CISA Provides Criteria and Process for Updates to the KEV Catalog

06/07/2022 09:13 AM EDT

Original release date: June 7, 2022

CISA has updated the Known Exploited Vulnerabilities (KEV) catalog webpage as well as the FAQs for Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, which established the KEV catalog. The updates provide information on the criteria and process used to add known exploited vulnerabilities to the KEV catalog.

CISA encourages users and administrators to review the new information.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

ICS GovDelivery Email Topics


Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

At the Cybersecurity and Infrastructure Agency (CISA), we are vigilant about finding innovative ways to get you the most actionable cyber threat information when you need it most.

CISA has made improvements to email notifications. Our subscriber content lists have been updated. The previous Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisory topics have been consolidated to streamline information sharing.

As of Thursday, May 18, you will be subscribed to CISA’s ICS Cybersecurity Advisories and Medical Advisories email alerts. The information you will receive includes greater actionable threat and vulnerability data from CISA and our partners.

If you don’t want to receive our emails, you can just check unsubscribe to all emails under the manage subscription link.


This email was sent to wpd5gttr9c@smartcybersecurity.eu using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202 GovDelivery logo

Guidance on Sharing Cyber Incident Information

04/07/2022 04:53 PM EDT

Original release date: April 7, 2022

CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.  

CISA uses this information from partners to build a common understanding of how adversaries are targeting U.S. networks and critical infrastructure sectors. This information fills critical information gaps and allows CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.  Click the fact sheet link to learn more and visit our Shields Up site for useful information.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of March 28, 2022

04/04/2022 11:19 AM EDT

Original release date: April 4, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
genians — genian_nac An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. 2022-03-25 10 CVE-2021-26622
MISC
dlink — dap-1360f1_firmware In DLink DAP-1360 F1 firmware version <=v6.10 in the “webupg” binary, an attacker can use the “file” parameter to execute arbitrary system commands when the parameter is “name=deleteFile” after being authorized. 2022-03-27 10 CVE-2021-44127
MISC
MISC
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-25880
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-25980
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26013
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26059
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26065
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26069
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26338
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26349
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26514
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26666
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26667
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26836
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26887
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-27175
CONFIRM
netgear — r8500_firmware NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. 2022-03-26 9 CVE-2022-27945
MISC
netgear — r8500_firmware NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. 2022-03-26 9 CVE-2022-27946
MISC
netgear — r8500_firmware NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. 2022-03-26 9 CVE-2022-27947
MISC
cef — fortessa_ftbtld_firmware Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. 2022-03-25 8.5 CVE-2021-44905
MISC
MISC
impresscms — impresscms ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. 2022-03-28 7.5 CVE-2021-26599
MISC
MISC
MISC
MISC
impresscms — impresscms ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). 2022-03-28 7.5 CVE-2021-26600
MISC
MISC
MISC
MISC
netu — mex01_firmware An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. 2022-03-25 7.5 CVE-2021-26621
MISC
predic8 — soa_model An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function. 2022-03-25 7.5 CVE-2021-43090
MISC
totolink — t10_v2_firmware Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. 2022-03-25 7.5 CVE-2021-43636
MISC
glpi-project — glpi A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. 2022-03-28 7.5 CVE-2021-44617
MISC
sophos — sfos An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. 2022-03-25 7.5 CVE-2022-1040
CONFIRM
sonicwall — sonicos A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. 2022-03-25 7.5 CVE-2022-22274
CONFIRM
synology — diskstation_manager Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. 2022-03-25 7.5 CVE-2022-22687
CONFIRM
westerndigital — my_cloud_pr2100_firmware The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. 2022-03-25 7.5 CVE-2022-22995
MISC
tuzicms — tuzicms TuziCMS 2.0.6 is affected by SQL injection in AppManageControllerBannerController.class.php. 2022-03-28 7.5 CVE-2022-23882
MISC
deno — deno Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. 2022-03-25 7.5 CVE-2022-24783
CONFIRM
notable — notable Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. 2022-03-27 7.5 CVE-2022-26198
MISC
marky_project — marky Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload. 2022-03-27 7.5 CVE-2022-26205
MISC
dlink — dir-820l_firmware D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp. 2022-03-28 7.5 CVE-2022-26258
MISC
MISC
MISC
MISC
xiaohuanxiong_project — xiaohuanxiong Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. 2022-03-28 7.5 CVE-2022-26268
MISC
eyoucms — eyoucms EyouCMS v1.5.4 was discovered to lack parameter filtering in usercontrollershop.php, leading to payment logic vulnerabilities. 2022-03-28 7.5 CVE-2022-26273
MISC
gradle — enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. 2022-03-25 7.5 CVE-2022-27919
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
mruby — mruby User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 2022-03-26 6.8 CVE-2022-1071
CONFIRM
MISC
typesettercms — typesetter TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. 2022-03-25 6.8 CVE-2022-25523
MISC
MISC
MISC
broadcom — tcpreplay tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. 2022-03-26 6.8 CVE-2022-27940
MISC
broadcom — tcpreplay tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. 2022-03-26 6.8 CVE-2022-27941
MISC
broadcom — tcpreplay tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. 2022-03-26 6.8 CVE-2022-27942
MISC
linux — linux_kernel An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. 2022-03-25 6.6 CVE-2022-0995
MISC
MISC
solarwinds — webhelpdesk SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. 2022-03-25 6.5 CVE-2021-35254
MISC
MISC
diyhi — bbs A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43097
MISC
diyhi — bbs A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. 2022-03-28 6.5 CVE-2021-43098
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43101
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43102
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43103
MISC
moodle — moodle An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. 2022-03-25 6.5 CVE-2022-0983
MISC
FEDORA
clusterlabs — pcs A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. 2022-03-25 6.5 CVE-2022-1049
MISC
fork-cms — fork_cms SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. 2022-03-25 6.5 CVE-2022-1064
MISC
CONFIRM
synology — diskstation_manager Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2022-03-25 6.5 CVE-2022-22688
CONFIRM
mruby — mruby use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 2022-03-27 6.4 CVE-2022-1106
MISC
CONFIRM
python — pillow Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. 2022-03-28 6.4 CVE-2022-24303
CONFIRM
MISC
alf-banco — alf-banco ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. 2022-03-25 6.4 CVE-2022-25577
MISC
duckduckgo — duckduckgo The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker’s web site. 2022-03-25 5.8 CVE-2021-44683
MISC
tinyrise — tinyshop A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllersadmin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. 2022-03-25 5.5 CVE-2020-21554
MISC
MISC
MISC
MISC
impresscms — impresscms ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. 2022-03-28 5.5 CVE-2021-26601
MISC
MISC
MISC
MISC
zlib — zlib zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. 2022-03-25 5 CVE-2018-25032
MISC
MISC
MLIST
MLIST
MISC
CONFIRM
MISC
MISC
DEBIAN
MLIST
iptime — nas101_firmware An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords. 2022-03-25 5 CVE-2021-26620
MISC
gnome — caribou A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. 2022-03-25 5 CVE-2021-3567
MISC
yeswiki — yeswiki An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. 2022-03-25 5 CVE-2021-43091
MISC
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. 2022-03-25 5 CVE-2021-44751
MISC
deltaww — diaenergie Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. 2022-03-25 5 CVE-2022-0988
CONFIRM
74cms — 74cms 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at indexcontrollerDownload.php. 2022-03-28 5 CVE-2022-26271
MISC
redhat — keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. 2022-03-25 4.3 CVE-2021-20323
MISC
leanote — leanote Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require(‘child_process’).exec(‘calc’);})();> 2022-03-28 4.3 CVE-2021-43721
MISC
spotweb_project — spotweb There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. 2022-03-28 4.3 CVE-2021-43725
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. 2022-03-28 4.3 CVE-2021-44208
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. 2022-03-28 4.3 CVE-2021-44209
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. 2022-03-28 4.3 CVE-2021-44210
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPTt substring. 2022-03-28 4.3 CVE-2021-44212
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. 2022-03-28 4.3 CVE-2021-44213
MISC
MISC
deltaww — cncsoft_screeneditor Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. 2022-03-25 4.3 CVE-2021-44768
CONFIRM
phpipam — phpipam phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. 2022-03-25 4.3 CVE-2021-46426
MISC
MISC
MISC
mapping_multiple_urls_redirect_same_page_project — mapping_multiple_urls_redirect_same_page The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0599
MISC
myceliumdesign — conference_scheduler The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0600
MISC
databasepeek_project — database_peek The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0619
MISC
deleteoldorders_project — delete_old_orders The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0620
MISC
dtabs_project — dtabs The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0621
MISC
ays-pro — popup_like_box The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0641
MISC
bank_mellat_project — bank_mellat The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0643
MISC
bulk_creator_project — bulk_creator The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0647
MISC
statamic — statamic Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user’s password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. 2022-03-25 4.3 CVE-2022-24784
MISC
MISC
CONFIRM
surveyking — surveyking SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. 2022-03-25 4.3 CVE-2022-25590
MISC
MISC
MISC
simpleajaxchat_project — simple_ajax_chat Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. 2022-03-25 4.3 CVE-2022-25610
CONFIRM
CONFIRM
yonyou — u8 Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. 2022-03-25 4.3 CVE-2022-26263
MISC
MISC
MISC
maccms — maccms Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. 2022-03-25 4.3 CVE-2022-26573
MISC
powerdns — authoritative_server In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. 2022-03-25 4.3 CVE-2022-27227
CONFIRM
CONFIRM
MISC
MISC
MLIST
maccms — maccms Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. 2022-03-25 4.3 CVE-2022-27884
MISC
maccms — maccms Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. 2022-03-25 4.3 CVE-2022-27885
MISC
maccms — maccms Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. 2022-03-25 4.3 CVE-2022-27886
MISC
maccms — maccms Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. 2022-03-25 4.3 CVE-2022-27887
MISC
mendelson — oftp2 Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. 2022-03-25 4.3 CVE-2022-27906
MISC
MISC
kiwix — libkiwix libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. 2022-03-25 4.3 CVE-2022-27920
MISC
MISC
FEDORA
libsixel_project — libsixel stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. 2022-03-26 4.3 CVE-2022-27938
MISC
broadcom — tcpreplay tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. 2022-03-26 4.3 CVE-2022-27939
MISC
gnu — gcc libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. 2022-03-26 4.3 CVE-2022-27943
MISC
MISC
3cx — 3cx 3CX System through 2022-03-17 stores cleartext passwords in a database. 2022-03-28 4 CVE-2021-45491
MISC
MISC
aapanel — aapanel aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). 2022-03-27 4 CVE-2022-26252
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
docker — docker_desktop Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. 2022-03-25 3.6 CVE-2022-26659
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. 2022-03-28 3.5 CVE-2021-44211
MISC
MISC
student_attendance_management_system_project — student_attendance_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. 2022-03-29 3.5 CVE-2021-45866
MISC
codedropz — drag_and_drop_multiple_file_upload_-_contact_form_7 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue 2022-03-28 3.5 CVE-2022-0595
MISC
CONFIRM
shopizer — shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. 2022-03-29 3.5 CVE-2022-23059
MISC
MISC
pearadmin — pear_admin_think A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. 2022-03-29 3.5 CVE-2022-23903
MISC
open-emr — openemr A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. 2022-03-25 3.5 CVE-2022-24643
MISC
MISC
MISC
douphp — douphp A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. 2022-03-25 3.5 CVE-2022-25574
MISC
MISC
classcms_project — classcms A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. 2022-03-25 3.5 CVE-2022-25582
MISC
wp-downloadmanager_project — wp-downloadmanager Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. 2022-03-25 3.5 CVE-2022-25606
CONFIRM
CONFIRM
press_tigers — simple_event_planner Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. 2022-03-25 3.5 CVE-2022-25611
CONFIRM
CONFIRM
press_tigers — simple_event_planner Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. 2022-03-25 3.5 CVE-2022-25612
CONFIRM
CONFIRM
joget — joget_dx Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. 2022-03-25 3.5 CVE-2022-26197
MISC
MISC
qemu — qemu A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_CMD_CREATE_MR” command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. 2022-03-25 2.1 CVE-2021-3582
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
iss — blackice_pc_protection
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2003-5001
MISC
MISC
MISC
iss — blackice_pc_protection
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2003-5002
MISC
iss — blackice_pc_protection
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2003-5003
MISC
netegrity — siteminder
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2005-10001
MISC
pro2col — stingray_fts
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2008-10001
MISC
MISC
shemes — grablt
 
