_document_parser An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. 2022-07-29 not yet calculated CVE-2022-27873
MISC
automattic — automattic/mongoose Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6. 2022-07-28 not yet calculated CVE-2022-2564
CONFIRM
MISC
aveva — platform_common_services_portal AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. 2022-07-27 not yet calculated CVE-2021-38410
CONFIRM
CONFIRM
bently_nevada — bently_nevada_2700_series_of_condition_monitoring_equipment The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality. 2022-07-26 not yet calculated CVE-2022-29953
MISC
MISC
bently_nevada — condition_monitoring_equipment Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. 2022-07-26 not yet calculated CVE-2022-29952
MISC
MISC
caddyserver — caddy An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. 2022-07-22 not yet calculated CVE-2022-34037
MISC
ceph — ceph A flaw was found in Openstack manilla owning a Ceph File system “share”, which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the “volumes” plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. 2022-07-25 not yet calculated CVE-2022-0670
MISC
FEDORA
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33438
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33440
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33449
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33439
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33447
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33446
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33444
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33445
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33442
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33441
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33437
MISC
MISC
cesanta — mjs An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. 2022-07-26 not yet calculated CVE-2021-33448
MISC
MISC
cesanta — mjs An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c. 2022-07-26 not yet calculated CVE-2021-33443
MISC
MISC
chia_network — cat1_standard An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious. 2022-07-29 not yet calculated CVE-2022-36447
MISC
MISC
cisco — iot_control_center A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2022-07-22 not yet calculated CVE-2022-20916
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20903
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20892
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20899
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20896
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20894
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20912
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20911
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20910
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20897
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20893
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20904
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20900
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20898
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20901
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20895
CISCO
cisco — multiple_cisco_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. 2022-07-22 not yet calculated CVE-2022-20902
CISCO
cisco — nexus_dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. 2022-07-22 not yet calculated CVE-2022-20909
CISCO
cisco — nexus_dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. 2022-07-22 not yet calculated CVE-2022-20907
CISCO
cisco — nexus_dashboard A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. 2022-07-22 not yet calculated CVE-2022-20913
CISCO
cisco — nexus_dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. 2022-07-22 not yet calculated CVE-2022-20906
CISCO
cisco — nexus_dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. 2022-07-22 not yet calculated CVE-2022-20908
CISCO
citrix — multiple_products Unauthenticated redirection to a malicious website 2022-07-28 not yet calculated CVE-2022-27509
MISC
cloudflare — warp By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as ‘Lock WARP switch’. 2022-07-26 not yet calculated CVE-2022-2225
MISC
clusterlabs — booth The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. 2022-07-28 not yet calculated CVE-2022-2553
MISC
DEBIAN
communilink — clink_office CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters. 2022-07-25 not yet calculated CVE-2022-29709
MISC
MISC
MISC
conf_cfg_ini — conf_cfg_ini 
 
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context. 2022-07-25 not yet calculated CVE-2020-28441
CONFIRM
CONFIRM
convert-svg-core_project — convert-svg-core The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. 2022-07-22 not yet calculated CVE-2022-25759
CONFIRM
CONFIRM
CONFIRM
CONFIRM
cuppa_cms — cuppa_cms Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. 2022-07-27 not yet calculated CVE-2022-34121
MISC
MISC
dataease — dataease Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. 2022-07-22 not yet calculated CVE-2022-34115
MISC
dataease — dataease An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. 2022-07-22 not yet calculated CVE-2022-34112
MISC
dataease — dataease Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. 2022-07-22 not yet calculated CVE-2022-34114
MISC
dataease — dataease An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. 2022-07-22 not yet calculated CVE-2022-34113
MISC
dedecms — dedecms
 
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. 2022-07-29 not yet calculated CVE-2022-34531
MISC
deferred-exec_project — deferred-exec This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js 2022-07-25 not yet calculated CVE-2020-28438
CONFIRM
django-rest-framework — django_rest_framework Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. 2022-07-23 not yet calculated CVE-2018-25045
MISC
MISC
MISC
dlink_global — dsl-3782 D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. 2022-07-29 not yet calculated CVE-2022-34527
MISC
MISC
dlink_global — dsl-3782 D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. 2022-07-29 not yet calculated CVE-2022-34528
MISC
MISC
dogtag_pki — dogtag_pki Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. 2022-07-29 not yet calculated CVE-2022-2414
MISC
dptech — dptech_vpn DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability. 2022-07-28 not yet calculated CVE-2022-34593
MISC
emarketdesign — request_a_quote The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-07-25 not yet calculated CVE-2022-2239
MISC
emarketdesign — request_a_quote The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it 2022-07-25 not yet calculated CVE-2022-2240
MISC
emerson — emerson_deltav_distributed_control_system The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. 2022-07-26 not yet calculated CVE-2022-29957
MISC
MISC
emerson — emerson_openbsi Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities. 2022-07-26 not yet calculated CVE-2022-29960
MISC
MISC
emerson – emerson_deltav_distributed_control_system_controllers_and_io_cards
 
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. 2022-07-26 not yet calculated CVE-2022-29962
MISC
MISC
emerson – emerson_deltav_distributed_control_system_controllers_and_io_cards
 
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. 2022-07-26 not yet calculated CVE-2022-29964
MISC
MISC
emerson – emerson_deltav_distributed_control_system_controllers_and_io_cards
 
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. 2022-07-26 not yet calculated CVE-2022-29963
MISC
MISC
emerson – emerson_deltav_distributed_control_system_controllers_and_io_cards
 
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. 2022-07-26 not yet calculated CVE-2022-29965
MISC
MISC
eziod_project — eziod The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. 2022-07-22 not yet calculated CVE-2022-34982
MISC
MISC
MISC
f-secure — elements_endpoint_protection A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine. 2022-07-22 not yet calculated CVE-2022-28879
MISC
MISC
f-secure — elements_endpoint_protection A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine. 2022-07-22 not yet calculated CVE-2022-28878
MISC
MISC
fava_project — fava The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. 2022-07-25 not yet calculated CVE-2022-2514
CONFIRM
MISC
fava_project — fava Cross-site Scripting (XSS) – Reflected in GitHub repository beancount/fava prior to 1.22.2. 2022-07-25 not yet calculated CVE-2022-2523
CONFIRM
MISC
feehi_cms — advertising_management_module
 
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. 2022-07-27 not yet calculated CVE-2022-34971
MISC
ffmpeg-sdk_project — ffmpeg-sdk This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. 2022-07-25 not yet calculated CVE-2020-28435
CONFIRM
filewave — filewave An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. 2022-07-25 not yet calculated CVE-2022-34907
MISC
MISC
filewave — filewave A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests. 2022-07-25 not yet calculated CVE-2022-34906
MISC
MISC
fossil — xss_payload Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. 2022-07-28 not yet calculated CVE-2022-34009
MISC
MISC
framework_team_softwares — tiff_split A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file. 2022-07-29 not yet calculated CVE-2022-34526
MISC
freehi — feehi_cms A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. 2022-07-28 not yet calculated CVE-2022-34140
MISC
MISC
fruits_bazar — fruits_bazar Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php. 2022-07-26 not yet calculated CVE-2022-34989
MISC
garage_management_system — garage_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-07-29 not yet calculated CVE-2022-2578
MISC
MISC
garage_management_system — garage_management_system A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src=”https://us-cert.cisa.gov” onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-07-29 not yet calculated CVE-2022-2579
MISC
MISC
garage_management_system — garage_management_system A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2’%20UNION%20select%2011,user(),333,444–+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-07-29 not yet calculated CVE-2022-2577
MISC
MISC
git_archive — git_archive
 
All versions of package git-archive are vulnerable to Command Injection via the exports function. 2022-07-25 not yet calculated CVE-2020-28422
CONFIRM
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. 2022-07-28 not yet calculated CVE-2022-1948
MISC
CONFIRM
MISC
gnome — gnome_gdkpixbuf GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. 2022-07-24 not yet calculated CVE-2021-46829
MISC
MISC
MISC
MISC
MISC
MLIST
MISC
goanywhere — goanywhere_mft A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. 2022-07-27 not yet calculated CVE-2021-46830
MISC
MISC
google — android EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). 2022-07-30 not yet calculated CVE-2022-30083
MISC
google — chrome Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1500
MISC
MISC
google — chrome Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1499
MISC
MISC
google — chrome Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1498
MISC
MISC
google — chrome Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1497
MISC
MISC
google — chrome Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. 2022-07-26 not yet calculated CVE-2022-1496
MISC
MISC
google — chrome Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1495
MISC
MISC
google — chrome Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. 2022-07-26 not yet calculated CVE-2022-1493
MISC
MISC
google — chrome Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1492
MISC
MISC
google — chrome Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1479
MISC
MISC
google — chrome Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. 2022-07-23 not yet calculated CVE-2022-1125
MISC
MISC
google — chrome Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1637
MISC
MISC
google — chrome Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. 2022-07-23 not yet calculated CVE-2022-1127
MISC
MISC
google — chrome Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. 2022-07-26 not yet calculated CVE-2022-1634
MISC
MISC
google — chrome Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1129
MISC
MISC
google — chrome Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1364
MISC
MISC
google — chrome Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1490
MISC
MISC
google — chrome Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1501
MISC
MISC
google — chrome Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. 2022-07-26 not yet calculated CVE-2022-1633
MISC
MISC
google — chrome Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. 2022-07-26 not yet calculated CVE-2022-1489
MISC
MISC
google — chrome Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1639
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1096
MISC
MISC
google — chrome Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1640
MISC
MISC
google — chrome Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. 2022-07-26 not yet calculated CVE-2022-1641
MISC
MISC
google — chrome Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2008
MISC
MISC
google — chrome Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. 2022-07-26 not yet calculated CVE-2022-1491
MISC
MISC
google — chrome Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1131
MISC
MISC
google — chrome Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1636
MISC
MISC
google — chrome Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. 2022-07-26 not yet calculated CVE-2022-1488
MISC
MISC
google — chrome Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-22 not yet calculated CVE-2022-0978
MISC
MISC
google — chrome Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. 2022-07-22 not yet calculated CVE-2022-0980
MISC
MISC
google — chrome Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. 2022-07-26 not yet calculated CVE-2022-1635
MISC
MISC
google — chrome Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1638
MISC
MISC
google — chrome Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1494
MISC
MISC
google — chrome Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1477
MISC
MISC
google — chrome Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1310
MISC
MISC
google — chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1309
MISC
MISC
google — chrome Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. 2022-07-23 not yet calculated CVE-2022-1142
MISC
MISC
google — chrome Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. 2022-07-23 not yet calculated CVE-2022-1144
MISC
MISC
google — chrome Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1133
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1134
MISC
MISC
google — chrome Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2022-07-25 not yet calculated CVE-2022-1312
MISC
MISC
google — chrome Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture. 2022-07-23 not yet calculated CVE-2022-1141
MISC
MISC
google — chrome Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. 2022-07-23 not yet calculated CVE-2022-1143
MISC
MISC
google — chrome Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1137
MISC
MISC
google — chrome Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1146
MISC
MISC
google — chrome Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. 2022-07-23 not yet calculated CVE-2022-1135
MISC
MISC
google — chrome Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. 2022-07-23 not yet calculated CVE-2022-1136
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1232
MISC
MISC
google — chrome Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1478
MISC
MISC
google — chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1139
MISC
MISC
google — chrome Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1481
MISC
MISC
google — chrome Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. 2022-07-23 not yet calculated CVE-2022-1132
MISC
MISC
google — chrome Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1138
MISC
MISC
google — chrome Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction. 2022-07-23 not yet calculated CVE-2022-1145
MISC
MISC
google — chrome Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. 2022-07-26 not yet calculated CVE-2022-1487
MISC
MISC
google — chrome Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1482
MISC
MISC
google — chrome Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. 2022-07-23 not yet calculated CVE-2022-1130
MISC
MISC
google — chrome Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1483
MISC
MISC
google — chrome Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1484
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1314
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1486
MISC
MISC
google — chrome Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-26 not yet calculated CVE-2022-1485
MISC
MISC
google — chrome Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1308
MISC
MISC
google — chrome Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1307
MISC
MISC
google — chrome Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1306
MISC
MISC
google — chrome Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1305
MISC
MISC
google — chrome Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. 2022-07-23 not yet calculated CVE-2022-1128
MISC
MISC
google — chrome Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1313
MISC
MISC
google — chrome Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-25 not yet calculated CVE-2022-1311
MISC
MISC
google — chrome Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-07-22 not yet calculated CVE-2022-0979
MISC
MISC
google — chrome
 
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2480
MISC
MISC
google — chrome
 
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2479
MISC
MISC
google — chrome
 
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2164
MISC
MISC
FEDORA
google — chrome
 
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2011
MISC
MISC
google — chrome
 
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2294
MISC
MISC
FEDORA
MLIST
FEDORA
google — chrome
 
Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. 2022-07-27 not yet calculated CVE-2022-1867
MISC
MISC
google — chrome
 
Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1868
MISC
MISC
google — chrome
 
Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2415
MISC
MISC
google — chrome
 
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2477
MISC
MISC
google — chrome
 
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user’s local files via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2160
MISC
MISC
FEDORA
google — chrome
 
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. 2022-07-28 not yet calculated CVE-2022-2296
MISC
MISC
FEDORA
google — chrome
 
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2295
MISC
MISC
FEDORA
google — chrome
 
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2022-07-28 not yet calculated CVE-2022-2165
MISC
MISC
FEDORA
google — chrome
 
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2162
MISC
MISC
FEDORA
google — chrome
 
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. 2022-07-28 not yet calculated CVE-2022-2163
MISC
MISC
FEDORA
google — chrome
 
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2478
MISC
MISC
google — chrome
 
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. 2022-07-28 not yet calculated CVE-2022-2481
MISC
MISC
google — chrome
 
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 2022-07-28 not yet calculated CVE-2022-2161
MISC
MISC
FEDORA
google — chrome
 
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2158
MISC
MISC
FEDORA
google — chrome
 
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2157
MISC
MISC
FEDORA
google — chrome
 
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2007
MISC
MISC
google — chrome
 
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2399
MISC
MISC
google — chrome
 
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2156
MISC
MISC
FEDORA
google — chrome
 
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1869
MISC
MISC
google — chrome
 
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. 2022-07-27 not yet calculated CVE-2022-1863
MISC
MISC
google — chrome
 
Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. 2022-07-27 not yet calculated CVE-2022-1858
MISC
MISC
google — chrome
 
Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. 2022-07-27 not yet calculated CVE-2022-1861
MISC
MISC
google — chrome
 
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. 2022-07-27 not yet calculated CVE-2022-1860
MISC
MISC
google — chrome
 
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1859
MISC
MISC
google — chrome
 
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-2010
MISC
MISC
google — chrome
 
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. 2022-07-27 not yet calculated CVE-2022-1870
MISC
MISC
google — chrome
 
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1857
MISC
MISC
google — chrome
 
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. 2022-07-27 not yet calculated CVE-2022-1856
MISC
MISC
google — chrome
 
Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1855
MISC
MISC
google — chrome
 
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1854
MISC
MISC
google — chrome
 
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1853
MISC
MISC
google — chrome
 
Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1862
MISC
MISC
google — chrome
 
Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1872
MISC
MISC
google — chrome
 
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. 2022-07-27 not yet calculated CVE-2022-1865
MISC
MISC
google — chrome
 
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. 2022-07-27 not yet calculated CVE-2022-1866
MISC
MISC
google — chrome
 
Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. 2022-07-27 not yet calculated CVE-2022-1864
MISC
MISC
google — chrome
 
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1873
MISC
MISC
google — chrome
 
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-07-28 not yet calculated CVE-2022-1919
MISC
MISC
google — chrome
 
Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1874
MISC
MISC
google — chrome
 
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1871
MISC
MISC
google — chrome
 
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1875
MISC
MISC
google — chrome
 
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-07-27 not yet calculated CVE-2022-1876
MISC
MISC
google — google_play_services_sdk_play-services-basement
 
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release. 2022-07-29 not yet calculated CVE-2022-1799
MISC
google-cloudstorage-commands_project — google-cloudstorage-commands This affects all versions of package google-cloudstorage-commands. 2022-07-25 not yet calculated CVE-2020-28436
CONFIRM
CONFIRM
gpac — gpsa/gpac
 
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. 2022-07-27 not yet calculated CVE-2022-2549
MISC
CONFIRM
grapesjs — grapesjs The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager. 2022-07-25 not yet calculated CVE-2022-21802
MISC
MISC
MISC
MISC
MISC
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in “Extension:ExtendedSearch” of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page “Special:SearchCenter”, using the search term in the URL. 2022-07-22 not yet calculated CVE-2022-2510
CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in the “commonuserinterface” component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL. 2022-07-22 not yet calculated CVE-2022-2511
CONFIRM
hashicorp — vault/vault_enterprise
 
HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control. 2022-07-26 not yet calculated CVE-2022-36129
MISC
MISC
hcl_commerce — remote_store_server
 
HCL Commerce’s Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. 2022-07-30 not yet calculated CVE-2021-27785
MISC
hestiacp – hestiacp/hestiacp
 
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. 2022-07-27 not yet calculated CVE-2022-2550
MISC
CONFIRM
hiby — hiby_r3_pro
 
Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. 2022-07-29 not yet calculated CVE-2022-34496
MISC
MISC
hitachi_energy — hitachi_energy_msm
 
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions. 2022-07-25 not yet calculated CVE-2021-40336
CONFIRM
hitachi_energy — hitachi_energy_msm
 
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions. 2022-07-25 not yet calculated CVE-2021-40335
CONFIRM
homepage_product_organizer_for_woocommerce_project — homepage_product_organizer_for_woocommerce Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co’s Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. 2022-07-22 not yet calculated CVE-2022-30998
CONFIRM
CONFIRM
honeywell — honeywell_experion_pks_safety_manager Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthenticated Safety Builder protocol (FSCT-2022-0051) for engineering purposes, including downloading projects and control logic to the controller. Control logic is downloaded to the controller on a block-by-block basis. The logic that is downloaded consists of FLD code compiled to native machine code for the CPU module (which applies to both the Safety Manager and FSC families). Since this logic does not seem to be cryptographically authenticated, it allows an attacker capable of triggering a logic download to execute arbitrary machine code on the controller’s CPU module in the context of the runtime. While the researchers could not verify this in detail, the researchers believe that the microprocessor underpinning the FSC and Safety Manager CPU modules is incapable of offering memory protection or privilege separation capabilities which would give an attacker full control of the CPU module. There is no authentication on control logic downloaded to the controller. Memory protection and privilege separation capabilities for the runtime are possibly lacking. The researchers confirmed the issues in question on Safety Manager R145.1 and R152.2 but suspect the issue affects all FSC and SM controllers and associated Safety Builder versions regardless of software or firmware revision. An attacker who can communicate with a Safety Manager controller via the Safety Builder protocol can execute arbitrary code without restrictions on the CPU module, allowing for covert manipulation of control operations and implanting capabilities similar to the TRITON malware (MITRE ATT&CK software ID S1009). A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position. 2022-07-28 not yet calculated CVE-2022-30315
MISC
MISC
honeywell — honeywell_experion_pks_safety_manager
 
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System (DCS) Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP (51000/TCP) and Safety Builder (51010/TCP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols’ functionalities could achieve a wide range of adverse impacts, including (but not limited to), the following: for Experion TCP (51000/TCP): Issue IO manipulation commands, Issue file read/write commands; and for Safety Builder (51010/TCP): Issue controller start/stop commands, Issue logic download/upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position. 2022-07-28 not yet calculated CVE-2022-30313
MISC
MISC
honeywell — honeywell_experion_pks_safety_manager
 
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is: Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. An engineering workstation running the Safety Builder software communicates via serial or serial-over-ethernet link with the DCOM-232/485 interface. Firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. Firmware images are unsigned. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize hardcoded credentials (see FSCT-2022-0052) for the POLO bootloader to control the boot process and push malicious firmware images to the controller allowing for firmware manipulation, remote code execution and denial of service impacts. A mitigating factor is that in order for a firmware update to be initiated, the Safety Manager has to be rebooted which is typically done by means of physical controls on the Safety Manager itself. As such, an attacker would have to either lay dormant until a legitimate reboot occurs or possibly attempt to force a reboot through a secondary vulnerability. 2022-07-28 not yet calculated CVE-2022-30316
MISC
MISC
honeywell — honeywell_experion_pks_safety_manager
 
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054). 2022-07-28 not yet calculated CVE-2022-30314
MISC
MISC
honeywell — saia_burgess_controls_pcd
 
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication is done by using the S-Bus ‘write byte’ message to a specific address and supplying a hashed version of the password. The hashing algorithm used is based on CRC-16 and as such not cryptographically secure. An insecure hashing algorithm is used. An attacker capable of passively observing traffic can intercept the hashed credentials and trivially find collisions allowing for authentication without having to bruteforce a keyspace defined by the actual strength of the password. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration. 2022-07-28 not yet calculated CVE-2022-30320
MISC
MISC
honeywell — saia_burgess_controls_pcd
 
Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication functions on the basis of a MAC/IP whitelist with inactivity timeout to which an authenticated client’s MAC/IP is stored. UDP traffic can be spoofed to bypass the whitelist-based access control. Since UDP is stateless, an attacker capable of passively observing traffic can spoof arbitrary messages using the MAC/IP of an authenticated client. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration. 2022-07-28 not yet calculated CVE-2022-30319
MISC
MISC
horde_groupware — horde_groupware_webmail_edition
 
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. 2022-07-28 not yet calculated CVE-2022-30287
MISC
MISC
ibm — ibm_robotic_process_automation
 
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019. 2022-07-26 not yet calculated CVE-2022-22412
CONFIRM
XF
ibm — powervm_vios IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. 2022-07-29 not yet calculated CVE-2022-35643
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111. 2022-07-28 not yet calculated CVE-2021-39088
CONFIRM
XF
ibm — security_verify_information_queue IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812. 2022-07-25 not yet calculated CVE-2022-35285
CONFIRM
XF
ibm — security_verify_information_queue IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. 2022-07-25 not yet calculated CVE-2022-35287
XF
CONFIRM
ibm — security_verify_information_queue
 
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811. 2022-07-25 not yet calculated CVE-2022-35284
CONFIRM
XF
ibm — security_verify_information_queue
 
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814. 2022-07-26 not yet calculated CVE-2022-35286
CONFIRM
XF
ibm — security_verify_information_queue
 
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818. 2022-07-25 not yet calculated CVE-2022-35288
XF
CONFIRM
ibm — sterling_partner_engagement_manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932. 2022-07-26 not yet calculated CVE-2022-35639
CONFIRM
XF
inavitas — inavitas_solar_log Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. 2022-07-29 not yet calculated CVE-2022-1277
CONFIRM
inductive_automation — inductive_automation_ignition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115. 2022-07-25 not yet calculated CVE-2022-35872
MISC
MISC
inductive_automation — inductive_automation_ignition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265. 2022-07-25 not yet calculated CVE-2022-35870
MISC
MISC
inductive_automation — inductive_automation_ignition
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949. 2022-07-25 not yet calculated CVE-2022-35873
MISC
MISC
inductive_automation — inductive_automation_ignition
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211. 2022-07-25 not yet calculated CVE-2022-35869
MISC
MISC
inductive_automation — inductive_automation_ignition
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. 2022-07-25 not yet calculated CVE-2022-35871
MISC
MISC
inmailx — inmailx_outlook InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. 2022-07-26 not yet calculated CVE-2022-27105
MISC
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. 2022-07-26 not yet calculated CVE-2022-34988
MISC
ion_parser — ion_parser
 
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. 2022-07-25 not yet calculated CVE-2020-28462
CONFIRM
itech — movie_portal_script A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-07-22 not yet calculated CVE-2017-20142
N/A
N/A
itech — movie_portal_script A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-07-22 not yet calculated CVE-2017-20143
N/A
N/A
itech — movie_portal_script A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-07-22 not yet calculated CVE-2017-20141
N/A
N/A
itech — movie_portal_script A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-07-22 not yet calculated CVE-2017-20139
N/A
N/A
itech — movie_portal_script A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-07-22 not yet calculated CVE-2017-20140
N/A
N/A
itsourcecode — advance_management_system Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. 2022-07-28 not yet calculated CVE-2022-34580
MISC
itsourcecode — barangay_management_system Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. 2022-07-27 not yet calculated CVE-2022-34120
MISC
itsourcecode — advanced_school_management_system Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. 2022-07-27 not yet calculated CVE-2022-34594
MISC
itsourcecode — barangay_management_system Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php. 2022-07-28 not yet calculated CVE-2022-34557
MISC
izrip — izrip An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c. 2022-07-26 not yet calculated CVE-2021-33451
MISC
MISC
izrip — izrip An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538. 2022-07-26 not yet calculated CVE-2021-33453
MISC
MISC
jenkins — buckminster Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-07-27 not yet calculated CVE-2022-36918
CONFIRM
MLIST
jenkins — clif_performance_testing An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. 2022-07-27 not yet calculated CVE-2022-36894
CONFIRM
MLIST
jenkins — compuware_ispw_operations Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. 2022-07-27 not yet calculated CVE-2022-36899
CONFIRM
MLIST
jenkins — compuware_ispw_operations A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36898
CONFIRM
MLIST
jenkins — compuware_source_code_download A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36896
CONFIRM
MLIST
jenkins — compuware_topaz_utilities A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36895
CONFIRM
MLIST
jenkins — compuware_xpediter_code_coverage A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36897
CONFIRM
MLIST
jenkins — coverity A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36920
CONFIRM
MLIST
jenkins — coverity A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36919
CONFIRM
MLIST
jenkins — coverity A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36921
CONFIRM
MLIST
jenkins — deployer_framework Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. 2022-07-27 not yet calculated CVE-2022-36889
CONFIRM
MLIST
jenkins — deployer_framework A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. 2022-07-27 not yet calculated CVE-2022-36891
CONFIRM
MLIST
jenkins — deployer_framework Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-07-27 not yet calculated CVE-2022-36890
CONFIRM
MLIST
jenkins — external_monitor_job_type A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. 2022-07-27 not yet calculated CVE-2022-36886
CONFIRM
MLIST
jenkins — git The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. 2022-07-27 not yet calculated CVE-2022-36884
CONFIRM
MLIST
jenkins — git
 
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. 2022-07-27 not yet calculated CVE-2022-36883
CONFIRM
MLIST
jenkins — git
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. 2022-07-27 not yet calculated CVE-2022-36882
CONFIRM
MLIST
jenkins — git_client Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. 2022-07-27 not yet calculated CVE-2022-36881
CONFIRM
MLIST
jenkins — github
 
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. 2022-07-27 not yet calculated CVE-2022-36885
CONFIRM
MLIST
jenkins — google_cloud_backup A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. 2022-07-27 not yet calculated CVE-2022-36917
CONFIRM
MLIST
jenkins — google_cloud_backup
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. 2022-07-27 not yet calculated CVE-2022-36916
CONFIRM
MLIST
jenkins — job_configuration_history A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. 2022-07-27 not yet calculated CVE-2022-36887
CONFIRM
MLIST
jenkins — lucene_search Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the ‘search’ result page, resulting in a reflected cross-site scripting (XSS) vulnerability. 2022-07-27 not yet calculated CVE-2022-36922
CONFIRM
MLIST
jenkins — openshift_deployer A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. 2022-07-27 not yet calculated CVE-2022-36909
CONFIRM
MLIST
jenkins — rhnpush-plugin Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. 2022-07-27 not yet calculated CVE-2022-36892
CONFIRM
MLIST
jenkins –android_signing Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. 2022-07-27 not yet calculated CVE-2022-36915
CONFIRM
MLIST
jenkins –compuware_zadviser_api Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. 2022-07-27 not yet calculated CVE-2022-36900
CONFIRM
MLIST
jenkins –files_found_trigger Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-07-27 not yet calculated CVE-2022-36914
CONFIRM
MLIST
jenkins –http_request Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-07-27 not yet calculated CVE-2022-36901
CONFIRM
MLIST
jenkins –lucene_search Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. 2022-07-27 not yet calculated CVE-2022-36910
CONFIRM
MLIST
jenkins –maven_metadata Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-07-27 not yet calculated CVE-2022-36905
CONFIRM
MLIST
jenkins –openshift_deployer A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. 2022-07-27 not yet calculated CVE-2022-36906
CONFIRM
MLIST
jenkins –openshift_deployer A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. 2022-07-27 not yet calculated CVE-2022-36907
CONFIRM
MLIST
jenkins –openshift_deployer A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. 2022-07-27 not yet calculated CVE-2022-36908
CONFIRM
MLIST
jenkins –openstack_heat Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-07-27 not yet calculated CVE-2022-36913
CONFIRM
MLIST
jenkins –openstack_heat A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. 2022-07-27 not yet calculated CVE-2022-36911
CONFIRM
MLIST
jenkins –openstack_heat A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. 2022-07-27 not yet calculated CVE-2022-36912
CONFIRM
MLIST
jenkins –repository_connector Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-07-27 not yet calculated CVE-2022-36904
CONFIRM
MLIST
jenkins –repository_connector A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-07-27 not yet calculated CVE-2022-36903
CONFIRM
MLIST
jenkins — dynamic_extended_choice Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-07-27 not yet calculated CVE-2022-36902
CONFIRM
MLIST
jenkins — hashicorp_vault
 
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. 2022-07-27 not yet calculated CVE-2022-36888
CONFIRM
MLIST
jenkins — rpmsign-plugin
 
Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. 2022-07-27 not yet calculated CVE-2022-36893
CONFIRM
MLIST
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the “Git User Name Is Not Defined” dialog was missed 2022-07-28 not yet calculated CVE-2022-37010
MISC
johnsoncontrols — metasys_open_application_server Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users. 2022-07-22 not yet calculated CVE-2021-36200
CONFIRM
CERT
joplin — joplin
 
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. 2022-07-25 not yet calculated CVE-2022-35131
MISC
MISC
MISC
js_ini — js_ini This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. 2022-07-25 not yet calculated CVE-2020-28461
CONFIRM
CONFIRM
jtekt — jtekt_toyopuc_plc JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. 2022-07-26 not yet calculated CVE-2022-29951
MISC
MISC
jtekt — jtekt_toyopuc_plc JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC’s CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU. 2022-07-26 not yet calculated CVE-2022-29958
MISC
MISC
kippo-graph — kippo-graph In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php. 2022-07-28 not yet calculated CVE-2016-2138
MISC
MISC
kippo-graph — kippo-graph In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php. 2022-07-28 not yet calculated CVE-2016-2139
MISC
MISC
libxml — libxml Possible cross-site scripting vulnerability in libxml after commit 960f0e2. 2022-07-28 not yet calculated CVE-2016-3709
MISC
linux — linux_kernel The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. 2022-07-29 not yet calculated CVE-2022-36123
MISC
MISC
MISC
CONFIRM
CONFIRM
linux — linux_kernel A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service. 2022-07-26 not yet calculated CVE-2022-1651
MISC
linux — linux_kernel nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. 2022-07-27 not yet calculated CVE-2022-36946
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. 2022-07-27 not yet calculated CVE-2022-36879
MISC
MISC
linux — linux_kernel io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 2022-07-22 not yet calculated CVE-2022-2327
CONFIRM
CONFIRM
linux — linux_kernel
 
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. 2022-07-26 not yet calculated CVE-2022-1671
MISC
mageni — student_management_syetem A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. 2022-07-28 not yet calculated CVE-2021-33371
MISC
markdown_it_decorate — markdown_it_decorate This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. 2022-07-25 not yet calculated CVE-2020-28459
CONFIRM
markdown_it_toc — markdown_it_toc This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. 2022-07-25 not yet calculated CVE-2020-28455
CONFIRM
mcafee — mcafee_agent A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. 2022-07-27 not yet calculated CVE-2022-2313
CONFIRM
microweber — microweber Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.2.21. 2022-07-22 not yet calculated CVE-2022-2470
CONFIRM
MISC
microweber — microweber Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.21. 2022-07-22 not yet calculated CVE-2022-2495
CONFIRM
MISC
midori-global — better_pdf_exporter The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page. 2022-07-22 not yet calculated CVE-2022-36131
MISC
MISC
mistune — mistune In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. 2022-07-25 not yet calculated CVE-2022-34749
MISC
MISC
moodle — moodle A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. 2022-07-25 not yet calculated CVE-2022-35651
MISC
MISC
MISC
FEDORA
FEDORA
moodle — moodle A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. 2022-07-25 not yet calculated CVE-2022-35653
MISC
MISC
MISC
FEDORA
FEDORA
moodle — moodle
 
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. 2022-07-25 not yet calculated CVE-2022-35650
MISC
MISC
MISC
FEDORA
FEDORA
moodle — moodle
 
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. 2022-07-25 not yet calculated CVE-2022-35652
MISC
MISC
MISC
FEDORA
FEDORA
moodle — moodle
 
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. 2022-07-25 not yet calculated CVE-2022-35649
MISC
MISC
MISC
FEDORA
FEDORA
motorola — moscad_and_ace_rtu The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. 2022-07-26 not yet calculated CVE-2022-30276
MISC
MISC
motorola — motorola_ace1000_rtu
 
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kernel, package, bundle, or application images can be installed. Firmware updates for the Front End Processor (FEP) module are performed via access to the SSH interface (22/TCP), where a .hex file image is transferred and a bootloader script invoked. File system, kernel, package, and bundle updates are supplied as RPM (RPM Package Manager) files while FEP updates are supplied as S-rec files. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. 2022-07-26 not yet calculated CVE-2022-30272
MISC
MISC
motorola — motorola_ace1000_rtu
 
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers. 2022-07-26 not yet calculated CVE-2022-30273
MISC
MISC
MISC
motorola — motorola_ace1000_rtu
 
The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed. 2022-07-26 not yet calculated CVE-2022-30270
MISC
MISC
motorola — motorola_ace1000_rtu
 
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. 2022-07-26 not yet calculated CVE-2022-30269
MISC
MISC
motorola — motorola_ace1000_rtu
 
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key. 2022-07-26 not yet calculated CVE-2022-30274
MISC
MISC
motorola — motorola_ace1000_rtu
 
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. 2022-07-26 not yet calculated CVE-2022-30271
MISC
MISC
motorola — motorola_moscad_toolbox_software The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. 2022-07-26 not yet calculated CVE-2022-30275
MISC
MISC
multisafepay — multisafepay_for_woocommerce Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. 2022-07-22 not yet calculated CVE-2022-33901
CONFIRM
CONFIRM
nasm — nasm An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. 2022-07-26 not yet calculated CVE-2021-33452
MISC
MISC
nasm — nasm An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. 2022-07-26 not yet calculated CVE-2021-33450
MISC
MISC
nodepdf — nodepdf
 
Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0. 2022-07-28 not yet calculated CVE-2016-4991
MISC
npm_help — npm_help This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. 2022-07-25 not yet calculated CVE-2020-28445
CONFIRM
ntesseract_project — ntesseract The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. 2022-07-25 not yet calculated CVE-2020-28446
CONFIRM
CONFIRM
obsidian — obsidian Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. 2022-07-25 not yet calculated CVE-2022-36450
MISC
odoo — open_source_point_of_sale Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. 2022-07-28 not yet calculated CVE-2022-34578
MISC
omron — plcs In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449…D1452 and can be read out using the Omron FINS protocol without any further authentication. 2022-07-26 not yet calculated CVE-2022-31205
MISC
MISC
omron — plcs Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. 2022-07-26 not yet calculated CVE-2022-31204
MISC
MISC
omron — plcs
 
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. 2022-07-26 not yet calculated CVE-2022-31207
MISC
MISC
omron — plcs
 
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC’s runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC’s CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS. 2022-07-26 not yet calculated CVE-2022-31206
MISC
MISC
online_fire_reporting_system — online_fire_reporting_system
 
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the “Contac #” text field. 2022-07-27 not yet calculated CVE-2022-34611
MISC
MISC
MISC
online_fire_reporting_system_project — online_fire_reporting_system_1.0 Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter. 2022-07-26 not yet calculated CVE-2022-31879
MISC
open_xchange — oc_app_suite OX App Suite through 7.10.6 allows XSS by forcing block-wise read. 2022-07-27 not yet calculated CVE-2022-23099
CONFIRM
MISC
open_xchange — ox_app_suite OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. 2022-07-27 not yet calculated CVE-2022-24405
CONFIRM
MISC
open_xchange — ox_app_suite OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. 2022-07-27 not yet calculated CVE-2022-24406
CONFIRM
MISC
open_xchange — ox_app_suite OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. 2022-07-27 not yet calculated CVE-2022-23101
CONFIRM
MISC
open_xchange — ox_app_suite OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). 2022-07-27 not yet calculated CVE-2022-23100
CONFIRM
MISC
openemr — openemr Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. 2022-07-22 not yet calculated CVE-2022-2493
MISC
CONFIRM
openemr — openemr Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.0. 2022-07-22 not yet calculated CVE-2022-2494
CONFIRM
MISC
openkm — openkm_community_edition OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack. 2022-07-25 not yet calculated CVE-2022-2131
CONFIRM
openteknik — open_source_social_network OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. 2022-07-25 not yet calculated CVE-2022-34963
MISC
MISC
MISC
MISC
MISC
openteknik — open_source_social_network OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. 2022-07-25 not yet calculated CVE-2022-34964
MISC
MISC
MISC
MISC
openteknik — open_source_social_network OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. 2022-07-25 not yet calculated CVE-2022-34961
MISC
MISC
MISC
MISC
MISC
openteknik — open_source_social_network
 
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-07-25 not yet calculated CVE-2022-34965
MISC
MISC
MISC
MISC
openteknik — open_source_social_network
 
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at ip_address/:port/ossn/home. 2022-07-25 not yet calculated CVE-2022-34966
MISC
MISC
MISC
MISC
openteknik — open_source_social_network
 
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. 2022-07-25 not yet calculated CVE-2022-34962
MISC
MISC
MISC
MISC
MISC
orange_station — orange_station
 