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-03-28 not yet calculated CVE-2010-10001
MISC
MISC
MISC
kiddoware — kids_place A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component. 2022-03-28 not yet calculated CVE-2015-10002
N/A
yubico — ykneo-openpgp
 
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. 2022-03-30 not yet calculated CVE-2015-3298
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20011
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20012
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20013
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20014
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20015
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20016
MISC
MISC
MISC
mirmay — secure_private_browser_and_file_manager
 
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. 2022-03-28 not yet calculated CVE-2018-25030
N/A
N/A
MISC
wyze — cam_pan
 
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. 2022-03-30 not yet calculated CVE-2019-12266
MISC
linux — business_central_console
 
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. 2022-04-01 not yet calculated CVE-2019-14839
MISC
wyze — cam_pan
 
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. 2022-03-30 not yet calculated CVE-2019-9564
CONFIRM
inductive_automation — inductive_automation_ignition_7_gateway Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server 2022-04-01 not yet calculated CVE-2020-14479
MISC
nexusphp — nexusphp
 
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. 2022-03-30 not yet calculated CVE-2020-24769
MISC
MISC
MISC
nexusphp — nexusphp
 
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2022-03-30 not yet calculated CVE-2020-24770
MISC
MISC
MISC
nexusphp — nexusphp
 
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. 2022-03-30 not yet calculated CVE-2020-24771
MISC
MISC
linux — linux
 
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. 2022-04-01 not yet calculated CVE-2020-25691
MISC
linux — linux_kernels
 
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem 2022-03-30 not yet calculated CVE-2020-35501
MISC
android — android
 
In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185190688 2022-03-30 not yet calculated CVE-2021-1000
MISC
android — android
 
In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185247656 2022-03-30 not yet calculated CVE-2021-1033
MISC
qualcomm — qualcomm
 
Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-1942
CONFIRM
qualcomm — qualcomm
 
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-1950
CONFIRM
linux — linux
 
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally. 2022-04-01 not yet calculated CVE-2021-20238
MISC
linux — linux
 
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: access.redhat.com/security/cve/CVE-2020-10756. 2022-04-01 not yet calculated CVE-2021-20295
MISC
MISC
pfsense — pfsense_ce_and_plus
 
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. 2022-03-31 not yet calculated CVE-2021-20729
MISC
MISC
abb — 800xa_control
 
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite – Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. 2022-04-01 not yet calculated CVE-2021-22277
MISC
google — data_transfer_project
 
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit github.com/google/data-transfer-project/pull/969 2022-03-29 not yet calculated CVE-2021-22572
CONFIRM
google — data_transfer_project
 
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine 2022-04-01 not yet calculated CVE-2021-23247
MISC
ipm — intelligent_power_manager
 
The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. 2022-04-01 not yet calculated CVE-2021-23287
MISC
ipp — inteligent_power_protector
 
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. 2022-04-01 not yet calculated CVE-2021-23288
MISC
bosch — cpp_firmware
 
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. 2022-03-30 not yet calculated CVE-2021-23850
CONFIRM
bosch — cpp_firmware
 
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. 2022-03-30 not yet calculated CVE-2021-23851
CONFIRM
wpscan — wpscan
 
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the “Enable ‘More’ icon” option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue. 2022-03-28 not yet calculated CVE-2021-24746
MISC
wordpress — file_upload_free_and_pro
 
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. 2022-03-28 not yet calculated CVE-2021-24962
MISC
CONFIRM
wpscan — osmapper_wordpress_plugin
 
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named ‘map’ and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog 2022-03-28 not yet calculated CVE-2021-24978
MISC
wpscan — pz-linkcard_wordpress
 
The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues 2022-03-28 not yet calculated CVE-2021-25012
MISC
wpscan — wow_countdowns_wordpress_plugin
 
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. 2022-03-28 not yet calculated CVE-2021-25064
MISC
wpscan — sync_woocommerce_product_feed
 
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the ‘feed_id’ POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard 2022-03-28 not yet calculated CVE-2021-25068
MISC
wpscan — black_bad_bots_wordpress_plugin
 
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue 2022-03-28 not yet calculated CVE-2021-25070
MISC
wpscan — wordpress_plugin
 
The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-03-28 not yet calculated CVE-2021-25071
MISC
impresscms — impresscms
 
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). 2022-03-28 not yet calculated CVE-2021-26598
MISC
MISC
MISC
MISC
microsoft — bandzip
 
A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. 2022-04-01 not yet calculated CVE-2021-26623
MISC
linux — escan_anti-virus_for_ linux
 
An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. 2022-04-01 not yet calculated CVE-2021-26624
MISC
kaspersky — multiple_products
 
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS 2022-04-01 not yet calculated CVE-2021-27223
MISC
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. 2022-04-01 not yet calculated CVE-2021-27493
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. 2022-04-01 not yet calculated CVE-2021-27497
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. 2022-04-01 not yet calculated CVE-2021-27501
CONFIRM
CONFIRM
arista — eos_platforms
 
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. 2022-04-01 not yet calculated CVE-2021-28504
MISC
snapdragon — multple_products
 
Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-30328
CONFIRM
snapdragon — multple_products
 
Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-30329
CONFIRM
snapdragon — multple_products
 
Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-30331
CONFIRM
snapdragon — multple_products
 
Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-30332
CONFIRM
snapdragon — multple_products
 
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-30333
CONFIRM
sick — sick
 
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. 2022-04-01 not yet calculated CVE-2021-32503
MISC
mdt_software — mdt_autosave
 
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. 2022-04-01 not yet calculated CVE-2021-32933
CONFIRM
mdt_software — mdt_autosave
 
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. 2022-04-01 not yet calculated CVE-2021-32937
CONFIRM
mdt_software — mdt_autosave An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. 2022-04-01 not yet calculated CVE-2021-32945
CONFIRM
mdt_software — mdt_autosave An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. 2022-04-01 not yet calculated CVE-2021-32949
CONFIRM
mdt_software — mdt_autosave An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. 2022-04-01 not yet calculated CVE-2021-32953
CONFIRM
mdt_software — mdt_autosave
 
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. 2022-04-01 not yet calculated CVE-2021-32957
CONFIRM
rockwell_automation — factorytalk_services_platform
 
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. 2022-04-01 not yet calculated CVE-2021-32960
CONFIRM
CONFIRM
mdt_software — mdt_autosave
 
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. 2022-04-01 not yet calculated CVE-2021-32961
CONFIRM
moxa — nport
 
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. 2022-04-01 not yet calculated CVE-2021-32968
CONFIRM
CONFIRM
moxa — nport Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. 2022-04-01 not yet calculated CVE-2021-32970
CONFIRM
CONFIRM
moxa — nport Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. 2022-04-01 not yet calculated CVE-2021-32974
CONFIRM
CONFIRM
moxa — nport Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. 2022-04-01 not yet calculated CVE-2021-32976
CONFIRM
CONFIRM
phillips — vue_pacs
 
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. 2022-04-01 not yet calculated CVE-2021-33018
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. 2022-04-01 not yet calculated CVE-2021-33020
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. 2022-04-01 not yet calculated CVE-2021-33022
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. 2022-04-01 not yet calculated CVE-2021-33024
CONFIRM
CONFIRM
blackarrow — mashzone_nextgen The “Register an Ehcache Configuration File” admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. 2022-03-30 not yet calculated CVE-2021-33208
MISC
MISC
blackarrow — mashzone_nextgen
 
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController. 2022-03-30 not yet calculated CVE-2021-33523
MISC
MISC
blackarrow — mashzone_nextgen MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. 2022-03-30 not yet calculated CVE-2021-33581
MISC
MISC
sdl — sdl
 
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. 2022-04-01 not yet calculated CVE-2021-33657
MISC
splunk — splunk_enterprise
 
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. 2022-03-25 not yet calculated CVE-2021-3422
MISC
MISC
wordpress — wpanel
 
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard’s Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. 2022-03-31 not yet calculated CVE-2021-34257
MISC
MISC
foreman — salt_plugin
 
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. 2022-03-30 not yet calculated CVE-2021-3456
MISC
keycloak — keycloak
 
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. 2022-04-01 not yet calculated CVE-2021-3461
MISC
snapdragon — multple_products
 
Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-35088
CONFIRM
snapdragon — snapdragon_auto Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto 2022-04-01 not yet calculated CVE-2021-35089
CONFIRM
snapdragon — multple_products Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-35103
CONFIRM
snapdragon — multple_products Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-35105
CONFIRM
snapdragon — multple_products Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-35106
CONFIRM
snapdragon — multple_products Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-35110
CONFIRM
snapdragon — multple_products Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-35115
CONFIRM
snapdragon — multple_products
 
An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-04-01 not yet calculated CVE-2021-35117
CONFIRM
dolibarr — erp_crm An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. 2022-03-31 not yet calculated CVE-2021-36625
MISC
dolibarr — erp_crm An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. 2022-03-31 not yet calculated CVE-2021-37517
MISC
mandiant — rsa_archer
 
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. 2022-03-30 not yet calculated CVE-2021-38362
MISC
MISC
MISC
linux — linux_kernel
 
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. 2022-04-01 not yet calculated CVE-2021-3847
MISC
MISC
android — arraymap
 
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 2022-03-30 not yet calculated CVE-2021-39739
MISC
android — messaging
 
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 2022-03-30 not yet calculated CVE-2021-39740
MISC
android — keymaster
 
In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719 2022-03-30 not yet calculated CVE-2021-39741
MISC
android — voicemail
 
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602 2022-03-30 not yet calculated CVE-2021-39742
MISC
android — packagemanager
 
In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884 2022-03-30 not yet calculated CVE-2021-39743
MISC
android — devicepolicymanager
 
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136 2022-03-30 not yet calculated CVE-2021-39744
MISC
android — devicepolicymanager
 
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671 2022-03-30 not yet calculated CVE-2021-39745
MISC
android — permissioncontroller
 
In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395 2022-03-30 not yet calculated CVE-2021-39746
MISC
android — settings_provider
 
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208268457 2022-03-30 not yet calculated CVE-2021-39747
MISC
android — inputmethodeditor
 
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203777141 2022-03-30 not yet calculated CVE-2021-39748
MISC
android — windowsmanager
 
In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 2022-03-30 not yet calculated CVE-2021-39749
MISC
android — packagemanager
 
In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016 2022-03-30 not yet calculated CVE-2021-39750
MISC
android — settings
 