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. 2022-07-26 not yet calculated CVE-2022-36161
MISC
oretnom23– online_railway_reservation_system The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device’s physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device’s location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center. 2022-07-26 not yet calculated CVE-2021-33057
MISC
MISC
otp-generator — otp-generator The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. 2022-07-25 not yet calculated CVE-2021-23451
CONFIRM
CONFIRM
CONFIRM
ovarro — tbox An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. 2022-07-28 not yet calculated CVE-2021-22642
CONFIRM
ovarro — tbox An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. 2022-07-28 not yet calculated CVE-2021-22640
CONFIRM
ovarro — tbox_twinsoft An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. 2022-07-28 not yet calculated CVE-2021-22650
CONFIRM
ovarro — tbox_twinsoft Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. 2022-07-28 not yet calculated CVE-2021-22644
CONFIRM
ovarro — tbox_twinsoft The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. 2022-07-28 not yet calculated CVE-2021-22646
CONFIRM
ovarro– tbox Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. 2022-07-28 not yet calculated CVE-2021-22648
CONFIRM
patlite — nh-fb_series_devices On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. 2022-07-27 not yet calculated CVE-2022-35911
MISC
MISC
MISC
pegasystems – pega_infinity Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. 2022-07-25 not yet calculated CVE-2022-24083
MISC
php_group — php_versions In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. 2022-07-28 not yet calculated CVE-2022-31627
MISC
pico_project — picoc PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c. 2022-07-28 not yet calculated CVE-2022-34556
MISC
MISC
plugins-market — wp_visitor_statistics Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. 2022-07-25 not yet calculated CVE-2022-33965
CONFIRM
CONFIRM
png2webp — png2webp png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file. 2022-07-28 not yet calculated CVE-2022-36752
MISC
MISC
prestashop — prestashop PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.7 allows remote attackers to execute arbitrary code, aka a “previously unknown vulnerability chain” related to SQL injection and MySQL Smarty cache storage injection, as exploited in the wild in July 2022. 2022-07-22 not yet calculated CVE-2022-36408
MISC
properties_reader —  properties_reader This affects the package properties-reader before 2.2.0. 2022-07-25 not yet calculated CVE-2020-28471
CONFIRM
CONFIRM
CONFIRM
pycrowdtangle_project — pycrowdtangle The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. 2022-07-22 not yet calculated CVE-2022-34981
MISC
MISC
MISC
pypi — pypi The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. 2022-07-22 not yet calculated CVE-2022-34501
MISC
MISC
MISC
pypi — pypi The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. 2022-07-22 not yet calculated CVE-2022-34500
MISC
MISC
MISC
pypi_project –wmagent_and_global_workqueue WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package. 2022-07-28 not yet calculated CVE-2022-34558
MISC
qpdf_project — qpdf QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-07-22 not yet calculated CVE-2022-34503
MISC
qr_code_generator — qr_code_generator A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. 2022-07-25 not yet calculated CVE-2022-24992
MISC
MISC
MISC
radare — radare2 Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file. 2022-07-22 not yet calculated CVE-2022-34502
MISC
radare — radare2 Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file. 2022-07-22 not yet calculated CVE-2022-34520
MISC
rainloop — rainloop_email_viewer The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. 2022-07-28 not yet calculated CVE-2022-29360
MISC
MISC
rapid — velociraptor Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35629
CONFIRM
rapid — velociraptor A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35630
CONFIRM
rapid — velociraptor_client On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35631
CONFIRM
rapid — velociraptor_gui The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35632
CONFIRM
realtek — rtl819x-sdk Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. 2022-07-28 not yet calculated CVE-2022-29558
MISC
MISC
redhat — openstack An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. 2022-07-22 not yet calculated CVE-2022-1655
MISC
revmakx — infinitewp_client A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-07-23 not yet calculated CVE-2016-15004
MISC
MISC
MISC
rizin — rizin Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary. 2022-07-27 not yet calculated CVE-2022-34612
MISC
MISC
rockwell_automation — multiple_products The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. 2022-07-27 not yet calculated CVE-2020-6998
CONFIRM
CONFIRM
sap_successfactors — sap_successfactors_attachment_api Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application 2022-07-27 not yet calculated CVE-2022-35291
MISC
MISC
scu-captcha_project — scu-captcha The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. 2022-07-22 not yet calculated CVE-2022-34983
MISC
MISC
MISC
sdl — sdl SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. 2022-07-28 not yet calculated CVE-2022-34568
MISC
set-deep-prop — set-deep-prop All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality. 2022-07-25 not yet calculated CVE-2021-23373
CONFIRM
simplenetwork — simplenetwork_tcp_server SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets. 2022-07-28 not yet calculated CVE-2022-36234
MISC
sims_software — sims Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. 2022-07-27 not yet calculated CVE-2022-34549
MISC
MISC
sims_software — sims Sims v1.0 was discovered to allow path traversal when downloading attachments. 2022-07-27 not yet calculated CVE-2022-34551
MISC
MISC
skyhigh — skyhigh_swg An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. 2022-07-27 not yet calculated CVE-2022-2310
CONFIRM
slack_morphism_project — slack_morphism Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs. 2022-07-22 not yet calculated CVE-2022-31162
CONFIRM
MISC
snyk — node-import This affects all versions of package node-import. The “params” argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file “index.js”. 2022-07-25 not yet calculated CVE-2020-7678
CONFIRM
CONFIRM
snyk — snyk-broker This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal. 2022-07-25 not yet calculated CVE-2020-7649
CONFIRM
CONFIRM
CONFIRM
sonar_wrapper — sonar_wrapper This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. 2022-07-25 not yet calculated CVE-2020-28443
CONFIRM
sonicwall — sonicwall_hosted_email_security Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions 2022-07-29 not yet calculated CVE-2022-2324
CONFIRM
sonicwall — sonicwall_switch Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions 2022-07-29 not yet calculated CVE-2022-2323
CONFIRM
sonicwall – sonicwall_gms Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. 2022-07-29 not yet calculated CVE-2022-22280
CONFIRM
squirrel — sqclass.cp sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine. 2022-07-28 not yet calculated CVE-2021-41556
MISC
MISC
MISC
student_information_management_system_project — student_information_management_system Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. 2022-07-27 not yet calculated CVE-2022-34550
MISC
MISC
supsystic — social_share_buttons Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. 2022-07-22 not yet calculated CVE-2022-27235
CONFIRM
CONFIRM
supsystic — social_share_buttons Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. 2022-07-22 not yet calculated CVE-2022-33960
CONFIRM
CONFIRM
sygnoos — popup_builder Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. 2022-07-22 not yet calculated CVE-2022-29495
CONFIRM
CONFIRM
synology — synology_audio_station Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-27612
CONFIRM
synology — synology_audio_station Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-27611
CONFIRM
synology — synology_calendar Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors. 2022-07-26 not yet calculated CVE-2022-22686
CONFIRM
synology — synology_carddav_server Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-27613
CONFIRM
synology — synology_diskstation_manager Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. 2022-07-27 not yet calculated CVE-2022-27610
CONFIRM
synology — synology_diskstation_manager
 
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-22684
CONFIRM
synology — synology_media_server Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-22683
CONFIRM
synology — synology_webdav_server Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-22685
CONFIRM
synology – synology_dns_server Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-27615
CONFIRM
synology – synology_media_server Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. 2022-07-28 not yet calculated CVE-2022-27614
CONFIRM
techvill — paymoney Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. 2022-07-26 not yet calculated CVE-2022-34991
MISC
tecrail — responsive_filemanger A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component. 2022-07-25 not yet calculated CVE-2017-20145
MISC
MISC
testimonials_project — testimonials Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul’s Testimonials plugin <= 3.0.1 at WordPress. 2022-07-22 not yet calculated CVE-2022-33191
CONFIRM
CONFIRM
the_document_foundation — libreoffice LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user’s configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. 2022-07-25 not yet calculated CVE-2022-26306
MISC
the_document_foundation — libreoffice An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. 2022-07-25 not yet calculated CVE-2022-26305
MISC
the_document_foundation — libreoffice LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3. 2022-07-25 not yet calculated CVE-2022-26307
MISC
the_eclipse_foundation – eclipse_californium In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. 2022-07-29 not yet calculated CVE-2022-2576
CONFIRM
thenify — thenify This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. 2022-07-25 not yet calculated CVE-2020-7677
CONFIRM
CONFIRM
CONFIRM
CONFIRM
tipsandtricks-hq — wp_video_lightbox The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers 2022-07-25 not yet calculated CVE-2022-2189
MISC
tortall — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33458
MISC
MISC
tovyblox — tovy Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51. 2022-07-22 not yet calculated CVE-2022-31164
MISC
CONFIRM
tplink — tl-r473g TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. 2022-07-28 not yet calculated CVE-2022-34555
MISC
trend_micro — trend_micro_apex_one A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. 2022-07-30 not yet calculated CVE-2022-36336
MISC
MISC
trend_micro — trend_micro_security Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. 2022-07-30 not yet calculated CVE-2022-35234
MISC
MISC
trend_micro_inc — vpn_proxy_pro Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. 2022-07-30 not yet calculated CVE-2022-33158
MISC
MISC
twinkle_toes_software — booked Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. 2022-07-26 not yet calculated CVE-2022-30706
MISC
MISC
untangle — untangle untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. 2022-07-26 not yet calculated CVE-2022-31471
MISC
MISC
MISC
untangle — untangle untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running. 2022-07-26 not yet calculated CVE-2022-33977
MISC
MISC
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36991
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server. 2022-07-28 not yet calculated CVE-2022-36990
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36995
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges. 2022-07-28 not yet calculated CVE-2022-36985
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36987
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36999
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server. 2022-07-28 not yet calculated CVE-2022-36988
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36989
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36996
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36984
MISC
veritas — netbackup In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. 2022-07-27 not yet calculated CVE-2022-36956
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions). 2022-07-28 not yet calculated CVE-2022-36992
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-37000
MISC
veritas — netbackup
 
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36986
MISC
veritas — netbackup
 
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. 2022-07-28 not yet calculated CVE-2022-36997
MISC
veritas — netbackup
 
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible 2022-07-28 not yet calculated CVE-2022-37009
MISC
veritas — netbackup
 
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36994
MISC
veritas — netbackup
 
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server. 2022-07-28 not yet calculated CVE-2022-36993
MISC
veritas — netbackup
 
In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. 2022-07-27 not yet calculated CVE-2022-36955
MISC
veritas — netbackup
 
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service. 2022-07-28 not yet calculated CVE-2022-36998
MISC
veritas — netbackup_opscenter In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36950
MISC
veritas — netbackup_opscenter In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36954
MISC
veritas — netbackup_opscenter
 
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36948
MISC
veritas — netbackup_opscenter
 
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36952
MISC
veritas — netbackup_opscenter
 
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36949
MISC
veritas — netbackup_opscenter
 
In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36953
MISC
veritas — netbackup_opscenter
 
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 2022-07-27 not yet calculated CVE-2022-36951
MISC
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060. 2022-07-25 not yet calculated CVE-2022-2522
MISC
CONFIRM
visam — visam_vbase VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. 2022-07-27 not yet calculated CVE-2021-38417
CONFIRM
visam – visam_vbase VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. 2022-07-27 not yet calculated CVE-2021-42535
CONFIRM
visam – visam_vbase VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. 2022-07-27 not yet calculated CVE-2021-42537
CONFIRM
w-dalil_project — w-dalil The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-07-25 not yet calculated CVE-2022-2340
MISC
MISC
warehouse_management_system_project – warehouse_management_system_1.0
 
Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter. 2022-07-26 not yet calculated CVE-2022-34067
MISC
wasm3_labs — wasm3 WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. 2022-07-27 not yet calculated CVE-2022-34529
MISC
wavlink — wavlink_firmware WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. 2022-07-25 not yet calculated CVE-2022-34570
MISC
MISC
wavlink — wavlink_firmware A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. 2022-07-25 not yet calculated CVE-2022-34577
MISC
MISC
wavlink — wavlink_firmware A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. 2022-07-25 not yet calculated CVE-2022-34576
MISC
wavlink — wifi_repeater An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. 2022-07-25 not yet calculated CVE-2022-34571
MISC
MISC
wavlink — wifi_repeater
 
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. 2022-07-25 not yet calculated CVE-2022-34574
MISC
MISC
wavlink — wifi_repeater
 
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. 2022-07-25 not yet calculated CVE-2022-34573
MISC
MISC
wavlink — wifi_repeater
 
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. 2022-07-25 not yet calculated CVE-2022-34572
MISC
MISC
wavlink — wifi_repeater
 
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. 2022-07-25 not yet calculated CVE-2022-34575
MISC
MISC
webmin — webmin The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. 2022-07-27 not yet calculated CVE-2022-36880
MISC
webmin — webmin software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. 2022-07-25 not yet calculated CVE-2022-36446
MISC
MISC
wechat — wechat In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user’s address book via wx.searchContacts. 2022-07-26 not yet calculated CVE-2021-40180
MISC
MISC
MISC
western_digital — sweet_b_library When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23003
MISC
western_digital — sweet_b_library When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23001
MISC
western_digital — sweet_b_library When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23002
MISC
western_digital — sweet_b_library
 
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23004
MISC
western_digital – western_digital_my_cloud The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an “SSL” context instead of “TLS” or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability. 2022-07-25 not yet calculated CVE-2022-23000
MISC
western_digital – western_digital_my_cloud Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user’s browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components. 2022-07-25 not yet calculated CVE-2022-22999
MISC
wikifaces_project — wikifaces The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party. 2022-07-22 not yet calculated CVE-2022-34509
MISC
MISC
MISC
wordpress — wordpress The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting 2022-07-25 not yet calculated CVE-2022-2115
MISC
wordpress — wordpress The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-07-25 not yet calculated CVE-2022-2219
MISC
wordpress — wordpress Authentication Bypass vulnerability in CodexShaper’s WP OAuth2 Server plugin <= 1.0.1 at WordPress. 2022-07-22 not yet calculated CVE-2022-34839
CONFIRM
CONFIRM
wordpress — wordpress The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-07-25 not yet calculated CVE-2022-2341
MISC
MISC
wordpress — wordpress Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla’s BxSlider WP plugin <= 2.0.0 at WordPress. 2022-07-27 not yet calculated CVE-2022-33943
CONFIRM
CONFIRM
wordpress — wordpress The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads 2022-07-25 not yet calculated CVE-2022-2299
MISC
wordpress — wordpress Authenticated WordPress Options Change vulnerability in Biplob Adhikari’s Flipbox plugin <= 2.6.0 at WordPress. 2022-07-25 not yet calculated CVE-2022-33969
CONFIRM
CONFIRM
wordpress — wordpress The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them. 2022-07-25 not yet calculated CVE-2022-2071
MISC
wordpress — wordpress The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. 2022-07-25 not yet calculated CVE-2022-0594
MISC
wordpress — wordpress The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks. 2022-07-25 not yet calculated CVE-2022-1539
MISC
wordpress — wordpress The SP Project & Document Manager WordPress plugin through 4.57 uses an easily guessable path to store user files, bad actors could use that to access other users’ sensitive files. 2022-07-25 not yet calculated CVE-2022-1551
MISC
wordpress — wordpress The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. 2022-07-25 not yet calculated CVE-2022-0899
MISC
wordpress — wordpress The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well 2022-07-25 not yet calculated CVE-2022-2072
MISC
wordpress — wordpress
 
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress. 2022-07-28 not yet calculated CVE-2022-35882
CONFIRM
CONFIRM
wordpress — wordpress
 
Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari’s Tabs plugin <= 3.6.0 at WordPress. 2022-07-25 not yet calculated CVE-2022-36375
CONFIRM
CONFIRM
wordpress — wordpress
 
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. 2022-07-29 not yet calculated CVE-2022-36378
CONFIRM
CONFIRM
wordpress — wordpress
 
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected. 2022-07-28 not yet calculated CVE-2016-0796
MISC
MISC
wordpress — wordpress
 
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the “Insert from URL” feature. NOTE: the XSS payload does not execute in the context of the WordPress instance’s domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. 2022-07-30 not yet calculated CVE-2022-33994
MISC
wordpress — wordpress
 
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. 2022-07-27 not yet calculated CVE-2022-33970
CONFIRM
CONFIRM
wpwax — team Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. 2022-07-22 not yet calculated CVE-2022-34853
CONFIRM
CONFIRM
wpwax — team Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. 2022-07-22 not yet calculated CVE-2022-34650
CONFIRM
CONFIRM
xen — tlp_flush insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. 2022-07-26 not yet calculated CVE-2022-33745
MISC
CONFIRM
MLIST
MLIST
FEDORA
xiaomi — smarthome information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. 2022-07-22 not yet calculated CVE-2020-14114
MISC
xiaomi — sound Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. 2022-07-22 not yet calculated CVE-2020-14126
MISC
xopen — xopen This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) 2022-07-25 not yet calculated CVE-2020-28447
CONFIRM
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33465
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. 2022-07-26 not yet calculated CVE-2021-33459
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. 2022-07-26 not yet calculated CVE-2021-33463
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33457
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33464
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. 2022-07-26 not yet calculated CVE-2021-33461
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33455
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. 2022-07-26 not yet calculated CVE-2021-33454
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. 2022-07-26 not yet calculated CVE-2021-33462
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33466
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33467
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33468
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33460
MISC
MISC
yasm — yasm An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c. 2022-07-26 not yet calculated CVE-2021-33456
MISC
MISC
zephyr — zephyr In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. 2022-07-26 not yet calculated CVE-2022-1041
MISC
zephyr — zephyr In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. 2022-07-26 not yet calculated CVE-2022-1042
MISC
zoho — manageengine_supportcenter_plus In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) 2022-07-26 not yet calculated CVE-2022-36412
MISC
zulip — zulip Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots. 2022-07-22 not yet calculated CVE-2022-31168
MISC
MISC
CONFIRM
zulip — zulip
 
In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. 2022-07-28 not yet calculated CVE-2016-4427
MISC
zulip — zulip
 
In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. 2022-07-28 not yet calculated CVE-2016-4426
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of April 11, 2022

04/18/2022 07:06 AM EDT

Original release date: April 18, 2022 | Last revised: April 19, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dell — emc_unity_operating_environment Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. 2022-04-08 10 CVE-2021-36287
MISC
foscam — fi9805e_firmware FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. 2022-04-08 10 CVE-2021-43517
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access 2022-04-08 10 CVE-2022-26854
MISC
kevinlab — 4st_l-bems An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. 2022-04-11 9 CVE-2021-37292
MISC
MISC
ritecms — ritecms RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. 2022-04-08 9 CVE-2021-46367
MISC
MISC
MISC
MISC
trendmicro — antivirus_for_mac A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. 2022-04-09 8.5 CVE-2022-27883
N/A
N/A
zyxel — vmg3312-t20a_firmware A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. 2022-04-11 7.7 CVE-2022-26413
CONFIRM
kevinlab — 4st_l-bems An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. 2022-04-11 7.5 CVE-2021-37291
MISC
MISC
laravel — laravel A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in RoutingPendingResourceRegistration.php, (2) __cal in QueueCapsuleManager.php, and (3) __invoke in mockerylibraryMockeryClosureWrapper.php. 2022-04-08 7.5 CVE-2021-43503
MISC
stopbadbots — block_and_stop_bad_bots The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection 2022-04-11 7.5 CVE-2022-0949
MISC
mruby — mruby Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. 2022-04-10 7.5 CVE-2022-1276
MISC
CONFIRM
school_club_application_system_project — school_club_application_system A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. 2022-04-09 7.5 CVE-2022-1287
N/A
fullpage_project — fullpage Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. 2022-04-11 7.5 CVE-2022-1295
CONFIRM
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. 2022-04-08 7.5 CVE-2022-26852
MISC
moguit — mogu_blog_cms mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. 2022-04-08 7.5 CVE-2022-27047
MISC
std42 — elfinder In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. 2022-04-11 7.5 CVE-2022-27115
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. 2022-04-10 7.5 CVE-2022-27126
MISC
zbzcms — zbzcms An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. 2022-04-10 7.5 CVE-2022-27128
MISC
zbzcms — zbzcms An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-10 7.5 CVE-2022-27129
MISC
zbzcms — zbzcms An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-10 7.5 CVE-2022-27131
MISC
zoo_management_system_project — zoo_management_system Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 7.5 CVE-2022-27351
MISC
MISC
MISC
ecommerce-website_project — ecommerce-website Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 7.5 CVE-2022-27357
MISC
MISC
MISC
newbee-mall_project — newbee-mall Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. 2022-04-10 7.5 CVE-2022-27477
MISC
movie_seat_reservation_project — movie_seat_reservation Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. 2022-04-08 7.5 CVE-2022-28001
MISC
MISC
zyxel — zyxel_ap_configurator A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. 2022-04-11 7.2 CVE-2022-0556
CONFIRM
google — android In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418. 2022-04-11 7.2 CVE-2022-20062
MISC
google — android In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. 2022-04-11 7.2 CVE-2022-20064
MISC
fujitsu — plugfree_network In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. 2022-04-11 7.2 CVE-2022-27089
MISC
linux — linux_kernel The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. 2022-04-11 7.2 CVE-2022-28893
MISC
MLIST
MLIST
MLIST