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 2022-03-30 not yet calculated CVE-2021-39751
MISC
android — bubbles
 
In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848 2022-03-30 not yet calculated CVE-2021-39752
MISC
android — domainverificationservice
 
In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185 2022-03-30 not yet calculated CVE-2021-39753
MISC
android — contextlmpl
 
In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709 2022-03-30 not yet calculated CVE-2021-39754
MISC
android — devicepolicymanager
 
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407 2022-03-30 not yet calculated CVE-2021-39755
MISC
android — framework
 
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287 2022-03-30 not yet calculated CVE-2021-39756
MISC
android — permissionconroller
 
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 2022-03-30 not yet calculated CVE-2021-39757
MISC
android — windowmanager
 
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886 2022-03-30 not yet calculated CVE-2021-39758
MISC
android — libstagefright
 
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830 2022-03-30 not yet calculated CVE-2021-39759
MISC
android — audioservice
 
In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526 2022-03-30 not yet calculated CVE-2021-39760
MISC
android — media
 
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181 2022-03-30 not yet calculated CVE-2021-39761
MISC
android — tremolo
 
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 2022-03-30 not yet calculated CVE-2021-39762
MISC
android — settings
 
In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115 2022-03-30 not yet calculated CVE-2021-39763
MISC
android — settings
 
In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995 2022-03-30 not yet calculated CVE-2021-39764
MISC
android — gallery
 
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427 2022-03-30 not yet calculated CVE-2021-39765
MISC
android — settings
 
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421 2022-03-30 not yet calculated CVE-2021-39766
MISC
android — miniadb
 
In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 2022-03-30 not yet calculated CVE-2021-39767
MISC
android — settings
 
In Settings, there is a possible way to add an auto-connect WiFi network without the user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876 2022-03-30 not yet calculated CVE-2021-39768
MISC
android — device_policy In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193663287 2022-03-30 not yet calculated CVE-2021-39769
MISC
android — framework
 
In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193033501 2022-03-30 not yet calculated CVE-2021-39770
MISC
android — settings
 
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 2022-03-30 not yet calculated CVE-2021-39771
MISC
android — bluetooth
 
In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 2022-03-30 not yet calculated CVE-2021-39772
MISC
android — vpnmanagerservice
 
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656 2022-03-30 not yet calculated CVE-2021-39773
MISC
android — bluetooth
 
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472 2022-03-30 not yet calculated CVE-2021-39774
MISC
android — people
 
In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854 2022-03-30 not yet calculated CVE-2021-39775
MISC
android — nfc
 
In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125 2022-03-30 not yet calculated CVE-2021-39776
MISC
android — telephony
 
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 2022-03-30 not yet calculated CVE-2021-39777
MISC
android — telecomm
 
In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138 2022-03-30 not yet calculated CVE-2021-39778
MISC
android — getcallstateusingpackage_of_telecom_service
 
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974 2022-03-30 not yet calculated CVE-2021-39779
MISC
android — traceur
 
In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293 2022-03-30 not yet calculated CVE-2021-39780
MISC
android — smscontroller 
 
In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502 2022-03-30 not yet calculated CVE-2021-39781
MISC
android — telephony
 
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 2022-03-30 not yet calculated CVE-2021-39782
MISC
android — rcsservice
 
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 2022-03-30 not yet calculated CVE-2021-39783
MISC
android — cellbroadcastreceiver
 
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 2022-03-30 not yet calculated CVE-2021-39784
MISC
android — nfc
 
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247 2022-03-30 not yet calculated CVE-2021-39786
MISC
android — systemui
 
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934 2022-03-30 not yet calculated CVE-2021-39787
MISC
android — telecommanager In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014 2022-03-30 not yet calculated CVE-2021-39788
MISC
android — telecom
 
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 2022-03-30 not yet calculated CVE-2021-39789
MISC
android — dialer
 
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146 2022-03-30 not yet calculated CVE-2021-39790
MISC
android — wallpapermanagerservice
 
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606 2022-03-30 not yet calculated CVE-2021-39791
MISC
gitlab — gitlab
 
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. 2022-03-28 not yet calculated CVE-2021-39876
MISC
CONFIRM
MISC
gitlab — gitlab
 
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. 2022-04-01 not yet calculated CVE-2021-39908
MISC
CONFIRM
MISC
oasys — oa_system
 
An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. 2022-03-30 not yet calculated CVE-2021-40644
MISC
MISC
glorylion — jfinaloa
 
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. 2022-03-30 not yet calculated CVE-2021-40645
MISC
MISC
rsa — archer
 
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. 2022-03-30 not yet calculated CVE-2021-41594
MISC
MISC
gitlab — gitlab_ce_ee
 
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. 2022-03-28 not yet calculated CVE-2021-4191
MISC
MISC
CONFIRM
pixelimity — pixelimity
 
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php 2022-03-31 not yet calculated CVE-2021-42866
MISC
danpros — htmly
 
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. 2022-03-31 not yet calculated CVE-2021-42867
MISC
MISC
chikista — patient_management_software
 
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . 2022-03-31 not yet calculated CVE-2021-42868
MISC
MISC
chikista — patient_management_software
 
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. 2022-03-31 not yet calculated CVE-2021-42869
MISC
MISC
draytek — vigor
 
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. 2022-03-29 not yet calculated CVE-2021-42911
MISC
htmly — htmly
 
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. 2022-03-31 not yet calculated CVE-2021-42946
MISC
cbkhwx — cxuucms Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. 2022-03-29 not yet calculated CVE-2021-42970
MISC
diyhi — bbs
 
An Archive Extraction (AKA “Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). 2022-03-28 not yet calculated CVE-2021-43099
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 not yet calculated CVE-2021-43100
MISC
technitium — dns_server
 
A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. 2022-03-28 not yet calculated CVE-2021-43105
MISC
online_shopping_system — online_shopping_system An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. 2022-03-29 not yet calculated CVE-2021-43109
MISC
online_shopping_system — online_shopping_system An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. 2022-03-29 not yet calculated CVE-2021-43110
MISC
draytek — vigor
 
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. 2022-03-29 not yet calculated CVE-2021-43118
MISC
joxsaxbeaninput — joxsaxbeaninput
 
An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. 2022-03-30 not yet calculated CVE-2021-43142
MISC
hoosk — hoosk
 
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. 2022-03-31 not yet calculated CVE-2021-43478
MISC
secretary — secretary
 
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. 2022-03-31 not yet calculated CVE-2021-43479
MISC
simple_client_management_system — simple_client_management_system 
 
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. 2022-03-31 not yet calculated CVE-2021-43484
MISC
ssocourcecodester — simple_client_management_system
 
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. 2022-03-31 not yet calculated CVE-2021-43505
MISC
ssocourcecodester — simple_client_management_system
 
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. 2022-03-31 not yet calculated CVE-2021-43506
MISC
totolink — ex300
 
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. 2022-03-31 not yet calculated CVE-2021-43661
MISC
totolink — ex300 totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. 2022-03-31 not yet calculated CVE-2021-43662
MISC
totolink — ex300 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. 2022-03-31 not yet calculated CVE-2021-43663
MISC
totolink — ex300
 
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process&nbsp;forceugpo. 2022-03-30 not yet calculated CVE-2021-43664
MISC
cszcms — cszcms CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. 2022-03-29 not yet calculated CVE-2021-43701
MISC
MISC
MISC
maccmspro — maccms
 
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. 2022-03-31 not yet calculated CVE-2021-43707
MISC
dlink — dir_645
 
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. 2022-03-31 not yet calculated CVE-2021-43722
MISC
MISC
open5gs — open5gs
 
A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. 2022-03-29 not yet calculated CVE-2021-44081
MISC
pentest — pentest
 
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. 2022-03-29 not yet calculated CVE-2021-44082
MISC
MISC
MISC
konga — konga
 
Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter. 2022-03-28 not yet calculated CVE-2021-44103
MISC
MISC
hiby — hiby
 
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device’s File System over HTTP. 2022-03-28 not yet calculated CVE-2021-44124
MISC
MISC
pagekit — pagekit
 
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. 2022-04-01 not yet calculated CVE-2021-44135
MISC
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool
 
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. 2022-03-30 not yet calculated CVE-2021-44310
MISC
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool
 
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. 2022-03-30 not yet calculated CVE-2021-44312
MISC
kreado — kreasfero
 
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. 2022-03-29 not yet calculated CVE-2021-44581
MISC
MISC
mepsan — usc
 
A vulnerability in MEPSAN’s USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. 2022-03-30 not yet calculated CVE-2021-45031
CONFIRM
3cx — 3cx_client_for_windows The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 2022-03-28 not yet calculated CVE-2021-45490
MISC
MISC
sourcecodester — student_attendance_manageent_system A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. 2022-03-29 not yet calculated CVE-2021-45865
MISC
vivoh — webinar_manager
 
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf. 2022-03-30 not yet calculated CVE-2021-45900
MISC
MISC
totolink — a3100r
 
In Totolink A3100R V5.9c.4577, “test.asp” contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. 2022-03-30 not yet calculated CVE-2021-46006
MISC
MISC
MISC
totolink — a3100r

 

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the “ping” command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. 2022-03-30 not yet calculated CVE-2021-46007
MISC
MISC
MISC
totolink — a3100r
 
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. 2022-03-30 not yet calculated CVE-2021-46008
MISC
MISC
MISC
totolink — a3100r
 
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. 2022-03-30 not yet calculated CVE-2021-46009
MISC
MISC
MISC
totolink — a3100r
 
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. 2022-03-30 not yet calculated CVE-2021-46010
MISC
MISC
MISC
fenom_template — fenom
 
In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true. 2022-03-28 not yet calculated CVE-2021-46433
MISC
emqx — dashboard
 
** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the “/api /v3/auth” interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid. 2022-03-28 not yet calculated CVE-2021-46434
MISC
firebase — php
 
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. 2022-03-29 not yet calculated CVE-2021-46743
MISC
gitlab — gitlab
 
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services. 2022-03-28 not yet calculated CVE-2022-0123
CONFIRM
MISC
gitlab — gitlab
 
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. 2022-03-28 not yet calculated CVE-2022-0136
MISC
CONFIRM
MISC
gitlab — gitlab
 
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. 2022-03-28 not yet calculated CVE-2022-0249
MISC
MISC
CONFIRM
gitlab — gitlab
 
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. 2022-03-28 not yet calculated CVE-2022-0283
MISC
CONFIRM
sophos — sophos_firewall
 
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. 2022-03-29 not yet calculated CVE-2022-0331
CONFIRM
zyxel — cgi_program
 
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. 2022-03-28 not yet calculated CVE-2022-0342
CONFIRM
android — android
 
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2 2022-03-29 not yet calculated CVE-2022-0343
MISC
gitlab– gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project 2022-03-28 not yet calculated CVE-2022-0344
MISC
CONFIRM
MISC
github — github_repository
 
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13. 2022-03-31 not yet calculated CVE-2022-0350
MISC
CONFIRM
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. 2022-03-28 not yet calculated CVE-2022-0371
MISC
CONFIRM
gitlab — gitlab Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address 2022-04-01 not yet calculated CVE-2022-0373
MISC
MISC
CONFIRM
wpscan — interactive_medical_drawing_of_human_body
 
The Interactive Medical Drawing of Human Body WordPress plugin through 1.0 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-03-28 not yet calculated CVE-2022-0388
MISC
gitlab — gitlab
 