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642. 2022-04-11 6.9 CVE-2022-20052
MISC
google — android In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715. 2022-04-11 6.9 CVE-2022-20063
MISC
linux — linux_kernel jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. 2022-04-08 6.9 CVE-2022-28796
MISC
MISC
ibm — sterling_b2b_integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. 2022-04-08 6.8 CVE-2020-4668
XF
CONFIRM
webmin — webmin A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. 2022-04-11 6.8 CVE-2021-32156
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. 2022-04-11 6.8 CVE-2021-32157
MISC
webmin — webmin A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. 2022-04-11 6.8 CVE-2021-32159
MISC
webmin — webmin A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. 2022-04-11 6.8 CVE-2021-32162
MISC
libsixel_project — libsixel libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. 2022-04-08 6.8 CVE-2021-40656
MISC
libsixel_project — libsixel libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. 2022-04-08 6.8 CVE-2021-41715
MISC
kimai — kimai CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. 2022-04-08 6.8 CVE-2021-43515
MISC
zzcms — zzcms An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. 2022-04-08 6.8 CVE-2021-46436
MISC
qdpm — qdpm qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. 2022-04-08 6.8 CVE-2022-26180
MISC
MISC
libsixel_project — libsixel libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. 2022-04-08 6.8 CVE-2022-27044
MISC
libsixel_project — libsixel libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. 2022-04-08 6.8 CVE-2022-27046
MISC
bolt — bolt_cms Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. 2022-04-11 6.5 CVE-2021-40219
MISC
MISC
MISC
MISC
elbtide — advanced_booking_calendar The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks 2022-04-11 6.5 CVE-2022-1006
MISC
CONFIRM
ocdi — one_click_demo_import The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed 2022-04-11 6.5 CVE-2022-1008
MISC
CONFIRM
secondlinethemes — podcast_importer_secondline The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file 2022-04-11 6.5 CVE-2022-1023
CONFIRM
MISC
ibm — planning_analytics IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. 2022-04-08 6.5 CVE-2022-22339
XF
CONFIRM
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. 2022-04-08 6.5 CVE-2022-24428
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27061
MISC
MISC
MISC
musical_world_project — musical_world Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27064
MISC
MISC
MISC
ecommerce-website_project — ecommerce-website Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27346
MISC
MISC
MISC
socialcodia — social_codia_sms Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27349
MISC
MISC
MISC
simple_house_rental_system_project — simple_house_rental_system Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27352
MISC
MISC
MISC
zoo_management_system_project — zoo_management_system Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. 2022-04-08 6.5 CVE-2022-27992
MISC
MISC
car_rental_system_project — car_rental_system Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. 2022-04-08 6.5 CVE-2022-28000
MISC
MISC
dell — emc_unity_operating_environment Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files 2022-04-08 6.4 CVE-2021-36288
MISC
huawei — emui The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. 2022-04-11 6.4 CVE-2021-46742
MISC
MISC
radare — radare2 Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. 2022-04-11 6.4 CVE-2022-1296
CONFIRM
MISC
radare — radare2 Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. 2022-04-11 6.4 CVE-2022-1297
MISC
CONFIRM
dell — emc_powerscale_onefs Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. 2022-04-08 6.4 CVE-2022-26851
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. 2022-04-10 6.4 CVE-2022-27127
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. 2022-04-10 6.4 CVE-2022-27133
MISC
lua — lua singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. 2022-04-08 6.4 CVE-2022-28805
MISC
MISC
MISC
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There’s no easy workaround for this issue, administrators should upgrade their wiki. 2022-04-08 5.5 CVE-2022-24821
MISC
CONFIRM
febs-security_project — febs-security Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users’ personal information. 2022-04-10 5.5 CVE-2022-27958
MISC
ofcms_project — ofcms Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users’ personal information. 2022-04-10 5.5 CVE-2022-27960
MISC
claro — kaon_cg3000_firmware An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. 2022-04-08 5.2 CVE-2021-43483
MISC
ibm — system_storage_ds8000_management_console_firmware IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. 2022-04-11 5 CVE-2021-38929
CONFIRM
XF
ibm — system_storage_ds8000_management_console_firmware IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. 2022-04-11 5 CVE-2021-38930
CONFIRM
XF
huawei — emui The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 5 CVE-2021-40065
MISC
MISC
atutor — atutor An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. 2022-04-08 5 CVE-2021-43498
MISC
MISC
zlog_project — zlog A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. 2022-04-08 5 CVE-2021-43521
MISC
MISC
huawei — emui The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 5 CVE-2021-46740
MISC
MISC
wpdownloadmanager — wordpress_download_manager The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. 2022-04-11 5 CVE-2022-0828
MISC
salonbookingsystem — salon_booking_system The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other’s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. 2022-04-11 5 CVE-2022-0919
MISC
salonbookingsystem — salon_booking_system The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer’s data 2022-04-11 5 CVE-2022-0920
MISC
nsthemes — ns_watermark_for_woocommerce An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. 2022-04-11 5 CVE-2022-0989
MISC
pimcore — pimcore SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data 2022-04-08 5 CVE-2022-1219
MISC
CONFIRM
gnuboard — gnuboard5 Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the ‘Let others see my information.’ box is ticked off. 2022-04-11 5 CVE-2022-1252
CONFIRM
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. 2022-04-08 5 CVE-2022-24819
CONFIRM
MISC
os4ed — opensis Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. 2022-04-11 5 CVE-2022-27041
MISC
movie_seat_reservation_project — movie_seat_reservation Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. 2022-04-08 5 CVE-2022-28002
MISC
MISC
reprisesoftware — reprise_license_manager Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. 2022-04-09 5 CVE-2022-28365
MISC
MISC
MISC
zyxel — vmg3312-t20a_firmware A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. 2022-04-11 4.9 CVE-2022-26414
CONFIRM
dell — emc_unity_operating_environment Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. 2022-04-08 4.6 CVE-2021-36290
MISC
dell — emc_unity_operating_environment Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. 2022-04-08 4.6 CVE-2021-36293
MISC
ivanti — dsm_remote Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. 2022-04-11 4.6 CVE-2022-27088
MISC
pickplugins — post_grid The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form 2022-04-11 4.3 CVE-2021-24986
MISC
heateor — super_socializer The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. 2022-04-11 4.3 CVE-2021-24987
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. 2022-04-11 4.3 CVE-2021-32158
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. 2022-04-11 4.3 CVE-2021-32160
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. 2022-04-11 4.3 CVE-2021-32161
MISC
baijiacms_project — baijiacms An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password. 2022-04-11 4.3 CVE-2021-34250
MISC
opservices — opmon A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. 2022-04-08 4.3 CVE-2021-43009
MISC
MISC
thimpress — learnpress The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0271
MISC
presscustomizr — nimble_page_builder The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0314
MISC
realfavicongenerator — favicon_by_realfavicongenerator The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue 2022-04-11 4.3 CVE-2022-0471
MISC
CONFIRM
wpvivid — migration,_backup,_staging The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0531
MISC
atlasgondal — export_all_urls The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0892
MISC
atlasgondal — export_all_urls The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example 2022-04-11 4.3 CVE-2022-0914
MISC
elbtide — advanced_booking_calendar The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-04-11 4.3 CVE-2022-1007
MISC
CONFIRM
radare — radare2 NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash). 2022-04-08 4.3 CVE-2022-1283
CONFIRM
MISC
radare — radare2 heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. 2022-04-08 4.3 CVE-2022-1284
CONFIRM
MISC
school_club_application_system_project — school_club_application_system A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. 2022-04-09 4.3 CVE-2022-1288
N/A
onlyoffice — document_server A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. 2022-04-08 4.3 CVE-2022-24229
MISC
MISC
MISC
icehrm — icehrm A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. 2022-04-08 4.3 CVE-2022-26588
MISC
MISC
getbootstrap — bootstrap Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. 2022-04-08 4.3 CVE-2022-26624
MISC
MISC
asana — desktop Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. 2022-04-09 4.3 CVE-2022-26877
MISC
CONFIRM
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. 2022-04-08 4.3 CVE-2022-27063
MISC
MISC
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. 2022-04-10 4.3 CVE-2022-27125
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. 2022-04-08 4.3 CVE-2022-27145
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. 2022-04-08 4.3 CVE-2022-27146
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. 2022-04-08 4.3 CVE-2022-27147
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. 2022-04-08 4.3 CVE-2022-27148
MISC
reprisesoftware — reprise_license_manager Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. 2022-04-09 4.3 CVE-2022-28363
MISC
MISC
MISC
kevinlab — 4st_l-bems A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. 2022-04-11 4 CVE-2021-37293
MISC
MISC
webence — iq_block_country The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to “Zip Slip” vulnerability. 2022-04-11 4 CVE-2022-0246
MISC
online_banking_system_project — online_banking_system Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. 2022-04-08 4 CVE-2022-27991
MISC
jetbrains — ktor In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren’t using SecureRandom implementations 2022-04-11 4 CVE-2022-29035
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wpsofts — portfolio_gallery,_product_catalog_-_grid_kit_portfolio The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed 2022-04-11 3.5 CVE-2021-25090
MISC
premio — chaty Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 2022-04-11 3.5 CVE-2021-36846
CONFIRM
CONFIRM
sharethis — social_media_feather Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 2022-04-11 3.5 CVE-2021-36848
CONFIRM
CONFIRM
wpdarko — responsive_tabs Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 2022-04-11 3.5 CVE-2021-36893
CONFIRM
CONFIRM
w3eden — pricing_table Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 2022-04-11 3.5 CVE-2021-36896
CONFIRM
CONFIRM
wp-appbox_project — wp-appbox Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. 2022-04-11 3.5 CVE-2021-36910
CONFIRM
CONFIRM
ibm — curam_social_program_management IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. 2022-04-11 3.5 CVE-2021-39068
XF
CONFIRM
zzcms — zzcms An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. 2022-04-08 3.5 CVE-2021-46437
MISC
pickplugins — post_grid The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting 2022-04-11 3.5 CVE-2022-0447
MISC
pootlepress — easy_smooth_scroll_links The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-11 3.5 CVE-2022-0728
MISC
cybernetikz — easy_social_icons The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. 2022-04-11 3.5 CVE-2022-0840
MISC
autolabproject — autolab Cross-site Scripting (XSS) – Stored in GitHub repository autolab/autolab prior to 2.8.0. 2022-04-11 3.5 CVE-2022-0936
MISC
CONFIRM
vertistudio — image_optimization_ amp;_lazy_load_by_optimole The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its “Lazyload background images for selectors” settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-11 3.5 CVE-2022-0969
CONFIRM
MISC
trudesk_project — trudesk Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. 2022-04-11 3.5 CVE-2022-1045
CONFIRM
MISC
tableexport.jquery.plugin_project — tableexport.jquery.plugin XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers 2022-04-10 3.5 CVE-2022-1291
CONFIRM
MISC
ivanti — incapptic_connect An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. 2022-04-11 3.5 CVE-2022-22571
MISC
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. 2022-04-08 3.5 CVE-2022-27062
MISC
MISC
MISC
jflyfox — jfinal_cms Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. 2022-04-11 3.5 CVE-2022-27111
MISC
thedaylightstudio — fuel_cms Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. 2022-04-11 3.5 CVE-2022-27156
MISC
socialcodia — social_codia_sms Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. 2022-04-08 3.5 CVE-2022-27348
MISC
MISC
MISC
ofcms_project — ofcms A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. 2022-04-10 3.5 CVE-2022-27961
MISC
reprisesoftware — reprise_license_manager Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. 2022-04-09 3.5 CVE-2022-28364
MISC
MISC
MISC
roku — roku_os Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. 2022-04-08 2.7 CVE-2022-27152
MISC
dell — emc_powerscale_onefs Dell EMC Powerscale OneFS 8.2.x – 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. 2022-04-08 2.1 CVE-2022-22563
MISC
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. 2022-04-08 2.1 CVE-2022-26855
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
python — python
 
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). 2022-04-13 not yet calculated CVE-2015-20107
MISC
MISC
scheider_electric — sut_service
 
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0) 2022-04-13 not yet calculated CVE-2019-6834
MISC
bbraun — melsungen_ag_spacecom
 
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. 2022-04-14 not yet calculated CVE-2020-16238
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. 2022-04-14 not yet calculated CVE-2020-25150
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. 2022-04-14 not yet calculated CVE-2020-25152
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. 2022-04-14 not yet calculated CVE-2020-25154
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. 2022-04-14 not yet calculated CVE-2020-25156
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. 2022-04-14 not yet calculated CVE-2020-25158
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. 2022-04-14 not yet calculated CVE-2020-25160
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. 2022-04-14 not yet calculated CVE-2020-25162
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. 2022-04-14 not yet calculated CVE-2020-25164
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. 2022-04-14 not yet calculated CVE-2020-25166
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. 2022-04-14 not yet calculated CVE-2020-25168
CONFIRM
CONFIRM
fossies — froxlor
 
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. 2022-04-13 not yet calculated CVE-2020-29653
MISC
MISC
MISC
android — android
 
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114 2022-04-12 not yet calculated CVE-2021-0694
MISC
android — android
 
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-0707
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21914
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21938
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21939
MISC
accusoft — imagegear
 
An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21942
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21943
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21944
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21945
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21946
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21947
MISC
anycubic — chitubox_anycubic_plugin
 
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21948
MISC
accusoft — imagegear
 
An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21949
MISC
cloudlinux_inc — imunify360
 
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21956
MISC
sealevel_systems — seaconnect_370w
 
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21967
MISC
vmware — photon
 
The SchedulerServer in Vmware photon allows remote attackers to inject logs through r in the package parameter. Attackers can also insert malicious data and fake entries. 2022-04-11 not yet calculated CVE-2021-22055
MISC
schneider_electric — struxureware_data_center_expert
 
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) 2022-04-13 not yet calculated CVE-2021-22794
MISC
schneider_electric — struxureware_data_center_expert
 
A CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) 2022-04-13 not yet calculated CVE-2021-22795
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions) 2022-04-13 not yet calculated CVE-2021-22797
MISC
arista — eos
 
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. 2022-04-14 not yet calculated CVE-2021-28505
MISC
apache — subversion_svn
 
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal ‘copyfrom’ paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the ‘copyfrom’ path of the original. This also reveals the fact that the node was copied. Only the ‘copyfrom’ path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. 2022-04-12 not yet calculated CVE-2021-28544
MISC
DEBIAN
apache — struts
 
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{…} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. 2022-04-12 not yet calculated CVE-2021-31805
MISC
MLIST
mongodb — mongodb
 
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16. 2022-04-12 not yet calculated CVE-2021-32040
MISC
MISC
MISC
johnson_controls — metasys
 
Under certain circumstances the session token is not cleared on logout. 2022-04-15 not yet calculated CVE-2021-36205
CERT
CONFIRM
wordpress — wp_maintenance_(wordpress_plugin)
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs. 2022-04-15 not yet calculated CVE-2021-36828
CONFIRM
CONFIRM
caldera — calderalwp_license_manager_(wordpress_plugin)
 
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. 2022-04-12 not yet calculated CVE-2021-36914
CONFIRM
CONFIRM
microfocus — operations_bridge
 
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. 2022-04-11 not yet calculated CVE-2021-38125
MISC
android — android
 
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 2022-04-12 not yet calculated CVE-2021-39794
MISC
android — android
 
In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app’s dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-201667614 2022-04-12 not yet calculated CVE-2021-39795
MISC
android — android
 
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 2022-04-12 not yet calculated CVE-2021-39796
MISC
android — android
 
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 2022-04-12 not yet calculated CVE-2021-39797
MISC
android — android
 
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612 2022-04-12 not yet calculated CVE-2021-39798
MISC
android — android
 
In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 2022-04-12 not yet calculated CVE-2021-39799
MISC
android — android
 
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-39800
MISC
android — android
 
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-39801
MISC
android — android
 
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-39802
MISC
android — android
 
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350 2022-04-12 not yet calculated CVE-2021-39803
MISC
android — android
 
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587 2022-04-12 not yet calculated CVE-2021-39804
MISC
android — android
 
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559 2022-04-12 not yet calculated CVE-2021-39805
MISC
android — android
 
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496 2022-04-12 not yet calculated CVE-2021-39807
MISC
android — android
 
In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 2022-04-12 not yet calculated CVE-2021-39808
MISC
android — android
 
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 2022-04-12 not yet calculated CVE-2021-39809
MISC
android — android
 
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A 2022-04-12 not yet calculated CVE-2021-39812
MISC
android — android
 
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A 2022-04-12 not yet calculated CVE-2021-39814
MISC
simatic — s7-400_h
 
A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. 2022-04-12 not yet calculated CVE-2021-40368
CONFIRM
kaseya_unitrends — client/agent
 
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. 2022-04-15 not yet calculated CVE-2021-40386
MISC
moxa — mxview_series An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40390
MISC
moxa — mxview_series
 
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. 2022-04-14 not yet calculated CVE-2021-40392
MISC
accusoft — imagegear
 
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40398
MISC
gerbv — gerbv
 
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40400
MISC
gerbv — gerbv
 
An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40402
MISC
reolink — rlc-410w
 
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40405
MISC
swiftsensors — gateway_sg3-1010
 
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40422
MISC
webroot –secure_anywhere
 
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40424
MISC
webroot_secure_anywhere
 
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40425
MISC
soundexchange — libsox
 
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40426
MISC
redhat– openshift
 