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. 2022-04-01 not yet calculated CVE-2022-0390
CONFIRM
MISC
MISC
wpscan — wpc_smart_wishlist_for_woocommerce_
wordpress_plugin
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action’s response (available to any authenticated user), leading to a Reflected Cross-Site Scripting 2022-03-28 not yet calculated CVE-2022-0397
MISC
irker — irc_gateway_integration
 
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. 2022-04-01 not yet calculated CVE-2022-0425
MISC
CONFIRM
gitlab — jupyter_notebooks
 
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user’s behalf leading to potential account takeover 2022-03-28 not yet calculated CVE-2022-0427
MISC
CONFIRM
MISC
wpscan — menu_image
 
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend 2022-03-28 not yet calculated CVE-2022-0450
MISC
wpscan — popup_builder_wordpress_plugin
 
The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link 2022-03-28 not yet calculated CVE-2022-0479
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. 2022-03-28 not yet calculated CVE-2022-0488
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. 2022-04-01 not yet calculated CVE-2022-0489
MISC
MISC
CONFIRM
wpscan — string_locator_wordpress_plugin The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed. 2022-03-28 not yet calculated CVE-2022-0493
MISC
CONFIRM
wpscan — sermon_browser_wordpress_plugin
 
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. 2022-03-28 not yet calculated CVE-2022-0499
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. 2022-03-28 not yet calculated CVE-2022-0549
MISC
CONFIRM
wpscan — narnoo_distributor_wordpress_plugin
 
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it’s configuration. 2022-03-28 not yet calculated CVE-2022-0679
MISC
wpscan — plezi_wordpress_plugin
 
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue 2022-03-28 not yet calculated CVE-2022-0680
MISC
wpscan — amelia_wordpress_plugin
 
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other’s booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 2022-03-28 not yet calculated CVE-2022-0720
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. 2022-03-28 not yet calculated CVE-2022-0735
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. 2022-03-28 not yet calculated CVE-2022-0738
MISC
CONFIRM
gitlab — gitlab
 
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. 2022-04-01 not yet calculated CVE-2022-0741
MISC
MISC
CONFIRM
gitlab — gitlab
 
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands 2022-03-28 not yet calculated CVE-2022-0751
MISC
CONFIRM
MISC
wpscan — translate_wordpress_with_gtranslate_wordpress_plugin
 
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user’s cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page 2022-03-28 not yet calculated CVE-2022-0770
MISC
wpscan — title_experiements_free_wordpress_plugin
 
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection 2022-03-28 not yet calculated CVE-2022-0784
MISC
wpscan — limit_login_attempts_wordpress_plugin
 
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections 2022-03-28 not yet calculated CVE-2022-0787
MISC
wpscan — woocommerce_affiliate_plugin_wordpress_plugin
 
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. 2022-03-28 not yet calculated CVE-2022-0818
MISC
wpscan — church_admin_wordpress_plugin
 
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the “refresh-backup” action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin’s DB data 2022-03-28 not yet calculated CVE-2022-0833
MISC
wpscan — speakout!_email_petitions_wordpress_plugin
 
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users 2022-03-28 not yet calculated CVE-2022-0846
MISC
phillips — e_alert
 
The software does not perform any authentication for critical system functionality. 2022-04-01 not yet calculated CVE-2022-0922
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 not yet calculated CVE-2022-0923
CONFIRM
linux — linux_kernel 
 
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-03-30 not yet calculated CVE-2022-0998
MISC
MLIST
rockwell_automation — isagraf
 
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. 2022-04-01 not yet calculated CVE-2022-1018
MISC
crater_invoice — crater
 
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. 2022-03-29 not yet calculated CVE-2022-1032
MISC
CONFIRM
archive — archive
 
Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. 2022-03-29 not yet calculated CVE-2022-1050
MISC
linux — linux_kernel
 
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 2022-03-29 not yet calculated CVE-2022-1055
CONFIRM
CONFIRM
CONFIRM
libtiff — libtiff
 
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. 2022-03-28 not yet calculated CVE-2022-1056
MISC
CONFIRM
MISC
modbus_tools — modbus_slave
 
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. 2022-04-01 not yet calculated CVE-2022-1068
CONFIRM
automatic_question_paper_generator — automatic_question_paper_generator
 
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. 2022-03-29 not yet calculated CVE-2022-1073
MISC
tem — flex
 
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. 2022-03-29 not yet calculated CVE-2022-1074
MISC
college_website_management_system — college_website_management_system
 
A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. 2022-03-29 not yet calculated CVE-2022-1075
MISC
MISC
automatic_question_paper_generator — automatic_question_paper_generator
 
A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. 2022-03-29 not yet calculated CVE-2022-1076
MISC
tem — flex
 
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. 2022-03-29 not yet calculated CVE-2022-1077
MISC
sourcecodester — college_website_management_system
 
A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. 2022-03-29 not yet calculated CVE-2022-1078
MISC
sourcecodester — one_church_management_system
 
A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. 2022-03-29 not yet calculated CVE-2022-1079
MISC
sourcecodester — one_church_management_system

 

A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. 2022-03-29 not yet calculated CVE-2022-1080
MISC
sourcecodester — microfinance_management_system

 

A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely. 2022-03-29 not yet calculated CVE-2022-1081
MISC
sourcecodester — microfinance_management_system
 
A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input ‘||1=1# leads to sql injection. The attack may be initiated remotely. 2022-03-29 not yet calculated CVE-2022-1082
MISC
sourcecodester — microfinance_management_system
 
A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc leads to sql injection in multiple files. It is possible to launch the attack remotely. 2022-03-29 not yet calculated CVE-2022-1083
MISC
sourcecodester — one_church_management_system
 
A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. 2022-03-29 not yet calculated CVE-2022-1084
MISC
cltphp — cltphp
 
A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-03-29 not yet calculated CVE-2022-1085
MISC
dolphinphp — dolphinphp
 
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-03-29 not yet calculated CVE-2022-1086
MISC
MISC
htmly — htmly
 
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. 2022-03-29 not yet calculated CVE-2022-1087
MISC
MISC
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges 2022-04-01 not yet calculated CVE-2022-1098
CONFIRM
openjpeg2 — fedora
 
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. 2022-03-29 not yet calculated CVE-2022-1122
MISC
FEDORA
vim — vim
 
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. 2022-03-30 not yet calculated CVE-2022-1154
CONFIRM
MISC
snipe — snipe
 
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. 2022-03-30 not yet calculated CVE-2022-1155
MISC
CONFIRM
rockwell — automation_studio_5000_logix_designer
 
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. 2022-04-01 not yet calculated CVE-2022-1159
CONFIRM
vim — vim
 
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. 2022-03-30 not yet calculated CVE-2022-1160
CONFIRM
MISC
minewebs — minewebcms
 
Cross-site Scripting (XSS) – Stored in GitHub repository mineweb/minewebcms prior to next. 2022-03-30 not yet calculated CVE-2022-1163
MISC
CONFIRM
gpac — gpac
 
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. 2022-03-30 not yet calculated CVE-2022-1172
MISC
CONFIRM
livehelperchat — livehelperchat
 
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. 2022-03-31 not yet calculated CVE-2022-1176
CONFIRM
MISC
openemr — openemr
 
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. 2022-03-30 not yet calculated CVE-2022-1177
CONFIRM
MISC
openemr — openemr

 

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 2022-03-30 not yet calculated CVE-2022-1178
CONFIRM
MISC
openemr — openemr
 
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 2022-03-30 not yet calculated CVE-2022-1179
MISC
CONFIRM
openemr — openemr
 
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 2022-03-30 not yet calculated CVE-2022-1180
MISC
CONFIRM
openemr — openemr
 
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. 2022-03-30 not yet calculated CVE-2022-1181
MISC
CONFIRM
livehelperchat — livehelperchat
 
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. 2022-03-31 not yet calculated CVE-2022-1191
CONFIRM
MISC
mruby — mruby
 
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. 2022-04-02 not yet calculated CVE-2022-1201
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. 2022-04-01 not yet calculated CVE-2022-1207
MISC
CONFIRM
android — incfs
 
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 2022-03-30 not yet calculated CVE-2022-20002
MISC
cocoapods — cocoapods
 
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-01 not yet calculated CVE-2022-21223
MISC
MISC
mastermind — vcs
 
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-01 not yet calculated CVE-2022-21235
MISC
MISC
nvidia — cuda_toolkit_sdk
 
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity. 2022-03-29 not yet calculated CVE-2022-21821
CONFIRM
rocketchat — livechat
 
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. 2022-04-01 not yet calculated CVE-2022-21830
MISC
rancher_desktop — suse_security_incidents
 
A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. 2022-04-01 not yet calculated CVE-2022-21947
CONFIRM
ibm — ibm_security_vertify_access
 
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. 2022-03-31 not yet calculated CVE-2022-22311
CONFIRM
XF
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. 2022-04-01 not yet calculated CVE-2022-22327
CONFIRM
XF
ibm — sterlingpartner_engagement_manager
 
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. 2022-04-01 not yet calculated CVE-2022-22328
CONFIRM
XF
ibm — sterlingpartner_engagement_manager
 
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. 2022-04-01 not yet calculated CVE-2022-22331
CONFIRM
XF
ibm — sterlingpartner_engagement_manager
 
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. 2022-04-01 not yet calculated CVE-2022-22332
XF
CONFIRM
app_connect_enterprise_certified_container_dashboard IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. 2022-04-01 not yet calculated CVE-2022-22404
XF
CONFIRM
unifi — door_access_reader_lite
 
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later. 2022-04-01 not yet calculated CVE-2022-22570
MISC
tibco — managed_file_transfer_platform_server
 
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. 2022-03-30 not yet calculated CVE-2022-22772
CONFIRM
CONFIRM
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. 2022-03-29 not yet calculated CVE-2022-22934
MISC
MISC
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. 2022-03-29 not yet calculated CVE-2022-22935
MISC
MISC
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. 2022-03-29 not yet calculated CVE-2022-22936
MISC
MISC
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. 2022-03-29 not yet calculated CVE-2022-22941
MISC
MISC
MISC
vmware — vcenter_server
 
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. 2022-03-29 not yet calculated CVE-2022-22948
MISC
spring_by_vmware — spring_framework
 
n Spring Framework versions 5.3.0 – 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. 2022-04-01 not yet calculated CVE-2022-22950
MISC
spring_by_vmware — spring_cloud_function
 
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. 2022-04-01 not yet calculated CVE-2022-22963
MISC
CISCO
CONFIRM
spring_by_vmware — spring_framework
 
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. 2022-04-01 not yet calculated CVE-2022-22965
MISC
CISCO
CONFIRM
link — nippon_telegraph_and_telephone_east_corporation
 
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. 2022-03-31 not yet calculated CVE-2022-22986
MISC
MISC
MISC
westerndigital — g_raid
 
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. 2022-03-30 not yet calculated CVE-2022-22996
MISC
zte — home_gateway
 
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. 2022-03-30 not yet calculated CVE-2022-23136
MISC
dell — wyse_management_suite
 
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. 2022-04-01 not yet calculated CVE-2022-23155
CONFIRM
dell — wyse_device_agent
 
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. 2022-04-01 not yet calculated CVE-2022-23156
CONFIRM
dell — wyse_device_agent
 
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. 2022-04-01 not yet calculated CVE-2022-23157
CONFIRM
dell — wyse_device_agent
 