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. 2022-04-11 not yet calculated CVE-2021-4047
MISC
arubanetworks — instant_on_1930_switch_series
 
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. 2022-04-12 not yet calculated CVE-2021-41004
MISC
arubanetworks — instant_on_1930_switch_series
 
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. 2022-04-12 not yet calculated CVE-2021-41005
MISC
wire — wire_server
 
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service for a heavily used server. The issue has been fixed in wire-server 2022-03-01 and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to 2022-03-01, so that their backends are no longer affected. There are no known workarounds for this issue. 2022-04-13 not yet calculated CVE-2021-41119
MISC
CONFIRM
siemens — simatic_step_7
 
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. 2022-04-12 not yet calculated CVE-2021-42029
CONFIRM
redcap — redcap
 
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client’s browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. 2022-04-13 not yet calculated CVE-2021-42136
MISC
MISC
MISC
seowon — seowon_130_slc_router Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. 2022-04-15 not yet calculated CVE-2021-42230
MISC
appguard — appguard_enterprise
 
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. 2022-04-12 not yet calculated CVE-2021-42255
MISC
MISC
cms_made_simple — cms_made_simple
 
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. 2022-04-13 not yet calculated CVE-2021-43154
MISC
github — one_time_password
 
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) 2022-04-11 not yet calculated CVE-2021-43177
MISC
mantisbt — mantisbt
 
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. 2022-04-14 not yet calculated CVE-2021-43257
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL “Test Connection” feature to execute arbitrary code. 2022-04-14 not yet calculated CVE-2021-43286
MISC
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. 2022-04-14 not yet calculated CVE-2021-43287
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. 2022-04-14 not yet calculated CVE-2021-43288
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename. 2022-04-14 not yet calculated CVE-2021-43289
MISC
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can’t control. 2022-04-14 not yet calculated CVE-2021-43290
MISC
MISC
MISC
MISC
annexxus — i3_international_inc_annexxus_camera
 
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the ‘UserPermission’ endpoint with the ID of created account and set it to ‘admin’ userType, successfully adding a second administrative account. 2022-04-11 not yet calculated CVE-2021-43442
MISC
sourcecodetester — sourcecodester_messaging_web_application
 
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. 2022-04-14 not yet calculated CVE-2021-43633
MISC
MISC
cmsimple — cms_made_simple_5.4 CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. 2022-04-13 not yet calculated CVE-2021-43741
MISC
MISC
cmsimple — cms_made_simple_5.4 CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. 2022-04-13 not yet calculated CVE-2021-43742
MISC
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44354
MISC
reolink — reolink_rlc_410W
 
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44355
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44356
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44357
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44366
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44375
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44394
MISC
yottadb — yottadb
 
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44481
MISC
yottadb — yottadb
 
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. 2022-04-15 not yet calculated CVE-2021-44482
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. 2022-04-15 not yet calculated CVE-2021-44483
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44484
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44485
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. 2022-04-15 not yet calculated CVE-2021-44486
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44487
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. 2022-04-15 not yet calculated CVE-2021-44488
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a “- digs” subtraction. 2022-04-15 not yet calculated CVE-2021-44489
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a “- (digs < 1 ? 1 : digs)” subtraction. 2022-04-15 not yet calculated CVE-2021-44490
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs– calculation. 2022-04-15 not yet calculated CVE-2021-44491
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44492
MISC
MISC
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. 2022-04-15 not yet calculated CVE-2021-44493
MISC
MISC
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44494
MISC
MISC
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. 2022-04-15 not yet calculated CVE-2021-44495
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution. 2022-04-15 not yet calculated CVE-2021-44496
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop. 2022-04-15 not yet calculated CVE-2021-44497
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44498
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. 2022-04-15 not yet calculated CVE-2021-44499
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. 2022-04-15 not yet calculated CVE-2021-44500
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44501
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. 2022-04-15 not yet calculated CVE-2021-44502
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault. 2022-04-15 not yet calculated CVE-2021-44503
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault. 2022-04-15 not yet calculated CVE-2021-44504
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. 2022-04-15 not yet calculated CVE-2021-44505
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. 2022-04-15 not yet calculated CVE-2021-44506
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44507
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44508
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. 2022-04-15 not yet calculated CVE-2021-44509
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. 2022-04-15 not yet calculated CVE-2021-44510
MISC
MISC
MISC
citrix — citrix_xenmobileserver
 
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. 2022-04-13 not yet calculated CVE-2021-44520
MISC
MISC
MISC
coins — coins_contruction_cloud An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. 2022-04-14 not yet calculated CVE-2021-45227
MISC
MISC
coins — coins_contruction_cloud An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. 2022-04-14 not yet calculated CVE-2021-45228
MISC
MISC
wizplat — wizplat_PD065
 
An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). 2022-04-13 not yet calculated CVE-2021-46167
MISC
MISC
MISC
MISC
palo_alto_networks — pan_os
 
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2. 2022-04-13 not yet calculated CVE-2022-0023
MISC
wordpress — visual_form_ builder_wordpress
 
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. 2022-04-12 not yet calculated CVE-2022-0140
MISC
wordpress — visual_form_ builder_wordpress The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks 2022-04-12 not yet calculated CVE-2022-0141
MISC
wordpress — visual_form_ builder_wordpress The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. 2022-04-12 not yet calculated CVE-2022-0142
MISC
schneider_electric — scadapack_ workbench
 
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior) 2022-04-13 not yet calculated CVE-2022-0221
MISC
github — grunt Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. 2022-04-12 not yet calculated CVE-2022-0436
CONFIRM
MISC
netty — netty_codec_http_maven_package
 
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11. 2022-04-11 not yet calculated CVE-2022-0552
MISC
MISC
MISC
aveva — aveva_system_platform AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. 2022-04-11 not yet calculated CVE-2022-0835
CONFIRM
CONFIRM
homeplug_green_phy — combined_charging_system
 
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards. 2022-04-12 not yet calculated CVE-2022-0878
CONFIRM
windows — logitech_sync
 
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. 2022-04-12 not yet calculated CVE-2022-0915
MISC
myscada — mypro An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. 2022-04-11 not yet calculated CVE-2022-0999
CONFIRM
lifepoint_informatics — patient_portal
 
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. 2022-04-11 not yet calculated CVE-2022-1067
MISC
gitlab — ce/ee
 
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged 2022-04-11 not yet calculated CVE-2022-1157
MISC
CONFIRM
rockwell_automation — logix_controllers
 
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. 2022-04-11 not yet calculated CVE-2022-1161
MISC
gitlab — ce/ee
 
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 10.8 prior to 14.8.5, and 10.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances 2022-04-11 not yet calculated CVE-2022-1193
CONFIRM
MISC
MISC
gitbug — plantuml
 
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see plantuml.com/de/running). 2022-04-15 not yet calculated CVE-2022-1231
MISC
CONFIRM
mcafee_agent — windows A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user’s %TEMP% directory with System privileges through manipulation of symbolic links. 2022-04-14 not yet calculated CVE-2022-1256
CONFIRM
mcafee_agent — linux_macos_windows Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. 2022-04-14 not yet calculated CVE-2022-1257
CONFIRM
mcafee_agent — epolicy_orchestrator A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. 2022-04-14 not yet calculated CVE-2022-1258
CONFIRM
tenable — d_link_routers A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. 2022-04-11 not yet calculated CVE-2022-1262
MISC
java_client — ebics
 
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. 2022-04-14 not yet calculated CVE-2022-1279
CONFIRM
linux — drivers_gpu_drm_drm_lease.c A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. 2022-04-13 not yet calculated CVE-2022-1280
MISC
MISC
github — mruby_mruby heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. 2022-04-10 not yet calculated CVE-2022-1286
CONFIRM
MISC
tildearrow — furnace A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. 2022-04-10 not yet calculated CVE-2022-1289
MISC
MISC
MISC
github — polonel_trudesk Stored XSS in “Name”, “Group Name” & “Title” in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-10 not yet calculated CVE-2022-1290
MISC
CONFIRM
mz_automation — liblec61850 In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. 2022-04-12 not yet calculated CVE-2022-1302
CONFIRM
e2sprogs — e2sprogs An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. 2022-04-14 not yet calculated CVE-2022-1304
MISC
github — zerotierone
 
ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation 2022-04-11 not yet calculated CVE-2022-1316
CONFIRM
MISC
mutt — uudecoder
 
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line 2022-04-14 not yet calculated CVE-2022-1328
MISC
MISC
CONFIRM
MLIST
github — alvarotrigo/fullpage.js stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss . 2022-04-12 not yet calculated CVE-2022-1330
MISC
CONFIRM
mattermost — api
 
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. 2022-04-13 not yet calculated CVE-2022-1332
MISC
mattermost _playbooks — webhooks
 
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. 2022-04-13 not yet calculated CVE-2022-1333
MISC
mattermost — image_proxy_component The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. 2022-04-13 not yet calculated CVE-2022-1337
MISC
github — elementcontroller.php SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data 2022-04-13 not yet calculated CVE-2022-1339
CONFIRM
MISC
github — stored_xss Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-13 not yet calculated CVE-2022-1344
CONFIRM
MISC
github — stored_xss Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-13 not yet calculated CVE-2022-1345
CONFIRM
MISC
github — stored_xss Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-13 not yet calculated CVE-2022-1346
CONFIRM
MISC
github — stored_xss Stored XSS in the “Username” & “Email” input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation 2022-04-13 not yet calculated CVE-2022-1347
MISC
CONFIRM
ghostpcl — gsmchunk.c A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. 2022-04-14 not yet calculated CVE-2022-1350
MISC
MISC
MISC
github — stored_xss Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. 2022-04-14 not yet calculated CVE-2022-1351
CONFIRM
MISC
github — lquixada/cross_fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. 2022-04-15 not yet calculated CVE-2022-1365
MISC
CONFIRM
github — snipe/snipe_it Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-16 not yet calculated CVE-2022-1380
CONFIRM
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658. 2022-04-11 not yet calculated CVE-2022-20065
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729. 2022-04-11 not yet calculated CVE-2022-20066
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585. 2022-04-11 not yet calculated CVE-2022-20067
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907. 2022-04-11 not yet calculated CVE-2022-20068
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160425; Issue ID: ALPS06160425. 2022-04-11 not yet calculated CVE-2022-20069
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID: ALPS06362920. 2022-04-11 not yet calculated CVE-2022-20070
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315. 2022-04-11 not yet calculated CVE-2022-20071
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. 2022-04-11 not yet calculated CVE-2022-20072
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. 2022-04-11 not yet calculated CVE-2022-20073
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301. 2022-04-11 not yet calculated CVE-2022-20074
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808. 2022-04-11 not yet calculated CVE-2022-20075
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. 2022-04-11 not yet calculated CVE-2022-20076
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. 2022-04-11 not yet calculated CVE-2022-20077
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. 2022-04-11 not yet calculated CVE-2022-20078
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. 2022-04-11 not yet calculated CVE-2022-20079
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. 2022-04-11 not yet calculated CVE-2022-20080
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919. 2022-04-11 not yet calculated CVE-2022-20081
MISC
cisco — embedded_wireless_controller
 
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. 2022-04-15 not yet calculated CVE-2022-20622
CISCO
cisco — catalyst_digital_building_series_and_catalyst_micro_switches Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20661
CISCO
cisco — tool_command_language
 
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. 2022-04-15 not yet calculated CVE-2022-20676
CISCO
cisco — iox_application_hosting_environment
 
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20677
CISCO
cisco — appnav_xe
 
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. 2022-04-15 not yet calculated CVE-2022-20678
CISCO
cisco — ipsec_decryption_routine
 
A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit. 2022-04-15 not yet calculated CVE-2022-20679
CISCO
cisco — catalyst_9000_family_switches_and_catalyst_9000_family_wireless_controllers
 
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device. 2022-04-15 not yet calculated CVE-2022-20681
CISCO
cisco — control_and_provisioning_of_wireless_access_points
 
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20682
CISCO
cisco — application_visibility_and_control
 
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20683
CISCO
cisco — simple_network_management_protocol
 
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20684
CISCO
cisco — netconf A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device. 2022-04-15 not yet calculated CVE-2022-20692
CISCO
cisco — ui A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. 2022-04-15 not yet calculated CVE-2022-20693
CISCO
cisco — resource_public_key_infrastructure A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. 2022-04-15 not yet calculated CVE-2022-20694
CISCO
cisco — wireless_lan_controller A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory. 2022-04-15 not yet calculated CVE-2022-20695
CISCO
cisco — web_services_interface A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20697
CISCO
cisco — data_plane_microcode_of_lightspeed_plus_line_cards A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card. 2022-04-15 not yet calculated CVE-2022-20714
CISCO
cisco — cli_of_cisco_sd_wan_software
 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. 2022-04-15 not yet calculated CVE-2022-20716
CISCO
cisco — netconf_process_of_ cisco_sd_wan_vedge_ routers A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20717
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20718
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20719
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20720
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20721
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20722
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20723
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20724
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20725
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20726
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20727
CISCO
cisco — catalyst_digital_building_series_switches_and_cisco_catalyst_micro_switches
 