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server 2022-04-01 not yet calculated CVE-2022-23158
CONFIRM
link — advanced_custom_fields
 
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. 2022-03-31 not yet calculated CVE-2022-23183
MISC
MISC
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. 2022-03-30 not yet calculated CVE-2022-23793
MISC
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. 2022-03-30 not yet calculated CVE-2022-23794
MISC
joomla — joomla
 
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. 2022-03-30 not yet calculated CVE-2022-23795
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. 2022-03-30 not yet calculated CVE-2022-23796
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. 2022-03-30 not yet calculated CVE-2022-23797
MISC
joomla — joomla
 
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. 2022-03-30 not yet calculated CVE-2022-23798
MISC
joomla — joomla
 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. 2022-03-30 not yet calculated CVE-2022-23799
MISC
joomla — joomla
 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. 2022-03-30 not yet calculated CVE-2022-23800
MISC
joomla — joomla
 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. 2022-03-30 not yet calculated CVE-2022-23801
MISC
ruoyi — ruoyi
 
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. 2022-03-30 not yet calculated CVE-2022-23868
MISC
ruoyi — ruoyi
 
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. 2022-03-30 not yet calculated CVE-2022-23869
MISC
mojang — bedrock_dedicated_server
 
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer). 2022-03-28 not yet calculated CVE-2022-23884
MISC
src/dfa/dead_rules.cc — src/dfa/dead_rules.cc
 
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. 2022-03-29 not yet calculated CVE-2022-23901
MISC
wind_riverr — vxworks
 
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. 2022-03-29 not yet calculated CVE-2022-23937
MISC
MISC
snyk — snyk
 
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the –upload-pack feature of git is also supported for git clone, which the prior fix didn’t cover. 2022-04-01 not yet calculated CVE-2022-24066
CONFIRM
CONFIRM
CONFIRM
CONFIRM
douphp — douphp
 
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. 2022-03-30 not yet calculated CVE-2022-24131
MISC
phpshe — phpshe
 
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry’s verification code, which can paralyze the target service. 2022-03-30 not yet calculated CVE-2022-24132
MISC
qingscan — qingscan
 
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. 2022-03-30 not yet calculated CVE-2022-24135
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. 2022-03-31 not yet calculated CVE-2022-24136
MISC
pkp — pkp_lib
 
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. 2022-04-01 not yet calculated CVE-2022-24181
MISC
pfsense — pfsense
 
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. 2022-03-31 not yet calculated CVE-2022-24299
MISC
MISC
dell — command
 
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. 2022-04-01 not yet calculated CVE-2022-24426
CONFIRM
cocoapods-downloader — cocoapods-downloader
 
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-01 not yet calculated CVE-2022-24440
MISC
MISC
MISC
baicells — nova436
 
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) 2022-03-30 not yet calculated CVE-2022-24693
MISC
MISC
MISC
jupyter — notebook
 
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds. 2022-03-31 not yet calculated CVE-2022-24758
CONFIRM
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP’s XML parsing in their apps. Users are advised to update. There are no known workarounds. 2022-03-30 not yet calculated CVE-2022-24763
CONFIRM
MISC
orckestra — cms_foundation
 
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist. 2022-03-28 not yet calculated CVE-2022-24789
MISC
CONFIRM
puma — puma
 
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. 2022-03-30 not yet calculated CVE-2022-24790
MISC
CONFIRM
bytecodealliance — wasmtime
 
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false). 2022-03-31 not yet calculated CVE-2022-24791
CONFIRM
MISC
express_openid — express_openid
 
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds. 2022-03-31 not yet calculated CVE-2022-24794
MISC
CONFIRM
raspberrymatic — raspberrymatic
 
RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input validation/sanitization in the file upload mechanism allows remote, unauthenticated attackers with network access to the WebUI interface to achieve arbitrary operating system command execution via shell metacharacters in the HTTP query string. Injected commands are executed as root, thus leading to a full compromise of the underlying system and all its components. Versions after `2.31.25.20180428` and prior to `3.63.8.20220330` are affected. Users are advised to update to version `3.63.8.20220330` or newer. There are currently no known workarounds to mitigate the security impact and users are advised to update to the latest version available. 2022-03-31 not yet calculated CVE-2022-24796
CONFIRM
MISC
pomerium — pomerium
 
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium’s Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This issue is patched in version v0.17.1 Workarounds: Block access to `/debug` and `/metrics` paths on the authenticate service. This can be done with any L7 proxy, including Pomerium’s own proxy service. 2022-03-31 not yet calculated CVE-2022-24797
CONFIRM
MISC
MISC
irrdnet — irrd
 
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. This has been fixed in IRRd 4.2.3 and the main branch. Versions in the 4.1.x series never were affected. Users of the 4.2.x series are strongly recommended to upgrade. There are no known workarounds for this issue. 2022-03-31 not yet calculated CVE-2022-24798
MISC
CONFIRM
MISC
deepmerge-ts — deepmerge-ts
 
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue. 2022-04-01 not yet calculated CVE-2022-24802
CONFIRM
MISC
MISC
asciidoctor — asciidoctor
 
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits. 2022-04-01 not yet calculated CVE-2022-24803
MISC
MISC
CONFIRM
shopware — b2b_suite
 
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. 2022-03-29 not yet calculated CVE-2022-24956
MISC
MISC
dhc — vision_eqms
 
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object’s version or history tab will be attacked. 2022-03-29 not yet calculated CVE-2022-24957
MISC
MISC
totolink — ex300
 
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. 2022-03-30 not yet calculated CVE-2022-25008
MISC
hitron — chita Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. 2022-04-01 not yet calculated CVE-2022-25017
MISC
mitsubishi — electric_melsec
 
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. 2022-04-01 not yet calculated CVE-2022-25155
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. 2022-04-01 not yet calculated CVE-2022-25156
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash. 2022-04-01 not yet calculated CVE-2022-25157
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. 2022-04-01 not yet calculated CVE-2022-25158
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. 2022-04-01 not yet calculated CVE-2022-25159
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user’s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. 2022-04-01 not yet calculated CVE-2022-25160
MISC
MISC
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. 2022-03-29 not yet calculated CVE-2022-25347
CONFIRM
hibara — attachecase
 
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. 2022-03-31 not yet calculated CVE-2022-25348
MISC
MISC
ntt — resonate_incorporated_goo_blog_app_web_application
 
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. 2022-03-29 not yet calculated CVE-2022-25420
MISC
unno — unno
 
UNNO v03.11.00 was discovered to contain access control issue. 2022-03-29 not yet calculated CVE-2022-25521
MISC
MISC
apache — dolphinscheduler
 
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. 2022-03-30 not yet calculated CVE-2022-25598
MISC
sambabox — sambabox
 
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. 2022-03-30 not yet calculated CVE-2022-25619
CONFIRM
sambabox — sambabox
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. 2022-03-30 not yet calculated CVE-2022-25620
CONFIRM
apache — apisix
 
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{“string_payload”:”bad”,”string_payload”:”good”}` can be used to hide the “bad” input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions. 2022-03-28 not yet calculated CVE-2022-25757
CONFIRM
MLIST
elecom — lan_routers
 
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. 2022-03-31 not yet calculated CVE-2022-25915
MISC
MISC
omcron — cx_position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-25959
CONFIRM
pfsense — pfsense
 
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. 2022-03-31 not yet calculated CVE-2022-26019
MISC
MISC
omron — cx_position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-26022
CONFIRM
hms — hms
 
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the “special” field. 2022-03-30 not yet calculated CVE-2022-26244
MISC
MISC
falcon — falcon_pulse
 
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. 2022-03-27 not yet calculated CVE-2022-26245
MISC
wowonder — ultimate_php_social_network_platform
 
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. 2022-03-27 not yet calculated CVE-2022-26254
MISC
microsoft — clash
 
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. 2022-03-28 not yet calculated CVE-2022-26255
MISC
xiongmai — dvr_devices
 
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. 2022-03-28 not yet calculated CVE-2022-26259
MISC
MISC
suzuki– connect
 
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. 2022-03-29 not yet calculated CVE-2022-26269
MISC
MISC
MISC
tenda — ac9
 
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. 2022-03-28 not yet calculated CVE-2022-26278
MISC
libarchive — libarchive
 
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. 2022-03-28 not yet calculated CVE-2022-26280
MISC
lrzip — lrzip
 
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. 2022-03-28 not yet calculated CVE-2022-26291
MISC
riscv-boom — riscv-boom
 
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 2022-03-28 not yet calculated CVE-2022-26296
MISC
omron — cx-position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-26417
CONFIRM
omron — cx-position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-26419
CONFIRM
hms — hms
 
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. 2022-03-31 not yet calculated CVE-2022-26546
MISC
MISC
kopano — core
 
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. 2022-04-01 not yet calculated CVE-2022-26562
MISC
MISC
totaljs — totaljs
 
A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. 2022-04-01 not yet calculated CVE-2022-26565
MISC
tp-link — tp-link TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. 2022-03-28 not yet calculated CVE-2022-26639
MISC
tp-link — tp-link TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. 2022-03-28 not yet calculated CVE-2022-26640
MISC
tp-link — tp-link
 
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. 2022-03-28 not yet calculated CVE-2022-26641
MISC
tp-link — tp-link
 
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. 2022-03-28 not yet calculated CVE-2022-26642
MISC
sourcecodester — online_banking_system_protect Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. 2022-03-30 not yet calculated CVE-2022-26644
MISC
MISC
sourcecodester — online_banking_system_protect A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. 2022-03-30 not yet calculated CVE-2022-26645
MISC
MISC
sourcecodester — online_banking_system_protect Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. 2022-03-30 not yet calculated CVE-2022-26646
MISC
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. 2022-03-29 not yet calculated CVE-2022-26839
CONFIRM
trend_micro — apex_central
 
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. 2022-03-29 not yet calculated CVE-2022-26871
MISC
MISC
MISC
MISC
MISC
archerirm_community — archer

 

Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. 2022-03-30 not yet calculated CVE-2022-26947
MISC
MISC
archerirm_community — rss_feed
 
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. 2022-03-30 not yet calculated CVE-2022-26948
MISC
MISC
archerirm_community — archer
 
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. 2022-03-30 not yet calculated CVE-2022-26949
MISC
MISC
archerirm_community — archer
 
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. 2022-03-30 not yet calculated CVE-2022-26950
MISC
MISC
archerirm_community — archer
 
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. 2022-03-30 not yet calculated CVE-2022-26951
MISC
MISC
teampass — teampass
 
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. 2022-03-28 not yet calculated CVE-2022-26980
MISC
MISC
raidrive — raidrive
 
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. 2022-03-31 not yet calculated CVE-2022-27049
MISC
bitcomet — bitcomet
 
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. 2022-03-31 not yet calculated CVE-2022-27050
MISC
freeftpd — freetpd
 
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. 2022-03-31 not yet calculated CVE-2022-27052
MISC
netflix — security_bulletins
 
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 2022-04-01 not yet calculated CVE-2022-27177
MISC
icehrm — pluck_cms
 
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. 2022-03-30 not yet calculated CVE-2022-27432
MISC
MISC
zero-channel_bbs_plus — zero-channel_bbs_plus Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. 2022-03-31 not yet calculated CVE-2022-27496
MISC
MISC
kaspersky — anti-virus
 
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). 2022-04-01 not yet calculated CVE-2022-27534
MISC
sap — innovation_management
 