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20731
CISCO
cisco — sd_wan_vmanage_software A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. 2022-04-15 not yet calculated CVE-2022-20735
CISCO
cisco — sd_wan_vmanage_software A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. 2022-04-15 not yet calculated CVE-2022-20739
CISCO
cisco — history_api_of_cisco_sd_wan_vmanage_software A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. 2022-04-15 not yet calculated CVE-2022-20747
CISCO
cisco — border_gateway_protocol_ethernet_vpn
 
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP updates only from explicitly defined peers. For this vulnerability to be exploited, the malicious BGP update message must either come from a configured, valid BGP peer or be injected by the attacker into the affected BGP network on an existing, valid TCP connection to a BGP peer. 2022-04-15 not yet calculated CVE-2022-20758
CISCO
cisco — 1000_series_connected_grid_router
 
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. 2022-04-15 not yet calculated CVE-2022-20761
CISCO
lansweeper — webuseractions.aspx
 
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21145
MISC
CONFIRM
leadtools — fltsavecmp
 
An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21154
MISC
CONFIRM
fernhill_scada_server_version — fhsvrservice.exe A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. 2022-04-12 not yet calculated CVE-2022-21155
MISC
mz_automation_gmbh_libiec61850 — parsenormalmodeparameters A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. 2022-04-15 not yet calculated CVE-2022-21159
MISC
CONFIRM
MISC
fuji_electric — alpha5 The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. 2022-04-12 not yet calculated CVE-2022-21168
MISC
fuji_electric — alpha5 The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. 2022-04-12 not yet calculated CVE-2022-21202
MISC
lansweeper — assetactions.aspx
 
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21210
MISC
CONFIRM
fuji_electric — alpha5 The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. 2022-04-12 not yet calculated CVE-2022-21214
MISC
fuji_electric — alpha5 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. 2022-04-12 not yet calculated CVE-2022-21228
MISC
lansweeper — echoassets.aspx An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21234
MISC
CONFIRM
nconf — json
 
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype. 2022-04-12 not yet calculated CVE-2022-21803
MISC
MISC
MISC
MISC
microsoft — windows Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. 2022-04-15 not yet calculated CVE-2022-21983
N/A
microsoft — windows Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. 2022-04-15 not yet calculated CVE-2022-22008
N/A
microsoft — windows Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. 2022-04-15 not yet calculated CVE-2022-22009
N/A
lansweeper — lansweeper
 
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-22149
MISC
CONFIRM
junos — web_juniper_networks A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim’s browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. 2022-04-14 not yet calculated CVE-2022-22181
CONFIRM
junos — web_juniper_networks A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. 2022-04-14 not yet calculated CVE-2022-22182
CONFIRM
junos — web_juniper_networks An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. 2022-04-14 not yet calculated CVE-2022-22183
CONFIRM
junos — web_juniper_networks A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when ‘preserve-incoming-fragment-size’ feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1. 2022-04-14 not yet calculated CVE-2022-22185
CONFIRM
junos — web_juniper_networks Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1. 2022-04-14 not yet calculated CVE-2022-22186
CONFIRM
windows_installer — improper_privilege_management_vulnerability
 
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. 2022-04-14 not yet calculated CVE-2022-22187
CONFIRM
junos_os — packet_forwarding_engine
 
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1. 2022-04-14 not yet calculated CVE-2022-22188
CONFIRM
junos_os — juniper_networks_ contrail_service_ orchestration
 
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. 2022-04-14 not yet calculated CVE-2022-22189
CONFIRM
junos_os — juniper_networks_paragon_active_assurance_ control_center
 
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0. 2022-04-14 not yet calculated CVE-2022-22190
CONFIRM
junos_os — juniper_networks_junosos
 
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. 2022-04-14 not yet calculated CVE-2022-22191
CONFIRM
junos_os — routing_protocol_daemon An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO. 2022-04-14 not yet calculated CVE-2022-22193
CONFIRM
junos_os — packetio_daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS. 2022-04-14 not yet calculated CVE-2022-22194
CONFIRM
junos_os — juniper_networks An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. 2022-04-14 not yet calculated CVE-2022-22195
CONFIRM
junos_os — routing_protocol_daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. 2022-04-14 not yet calculated CVE-2022-22196
CONFIRM
junos_os — routing_protocol_daemon An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO. 2022-04-14 not yet calculated CVE-2022-22197
CONFIRM
junos_os — sip_alg An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1. 2022-04-14 not yet calculated CVE-2022-22198
CONFIRM
huawei — android The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. 2022-04-11 not yet calculated CVE-2022-22253
MISC
MISC
huawei — android A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 not yet calculated CVE-2022-22254
MISC
MISC
huawei — android
 
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. 2022-04-11 not yet calculated CVE-2022-22255
MISC
MISC
huawei — android The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 not yet calculated CVE-2022-22256
MISC
MISC
huawei — android The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. 2022-04-11 not yet calculated CVE-2022-22257
MISC
MISC
huawei — android The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. 2022-04-11 not yet calculated CVE-2022-22258
MISC
MISC
SMA — SMA
 
** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. 2022-04-13 not yet calculated CVE-2022-22279
CONFIRM
IBM — aspera_high_speed_ transfer IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. 2022-04-14 not yet calculated CVE-2022-22391
XF
CONFIRM
sap — business_intelligence_platform SAP BusinessObjects Business Intelligence Platform – versions 420, 430, may allow legitimate users to access information they shouldn’t see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn’t or don’t need to have access. 2022-04-12 not yet calculated CVE-2022-22541
MISC
MISC
dell — powerscale_onefs Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. 2022-04-12 not yet calculated CVE-2022-22549
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. 2022-04-12 not yet calculated CVE-2022-22550
MISC
dell — powerscale_onefs Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. 2022-04-12 not yet calculated CVE-2022-22559
MISC
dell — powerscale_onefs Dell EMC PowerScale OneFS 8.1.x – 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. 2022-04-12 not yet calculated CVE-2022-22560
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. 2022-04-12 not yet calculated CVE-2022-22561
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. 2022-04-12 not yet calculated CVE-2022-22562
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. 2022-04-12 not yet calculated CVE-2022-22565
MISC
ivanti — incapptic_connect
 
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. 2022-04-11 not yet calculated CVE-2022-22572
MISC
MISC
vmware — workspace_one_access_and_ identity_manager VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. 2022-04-11 not yet calculated CVE-2022-22954
MISC
vmware — workspace_one_access VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. 2022-04-13 not yet calculated CVE-2022-22955
MISC
vmware — workspace_one_access VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. 2022-04-13 not yet calculated CVE-2022-22956
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. 2022-04-13 not yet calculated CVE-2022-22957
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. 2022-04-13 not yet calculated CVE-2022-22958
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. 2022-04-13 not yet calculated CVE-2022-22959
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to ‘root’. 2022-04-13 not yet calculated CVE-2022-22960
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. 2022-04-13 not yet calculated CVE-2022-22961
MISC
vmware — horizon_client_for_linux
 
VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. 2022-04-11 not yet calculated CVE-2022-22962
MISC
vmware — horizon_client_for_linux VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. 2022-04-11 not yet calculated CVE-2022-22964
MISC
vmware — cloud_director
 
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. 2022-04-14 not yet calculated CVE-2022-22966
MISC
vmware — spring_framework
 
In Spring Framework versions 5.3.0 – 5.3.18, 5.2.0 – 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. 2022-04-14 not yet calculated CVE-2022-22968
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, 8.2.2 – 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. 2022-04-12 not yet calculated CVE-2022-23159
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. 2022-04-12 not yet calculated CVE-2022-23160
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.x – 9.3.0.x contains a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. (of course this is temporary and will need to be adapted/reviewed as we determine the CWE with Srisimha Tummala ‘s help) 2022-04-12 not yet calculated CVE-2022-23161
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. 2022-04-12 not yet calculated CVE-2022-23163
MISC
spring_by_vmware — spring_framework Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537. 2022-04-15 not yet calculated CVE-2022-23257
N/A
microsoft — windows Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-23259
N/A
microsoft — windows Windows Hyper-V Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-23268
N/A
microsoft — windows Microsoft Power BI Spoofing Vulnerability. 2022-04-15 not yet calculated CVE-2022-23292
N/A
simatic — energy_manager_basic_and_manager_pro
 
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. 2022-04-12 not yet calculated CVE-2022-23448
CONFIRM
simatic — energy_manager_basic_and_manager_pro A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. 2022-04-12 not yet calculated CVE-2022-23449
CONFIRM
simatic — energy_manager_basic_and_manager_pro A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. 2022-04-12 not yet calculated CVE-2022-23450
CONFIRM
hpe_superdome_flex — servers
 
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. 2022-04-12 not yet calculated CVE-2022-23702
MISC
hpe — flash_arrays
 
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 2022-04-12 not yet calculated CVE-2022-23703
MISC
nyron — nyron_1.0
 
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject ‘”> on the thes1 parameter. 2022-04-15 not yet calculated CVE-2022-23865
MISC
subversion — mod_dav_svn Subversion’s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. 2022-04-12 not yet calculated CVE-2022-24070
MISC
MISC
MISC
DEBIAN
ritecms — admin_panel RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution. 2022-04-12 not yet calculated CVE-2022-24247
MISC
MISC
ritecms — admin_panel RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. 2022-04-12 not yet calculated CVE-2022-24248
MISC
MISC
madlib_object — madlib_object_utils
 
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676) 2022-04-15 not yet calculated CVE-2022-24279
CONFIRM
CONFIRM
automox_agent — windows_and_linux_and version_36_on_osx Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. 2022-04-13 not yet calculated CVE-2022-24308
MISC
MISC
fuji_electric — alpha_5 The affected product is vulnerable to an out-of-bounds read, which may result in code execution 2022-04-12 not yet calculated CVE-2022-24383
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. 2022-04-12 not yet calculated CVE-2022-24411
MISC
dell — powerscale_onefs
 
Dell EMC PowerScale OneFS 8.2.x – 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. 2022-04-12 not yet calculated CVE-2022-24412
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. 2022-04-12 not yet calculated CVE-2022-24413
MISC
microsoft — shaprepoint
 
Microsoft SharePoint Server Spoofing Vulnerability. 2022-04-15 not yet calculated CVE-2022-24472
N/A
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901. 2022-04-15 not yet calculated CVE-2022-24473
N/A
windows — win32k
 
Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. 2022-04-15 not yet calculated CVE-2022-24474
N/A
microsoft — windows
 
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24479
N/A
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. 2022-04-15 not yet calculated CVE-2022-24481
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540. 2022-04-15 not yet calculated CVE-2022-24482
N/A
microsoft — windows Windows Kernel Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-24483
N/A
microsoft — windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24538, CVE-2022-26784. 2022-04-15 not yet calculated CVE-2022-24484
N/A
microsoft — windows Win32 File Enumeration Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24485
N/A
microsoft — windows Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544. 2022-04-15 not yet calculated CVE-2022-24486
N/A
microsoft — windows Windows Local Security Authority (LSA) Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24487
N/A
microsoft — windows Windows Desktop Bridge Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24488
N/A
microsoft — windows Cluster Client Failover (CCF) Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24489
N/A
microsoft — windows Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785. 2022-04-15 not yet calculated CVE-2022-24490
N/A
microsoft — windows Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497. 2022-04-15 not yet calculated CVE-2022-24491
N/A
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809. 2022-04-15 not yet calculated CVE-2022-24492
N/A
microsoft — windows Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-24493
N/A
microsoft — windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24494
N/A
microsoft — windows Windows Direct Show – Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24495
N/A
microsoft — windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24496
N/A
microsoft — windows Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491. 2022-04-15 not yet calculated CVE-2022-24497
N/A
microsoft — windows Windows iSCSI Target Service Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-24498
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530. 2022-04-15 not yet calculated CVE-2022-24499
N/A
microsoft — windows Windows SMB Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24500
N/A
microsoft — windows Visual Studio Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24513
N/A
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481. 2022-04-15 not yet calculated CVE-2022-24521
N/A
microsoft — windows Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24527
N/A
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809. 2022-04-15 not yet calculated CVE-2022-24528
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499. 2022-04-15 not yet calculated CVE-2022-24530
N/A
microsoft — windows HEVC Video Extensions Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24532
N/A
microsoft — windows Remote Desktop Protocol Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24533
N/A
microsoft — windows Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. 2022-04-15 not yet calculated CVE-2022-24534
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-24536
N/A
microsoft — windows Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257. 2022-04-15 not yet calculated CVE-2022-24537
N/A
microsoft — windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-26784. 2022-04-15 not yet calculated CVE-2022-24538
N/A
microsoft — windows Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785. 2022-04-15 not yet calculated CVE-2022-24539<