Under certain conditions, SAP Innovation management – version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. 2022-03-28 not yet calculated CVE-2022-27658
MISC
MISC
springframework — springframework
 
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. 2022-03-30 not yet calculated CVE-2022-27772
MISC
waycrate — swhkd
 
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. 2022-03-30 not yet calculated CVE-2022-27815
MISC
MISC
waycrate — swhkd
 
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. 2022-03-30 not yet calculated CVE-2022-27816
MISC
MISC
sonatype — nexus_repository_manager
 
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. 2022-03-30 not yet calculated CVE-2022-27907
MISC
MISC
tesla — tesla
 
** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor’s perspective is that the behavior is as intended. 2022-03-27 not yet calculated CVE-2022-27948
MISC
MISC
MISC
linux — linux_kernel
 
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. 2022-03-28 not yet calculated CVE-2022-27950
MISC
MISC
MISC
MISC
netsarang — xftp
 
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27963
MISC
MISC
netsarang — xmanager
 
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27964
MISC
MISC
netsarang — xlpd
 
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27965
MISC
MISC
netsarang — xshell Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27966
MISC
MISC
hibara_software — attachecase Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. 2022-03-31 not yet calculated CVE-2022-28128
MISC
MISC
jenkins — bitbucket_server_integration_plugin
 
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. 2022-03-29 not yet calculated CVE-2022-28133
CONFIRM
MLIST
jenkins — bitbucket_server_integration_plugin
 
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. 2022-03-29 not yet calculated CVE-2022-28134
CONFIRM
MLIST
jenkins — instant-messaging_plugin
 
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-03-29 not yet calculated CVE-2022-28135
CONFIRM
MLIST
jenkins — jiratestresultreporter_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-29 not yet calculated CVE-2022-28136
CONFIRM
MLIST
jenkins — jiratestresultreporter_plugin
 
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-29 not yet calculated CVE-2022-28137
CONFIRM
MLIST
jenkins — rocketchat_notifier_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. 2022-03-29 not yet calculated CVE-2022-28138
CONFIRM
MLIST
jenkins — rocketchat_notifier_plugin
 
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-29 not yet calculated CVE-2022-28139
CONFIRM
MLIST
jenkins — flaky_test_handler_plugin
 
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-03-29 not yet calculated CVE-2022-28140
CONFIRM
MLIST
jenkins — proxmos_plugin Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-03-29 not yet calculated CVE-2022-28141
CONFIRM
MLIST
jenkins — proxmos_plugin Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. 2022-03-29 not yet calculated CVE-2022-28142
CONFIRM
MLIST
jenkins — proxmos_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. 2022-03-29 not yet calculated CVE-2022-28143
CONFIRM
MLIST
jenkins — proxmos_plugin
 
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. 2022-03-29 not yet calculated CVE-2022-28144
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin
 
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. 2022-03-29 not yet calculated CVE-2022-28145
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin
 
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. 2022-03-29 not yet calculated CVE-2022-28146
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin
 
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-03-29 not yet calculated CVE-2022-28147
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. 2022-03-29 not yet calculated CVE-2022-28148
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-29 not yet calculated CVE-2022-28149
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. 2022-03-29 not yet calculated CVE-2022-28150
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. 2022-03-29 not yet calculated CVE-2022-28151
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. 2022-03-29 not yet calculated CVE-2022-28152
CONFIRM
MLIST
jenkins — sitemonitor_plugin
 
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-29 not yet calculated CVE-2022-28153
CONFIRM
MLIST
jenkins — coverage_complexity_scatter_plot_plugin Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-03-29 not yet calculated CVE-2022-28154
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-03-29 not yet calculated CVE-2022-28155
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. 2022-03-29 not yet calculated CVE-2022-28156
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. 2022-03-29 not yet calculated CVE-2022-28157
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-03-29 not yet calculated CVE-2022-28158
CONFIRM
MLIST
jenkins — tests_selector_plugin
 
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-29 not yet calculated CVE-2022-28159
CONFIRM
MLIST
jenkins — tests_selector_plugin
 
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. 2022-03-29 not yet calculated CVE-2022-28160
CONFIRM
MLIST
mediawiki  — mediawiki
 
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. 2022-03-30 not yet calculated CVE-2022-28202
MISC
mediawiki  — mediawiki An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. 2022-03-30 not yet calculated CVE-2022-28205
MISC
CONFIRM
mediawiki  — mediawiki An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. 2022-03-30 not yet calculated CVE-2022-28206
MISC
MISC
mediawiki  — mediawiki
 
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. 2022-03-30 not yet calculated CVE-2022-28209
MISC
MISC
tekon — kio
 
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. 2022-03-30 not yet calculated CVE-2022-28223
MISC
weechat — weechat
 
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart. 2022-04-02 not yet calculated CVE-2022-28352
MISC
MISC
scala.js — scala.js
 
randomUUID in Scala.js before 1.10.0 generates predictable values. 2022-04-02 not yet calculated CVE-2022-28355
MISC
MISC
linux — linux_kernel
 
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. 2022-04-02 not yet calculated CVE-2022-28356
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Improvements to Email Notifications


Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

At the Cybersecurity and Infrastructure Agency (CISA), we are vigilant about finding innovative ways to get you the most actionable cyber threat information when you need it most.

CISA has made improvements to email notifications and want to inform you that our subscriber content lists have been updated. The previous National Cybersecurity Awareness alert topics have been consolidated to streamline information. These new updates will make it easier and faster for you to receive the latest information on cybersecurity-related topics.

As of Thursday, March 31, you will be subscribed to CISA’s Cybersecurity Advisories and Vulnerability Bulletin email alerts. The information you will receive includes greater actionable threat and vulnerability data from CISA and our partners. It will go only get better from here!

If you don’t want to receive our emails, you can just check unsubscribe to all emails under the manage subscription link.


This email was sent to wpd5gttr9c@smartcybersecurity.eu using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202 GovDelivery logo

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

03/15/2022 10:00 AM EDT

Original release date: March 15, 2022

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat. 

CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of March 7, 2022

03/14/2022 01:00 PM EDT

Original release date: March 14, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
a3rev — page_view_count The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks 2022-03-07 7.5 CVE-2022-0434
MISC
bitdefender — antivirus_plus Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. 2022-03-07 7.2 CVE-2021-4199
CONFIRM
MISC
calibre-web_project — calibre-web Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. 2022-03-07 7.5 CVE-2022-0766
CONFIRM
MISC
dlink — dir-859_firmware D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2022-03-04 7.1 CVE-2022-25106
MISC
MISC
MISC
genieacs — genieacs In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. 2022-03-06 7.5 CVE-2021-46704
MISC
MISC
linux — linux_kernel A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. 2022-03-10 7.2 CVE-2022-0847
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “virt_ext” field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. 2022-03-04 7.2 CVE-2021-3656
MISC
MISC
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations. 2022-03-08 7.5 CVE-2022-26314
CONFIRM
mi — ax3600_firmware A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. 2022-03-10 7.2 CVE-2020-14111
MISC
mi — ax3600_firmware A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. 2022-03-10 10 CVE-2020-14115
MISC
mingsoft — mcms gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${“freemarker.template.utility.Execute”?new()(“calc”)}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. 2022-03-04 7.5 CVE-2021-46384
MISC
network_block_device_project — network_block_device In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. 2022-03-06 7.5 CVE-2022-26496
MISC
MISC
MISC
network_block_device_project — network_block_device In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. 2022-03-06 7.5 CVE-2022-26495
MISC
MISC
MLIST
part-db_project — part-db OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. 2022-03-04 10 CVE-2022-0848
CONFIRM
MISC
MISC
pytorchlightning — pytorch_lightning Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. 2022-03-05 10 CVE-2022-0845
CONFIRM
MISC
secomea — gatemanager This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. 2022-03-04 8.5 CVE-2021-32008
MISC
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. 2022-03-08 7.5 CVE-2021-42019
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. 2022-03-08 7.5 CVE-2021-42018
CONFIRM
siemens — sinumerik_mc_firmware A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. 2022-03-08 7.2 CVE-2022-24408
CONFIRM
stylemixthemes — masterstudy_lms The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin 2022-03-07 7.5 CVE-2022-0441
CONFIRM
MISC
symantec — management_agent The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. 2022-03-04 7.2 CVE-2022-25623
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter. 2022-03-10 7.8 CVE-2022-25558
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 7.8 CVE-2022-25566
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter. 2022-03-10 7.8 CVE-2022-25557
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. 2022-03-10 7.8 CVE-2022-25548
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter. 2022-03-10 7.8 CVE-2022-25554
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. 2022-03-10 7.8 CVE-2022-25553
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. 2022-03-10 7.8 CVE-2022-25552
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. 2022-03-10 7.8 CVE-2022-25551
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. 2022-03-10 7.8 CVE-2022-25546
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 7.8 CVE-2022-25547
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. 2022-03-10 7.8 CVE-2022-25550
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter. 2022-03-10 7.8 CVE-2022-25555
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. 2022-03-10 7.8 CVE-2022-25549
MISC
tenda — ax3_firmware There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 7.5 CVE-2021-46393
MISC
tenda — ax3_firmware There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 7.5 CVE-2021-46394
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. 2022-03-10 10 CVE-2021-44622
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface. 2022-03-10 10 CVE-2021-44623
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44625
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44626
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44629
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44627
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44628
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44630
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44631
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44632
MISC
victor_cms_project — victor_cms Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. 2022-03-04 7.5 CVE-2022-26201
MISC
MISC
wpdeveloper — notificationx The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection 2022-03-07 7.5 CVE-2022-0349
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abcm2ps_project — abcm2ps abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. 2022-03-10 4.3 CVE-2021-32434
MISC
MISC
abcm2ps_project — abcm2ps An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-03-10 4.3 CVE-2021-32436
MISC
MISC
abcm2ps_project — abcm2ps Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-03-10 4.3 CVE-2021-32435
MISC
MISC
adrotate_project — adrotate The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection 2022-03-07 6.5 CVE-2022-0267
MISC
alfresco — alfresco Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 2022-03-04 4.3 CVE-2020-18327
MISC
MISC
apache — any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. 2022-03-05 6.4 CVE-2022-25312
MISC
MLIST
archivy_project — archivy Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. 2022-03-06 5.8 CVE-2022-0697
CONFIRM
MISC
ayecode — userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. 2022-03-07 4 CVE-2022-0442
MISC
catchplugins — catch_themes_demo_import The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) 2022-03-07 6.5 CVE-2022-0440
MISC
cerber — wp_cerber_security,_anti-spam_ amp;_malware_scan The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. 2022-03-07 4.3 CVE-2022-0429
MISC
correosexpress_project — correosexpress The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses 2022-03-07 5 CVE-2021-25009
MISC
custom_content_shortcode_project — custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when either the unfiltered_html or file_edit is disallowed) 2022-03-07 4 CVE-2021-24825
MISC
custom_content_shortcode_project — custom_content_shortcode The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved 2022-03-07 4 CVE-2021-24824
MISC
devowl — wordpress_real_cookie_banner The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack 2022-03-07 4.3 CVE-2022-0445
MISC
dlink — dir-x1860_firmware An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. 2022-03-04 5 CVE-2021-46353
MISC
MISC
ericsson — network_manager Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). 2022-03-10 4 CVE-2021-28488
MISC
MISC
MISC
espruino — espruino Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. 2022-03-05 6.8 CVE-2022-25465
MISC
espruino — espruino Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. 2022-03-05 6.8 CVE-2022-25044
MISC
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. 2022-03-06 4.3 CVE-2021-44748
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. 2022-03-06 4.3 CVE-2021-44749
MISC
fatcatapps — easy_pricing_tables The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash 2022-03-07 4.3 CVE-2021-25098
MISC
framasoft — peertube Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. 2022-03-09 4 CVE-2022-0881
MISC
CONFIRM
golang — go regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 2022-03-05 5 CVE-2022-24921
CONFIRM
google — android When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. 2022-03-04 6.9 CVE-2022-23729
MISC
hcltech — bigfix_compliance “TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” 2022-03-04 4.3 CVE-2021-27756
MISC
hcltech — bigfix_insights ” Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” 2022-03-04 5 CVE-2021-27757
MISC
hestiacp — control_panel Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-04 4.3 CVE-2022-0752
MISC
CONFIRM
hestiacp — control_panel Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. 2022-03-04 4.3 CVE-2022-0838
MISC
CONFIRM
hotscot — contact_form The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. 2022-03-07 6.5 CVE-2021-24777
MISC
icegram — email_subscribers_ amp;_newsletters The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link. 2022-03-07 6.5 CVE-2022-0439
MISC
intelliants — subrion_cms Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. 2022-03-04 4.3 CVE-2020-18325
MISC
MISC
MISC
intelliants — subrion_cms Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. 2022-03-04 6.8 CVE-2020-18326
MISC
MISC
MISC
intelliants — subrion_cms Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. 2022-03-04 4.3 CVE-2020-18324
MISC
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34341
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. 2022-03-10 4.3 CVE-2021-34342
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34340
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34339
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34338
MISC
MISC
libsixel_project — libsixel saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c. 2022-03-10 6.8 CVE-2020-36123
MISC
linux — linux_kernel st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. 2022-03-06 4.6 CVE-2022-26490
MISC
linux — linux_kernel A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. 2022-03-04 4.9 CVE-2021-3428
MISC
MISC
MISC
marktext — marktext Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. 2022-03-05 6.8 CVE-2022-25069
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts. 2022-03-08 6.8 CVE-2022-26313
CONFIRM
mendix — mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system. 2022-03-08 4 CVE-2022-26317
CONFIRM
mendix — mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. 2022-03-08 5.5 CVE-2022-24309
CONFIRM
metagauss — registrationmagic The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks 2022-03-07 6.5 CVE-2022-0420
MISC
CONFIRM
metaphorcreations — ditty The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. 2022-03-07 4.3 CVE-2022-0533
CONFIRM
MISC
mi — ax6000_firmware Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. 2022-03-10 5 CVE-2020-14112
MISC
microweber — microweber Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. 2022-03-09 6.8 CVE-2022-0896
CONFIRM
MISC
mini-inventory-and-sales-management-system_project — mini-inventory-and-sales-management-system Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. 2022-03-04 4.3 CVE-2021-44321
MISC
MISC
mybb — mybb MyBB is a free and open source forum software. In affected versions the Admin CP’s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB’s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds. 2022-03-09 6.5 CVE-2022-24734
MISC
MISC
CONFIRM
MISC
netapp — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). 2022-03-04 4 CVE-2022-23232
MISC
netapp — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. 2022-03-04 5 CVE-2022-23233
MISC
netgear — wac120_ac_firmware Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. 2022-03-04 4.3 CVE-2021-46382
MISC
MISC
obtaininfotech — multisite_content_copier/updater The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-03-07 4.3 CVE-2021-25039
MISC
obtaininfotech — multisite_user_sync/unsync The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-03-07 4.3 CVE-2021-25038
MISC
openexr — openexr A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. 2022-03-04 5.8 CVE-2021-20303
MISC
MISC
MISC
paloaltonetworks — pan-os Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7. 2022-03-09 4.6 CVE-2022-0022
CONFIRM
phpmyadmin — phpmyadmin PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. 2022-03-10 5 CVE-2022-0813
CONFIRM
CONFIRM
plugins-market — wp_visitor_statistics The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection 2022-03-07 6.5 CVE-2022-0410
MISC
radare — radare2 Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. 2022-03-05 4.3 CVE-2022-0849
MISC
CONFIRM
readdle — spark Apache Spark supports end-to-end encryption of RPC connections via “spark.authenticate” and “spark.network.crypto.enabled”. In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by “spark.authenticate.enableSaslEncryption”, “spark.io.encryption.enabled”, “spark.ssl”, “spark.ui.strictTransportSecurity”. Update to Apache Spark 3.1.3 or later 2022-03-10 5 CVE-2021-38296
CONFIRM
readymedia_project — readymedia A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. 2022-03-06 4.3 CVE-2022-26505
MISC
MISC
MLIST
redhat — coreos-installer An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. 2022-03-04 6.8 CVE-2021-20319
MISC
MISC
MISC
rednao — smart_forms The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form’s data, which could include sensitive information such as PII depending on the form. 2022-03-07 4 CVE-2022-0163
MISC
salesagility — suitecrm Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0755
MISC
CONFIRM
salesagility — suitecrm SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0754
CONFIRM
MISC
salesagility — suitecrm Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0756
MISC
CONFIRM
schneider-electric — ecostruxure_control_expert A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior) 2022-03-09 4.3 CVE-2022-24323
CONFIRM
schneider-electric — ecostruxure_control_expert A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior) 2022-03-09 4.3 CVE-2022-24322
CONFIRM
schneider-electric — ritto_wiser_door A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) 2022-03-09 4.8 CVE-2021-22783
CONFIRM
servmask — one-stop_wp_migration The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files’ extension, which allows administrators to upload PHP files on their site, even on multisite installations. 2022-03-07 6.5 CVE-2021-24216
MISC
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. 2022-03-08 4.3 CVE-2021-41541
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. 2022-03-08 4.3 CVE-2021-41542
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. 2022-03-08 4 CVE-2021-41543
CONFIRM
siemens — polarion_subversion_webclient A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. 2022-03-08 4.3 CVE-2021-44478
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. 2022-03-08 4 CVE-2021-37209
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. 2022-03-08 5 CVE-2021-42016
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. 2022-03-08 4.3 CVE-2021-42017
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. 2022-03-08 5 CVE-2021-42020
CONFIRM
siemens — simcenter_star-ccm_viewer A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. 2022-03-08 6.8 CVE-2022-24661
CONFIRM
siemens — sinec_network_management_syste A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. 2022-03-08 6.5 CVE-2022-24281
CONFIRM
siemens — sinec_network_management_system A vulnerability has been identified in SINEC NMS (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. 2022-03-08 6.5 CVE-2022-25311
CONFIRM
siemens — sinec_network_management_system A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. 2022-03-08 6.5 CVE-2022-24282
CONFIRM
spirit-project — spirit Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. 2022-03-06 5.8 CVE-2022-0869
CONFIRM
MISC
stripe — stripe_cli Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue. 2022-03-09 4.4 CVE-2022-24753
MISC
CONFIRM
tatvic — conversios.io The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. 2022-03-07 6.5 CVE-2021-24952
MISC
tinywebgallery — advanced_iframe The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-03-07 4.3 CVE-2021-24953
MISC
uclouvain — openjpeg A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. 2022-03-04 6.8 CVE-2021-3575
MISC
MISC
MISC
uri.js_project — uri.js Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. 2022-03-06 5.8 CVE-2022-0868
CONFIRM
MISC
veritas — infoscale_operations_manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. 2022-03-04 6.8 CVE-2022-26484
MISC
video_conferencing_with_zoom_project — video_conferencing_with_zoom The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog 2022-03-07 4 CVE-2022-0384
MISC
CONFIRM
videousermanuals — white_label_cms The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue 2022-03-07 4.3 CVE-2022-0422
MISC
CONFIRM
weblate — weblate The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. 2022-03-04 6.5 CVE-2022-23915
CONFIRM
CONFIRM
CONFIRM
CONFIRM
weblate — weblate Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn’t properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. 2022-03-04 6.5 CVE-2022-24727
MISC
CONFIRM
MISC
wpaffiliatefeed — tradetracker-store The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2022-03-07 6.5 CVE-2021-24778
MISC
wpbrigade — loginpress The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2022-03-07 4.3 CVE-2022-0347
MISC
wpdownloadmanager — wordpress_download_manager The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). 2022-03-07 5 CVE-2021-25087
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adtribes — product_feed_pro_for_woocommerce The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting 2022-03-07 3.5 CVE-2022-0426
MISC
CONFIRM
apasionados — customize_login_image A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser and can use an application as the vehicle for the attack. The XSS payload given in the “Custom logo link” executes whenever the user opens the Settings Page of the “Customize Login Image” Plugin. 2022-03-10 3.5 CVE-2021-33851
MISC
bitdefender — antivirus_plus A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48. 2022-03-07 3.6 CVE-2021-4198
CONFIRM
MISC
bookstackapp — bookstack Cross-site Scripting (XSS) – Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. 2022-03-08 3.5 CVE-2022-0877
MISC
CONFIRM
codepeople — wp_time_slots_booking_form The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-03-07 3.5 CVE-2022-0389
MISC
custom_content_shortcode_project — custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when the unfiltered_html is disallowed) 2022-03-07 3.5 CVE-2021-24826
MISC
dell — enterprise_storage_analytics Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-03-04 3.6 CVE-2021-43590
MISC
dwbooster — cp_blocks The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its “License ID” settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. 2022-03-07 3.5 CVE-2022-0448
MISC
e2pdf — e2pdf The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-07 3.5 CVE-2022-0535
MISC
CONFIRM
iptanus — wordpress_file_upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks 2022-03-07 3.5 CVE-2021-24960
MISC
CONFIRM
iptanus — wordpress_file_upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2022-03-07 3.5 CVE-2021-24961
MISC
CONFIRM
linux — linux_kernel A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. 2022-03-04 2.1 CVE-2021-3744
MISC
MISC
MISC
MISC
MLIST
DEBIAN
linux — linux_kernel An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. 2022-03-04 3.6 CVE-2021-3743
MISC
MISC
MISC
MISC
MISC
MISC
metaphorcreations — post_duplicator A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser and can use an application as the vehicle for the attack. The XSS payload given in the “Duplicate Title” text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts. 2022-03-10 3.5 CVE-2021-33852
MISC
nextcloud — talk Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds. 2022-03-08 2.1 CVE-2021-41181
CONFIRM
MISC
nicdark — cost_calculator The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) 2022-03-07 3.5 CVE-2021-24821
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 3.5 CVE-2022-0831
CONFIRM
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 3.5 CVE-2022-0832
MISC
CONFIRM
secomea — sitemanager_1129_firmware Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. 2022-03-10 3.5 CVE-2021-32005
MISC
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. 2022-03-08 3.5 CVE-2021-37208
CONFIRM
sophos — ssl_vpn_client A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. 2022-03-08 3.6 CVE-2021-36809
CONFIRM
st — j-safe3_firmware STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 1.9 CVE-2021-43392
MISC
MISC
st — stsafe-j_firmware STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 1.9 CVE-2021-43393
MISC
MISC
veritas — infoscale_operations_manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). 2022-03-04 3.5 CVE-2022-26483
MISC
wp-eventmanager — wp_event_manager The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-07 3.5 CVE-2021-24810
MISC
yop-poll — yop-poll The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue 2022-03-07 3.5 CVE-2022-0205
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
/dsadatatest — /dsadatatest
 
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. 2022-03-10 not yet calculated CVE-2021-42856
CONFIRM
microsoft — vp9_video_extensions
 
VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24501. 2022-03-09 not yet calculated CVE-2022-24451
N/A
apc_smart-ups_family — apc_smart-ups_family
 
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-0715
CONFIRM
linux — linux_kernel_bpf
 
A NULL pointer dereference flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. 2022-03-10 not yet calculated CVE-2022-0433
MISC
MISC
MISC
easyappointments — easyappointments
 
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. 2022-03-09 not yet calculated CVE-2022-0482
CONFIRM
MISC
pandora_fms — pandora_api
 
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. 2022-03-10 not yet calculated CVE-2022-0507
CONFIRM
CONFIRM
linux — linux_kernel
 
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. 2022-03-10 not yet calculated CVE-2022-0516
MISC
DEBIAN
MISC
apple — swift-nio-http2
 
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-03-10 not yet calculated CVE-2022-0618
MISC
calibre_web — calibre_web
 
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. 2022-03-07 not yet calculated CVE-2022-0767
MISC
CONFIRM
keepass — keepass
 
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 2022-03-10 not yet calculated CVE-2022-0725
MISC
bluez — bluez
 
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. 2022-03-10 not yet calculated CVE-2022-0204
MISC
MISC
mcafee — mcafee_webadvisor_chrome
 
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. 2022-03-10 not yet calculated CVE-2022-0815
MISC
shopware — shopware
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 2022-03-09 not yet calculated CVE-2022-24744
CONFIRM
nextcloud — nextcloud
 
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `’enable_previews’` config flag. 2022-03-09 not yet calculated CVE-2022-24741
MISC
CONFIRM
MISC
alltube — alltube
 
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. 2022-03-08 not yet calculated CVE-2022-24739
MISC
CONFIRM
MISC
MISC
microsoft — microsoft 
 
Point-to-Point Tunneling Protocol Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-23253
N/A
mcafee — mcafee_total_protection
 
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. 2022-03-10 not yet calculated CVE-2022-0280
MISC
intel — intel
 
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 not yet calculated CVE-2022-0001
MISC
intel — intel
 
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 not yet calculated CVE-2022-0002
MISC
microsoft — microsoft
 
Remote Desktop Protocol Client Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-24503
N/A
frontend — frontend
 
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24919
CONFIRM
frontend — frontend
 
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24917
CONFIRM
frontend — frontend
 
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 2022-03-10 not yet calculated CVE-2022-24915
MISC
parse_community — parse_server 
 
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. 2022-03-12 not yet calculated CVE-2022-24760
CONFIRM
MISC
pjsip — pjsip_project
 
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. 2022-03-11 not yet calculated CVE-2022-24754
MISC
CONFIRM
ultravnc — ultravnc
 
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service. 2022-03-10 not yet calculated CVE-2022-24750
CONFIRM
MISC
MISC
microsft — remote_desktop_client
 
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990. 2022-03-09 not yet calculated CVE-2022-23285
N/A
evmos — evmos
 
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue. 2022-03-07 not yet calculated CVE-2022-24738
CONFIRM
MISC
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds. 2022-03-09 not yet calculated CVE-2022-24748
CONFIRM
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. 2022-03-09 not yet calculated CVE-2022-24747
MISC
MISC
CONFIRM
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. 2022-03-09 not yet calculated CVE-2022-24746
MISC
CONFIRM
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache. 2022-03-09 not yet calculated CVE-2022-24745
CONFIRM
antaris — razorengine
 
** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-06 not yet calculated CVE-2021-46703
MISC
npmjs — npmjs
 
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. 2022-03-11 not yet calculated CVE-2021-46708
MISC
MISC
libcaca — libcaca
 
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service 2022-03-10 not yet calculated CVE-2022-0856
MISC
httpie — httpie
 
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. 2022-03-07 not yet calculated CVE-2022-24737
MISC
MISC
CONFIRM
samsung_mobile_security — applock
 
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. 2022-03-10 not yet calculated CVE-2022-24929
MISC
mediatek — btif
 
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186. 2022-03-10 not yet calculated CVE-2022-20057
MISC
mediatek — connsyslogger
 
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038. 2022-03-10 not yet calculated CVE-2022-20050
MISC
mediatek — ims_service
 
In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127. 2022-03-10 not yet calculated CVE-2022-20051
MISC
mediatek — ims_service
 
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. 2022-03-10 not yet calculated CVE-2022-20053
MISC
mediatek — ims_service
 
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. 2022-03-10 not yet calculated CVE-2022-20054
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830. 2022-03-10 not yet calculated CVE-2022-20055
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820. 2022-03-10 not yet calculated CVE-2022-20056
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485. 2022-03-10 not yet calculated CVE-2022-20058
MISC
mediatek — video_decoder
 
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502. 2022-03-10 not yet calculated CVE-2022-20048
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781. 2022-03-10 not yet calculated CVE-2022-20059
MISC
mediatek — preloader
 
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462. 2022-03-10 not yet calculated CVE-2022-20060
MISC
madiant — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-22007
N/A
MISC
ipdio — web_interface
 
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history. 2022-03-10 not yet calculated CVE-2022-21146
MISC
marktext — marktext
 
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext. 2022-03-10 not yet calculated CVE-2022-21158
MISC
MISC
madiant — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-22006
N/A
MISC
mediatek — vpu
 
In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. 2022-03-10 not yet calculated CVE-2022-20049
MISC
mediatek — video_decoder
 
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. 2022-03-10 not yet calculated CVE-2022-20047
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23042
MISC
ipcomm — ipdio
 
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. 2022-03-10 not yet calculated CVE-2022-22985
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23041
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23040
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23039
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23038
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23037
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23036
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-24452
N/A
microsoft — media_foundation_information_disclosure 
 
Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21977. 2022-03-09 not yet calculated CVE-2022-22010
N/A
schneider-electric — smartconnect_family
 
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-22806
CONFIRM
schneider-electric — smartconnect_family
 
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-22805
CONFIRM
signiant-manager_agents — signiant-manager_agents
 
Signiant – Manager+Agents XML External Entity (XXE) – Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine. 2022-03-10 not yet calculated CVE-2022-22795
MISC
zz.inc — keymouse_windows
 
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. 2022-03-10 not yet calculated CVE-2022-24644
MISC
MISC
heindal — heimdal_premium_security
 
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the “Browse For Folder” window accessible by triggering a “Repair” on the MSI package located in C:WindowsInstaller. 2022-03-10 not yet calculated CVE-2022-24618
MISC
MISC
wago — wago
 
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. 2022-03-09 not yet calculated CVE-2022-22511
CONFIRM
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 2022-03-07 not yet calculated CVE-2022-22351
XF
CONFIRM
samsung_mobile_security — kernel
 
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. 2022-03-10 not yet calculated CVE-2022-24928
MISC
zabbix — zabbix
 
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24918
CONFIRM
samsung_mobile_security — stretailmodereceiver
 
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission 2022-03-10 not yet calculated CVE-2022-24930
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23930
MISC
lg — lg
 
The public API error causes for the attacker to be able to bypass API access control. 2022-03-11 not yet calculated CVE-2022-23730
MISC
lg — v8_javascript_engine
 
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. 2022-03-11 not yet calculated CVE-2022-23731
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23924
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23925
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23926
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23927
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23928
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23929
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23931
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23295. 2022-03-09 not yet calculated CVE-2022-23300
N/A
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23932
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23933
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23934
MISC
samsung_mobile_security — apkinstaller
 
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission 2022-03-10 not yet calculated CVE-2022-24931
MISC
zabbix — zabbix_frontend
 
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors – an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. 2022-03-09 not yet calculated CVE-2022-24349
CONFIRM
mandiant — heif_image_extensions
 
HEIF Image Extensions Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24457
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453. 2022-03-09 not yet calculated CVE-2022-24456
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-24453
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-23301
N/A
microsft — remote_desktop_client
 
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285. 2022-03-09 not yet calculated CVE-2022-21990
N/A
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23300. 2022-03-09 not yet calculated CVE-2022-23295
N/A
suletm — pdftron_sdk
 
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows. 2022-03-10 not yet calculated CVE-2022-24960
MISC
MISC
tenda — tenda_ax3 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 not yet calculated CVE-2022-24995
MISC
printix — printix_secure_cloud_print_management
 
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. 2022-03-10 not yet calculated CVE-2022-25090
MISC
MISC
MISC
MISC
foxit — foxit_pdf_reader_and_editor
 
Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. 2022-03-10 not yet calculated CVE-2022-25108
MISC
tenable — phicomm_k2
 
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. 2022-03-10 not yet calculated CVE-2022-25213
MISC
tenable — phicomm_k2
 
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. 2022-03-10 not yet calculated CVE-2022-25214
MISC
tenable — dvdfab_12
 
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to <IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>. 2022-03-11 not yet calculated CVE-2022-25216
MISC
tenable — localmacconfi.asp
 
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself. 2022-03-10 not yet calculated CVE-2022-25215
MISC
tenable — telnetd_startup
 
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability. 2022-03-10 not yet calculated CVE-2022-25217
MISC
tenable — telnetd_startup
 
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the “plaintext” to which an arbitrary blob of ciphertext will be decrypted by OpenSSL’s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219). 2022-03-10 not yet calculated CVE-2022-25218
MISC
tenable — telnetd_startup
 
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218). 2022-03-10 not yet calculated CVE-2022-25219
MISC
microsoft — vp9_video_extensions 
 
VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24451. 2022-03-09 not yet calculated CVE-2022-24501
N/A
samsung_mobile_security — setup_wizard
 
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. 2022-03-10 not yet calculated CVE-2022-24932
MISC
abantecart — abantecart
 
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). 2022-03-10 not yet calculated CVE-2022-26521
MISC
ace2 — coloros11
 
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. 2022-03-11 not yet calculated CVE-2021-23246
MISC
acer — care_center
 
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 2022-03-10 not yet calculated CVE-2022-24285
MISC
acer — quickaccess
 
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 2022-03-10 not yet calculated CVE-2022-24286
MISC
adobe — after_effects Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24095
MISC
adobe — after_effects Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24094
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24097
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24096
MISC
adobe — illustrator
 
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. 2022-03-11 not yet calculated CVE-2022-23187
MISC
adobe — photoshop
 
Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24090
MISC
alist — alist
 
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. 2022-03-12 not yet calculated CVE-2022-26533
MISC
amd — cpus
 
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. 2022-03-11 not yet calculated CVE-2021-26401
MISC
amd — cpus
 
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. 2022-03-11 not yet calculated CVE-2021-26341
MISC
atlassian — jira_server_and_data_center
 
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 2022-03-08 not yet calculated CVE-2021-43944
N/A
atune — atune
 
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. 2022-03-11 not yet calculated CVE-2021-33658
CONFIRM
casaos — casaos
 
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api. 2022-03-10 not yet calculated CVE-2022-24193
MISC
MISC
MISC
MISC
cgi-bin/ej.cgi — cgi-bin/ej.cgi
 
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. 2022-03-10 not yet calculated CVE-2022-24177
MISC
citrix — federated_authentication_service
 
Citrix Federated Authentication Service (FAS) 7.17 – 10.6 causes deployments that have been configured to store a registration authority certificate’s private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. 2022-03-10 not yet calculated CVE-2022-26355
MISC
cobbler — cobbler
 
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. 2022-03-11 not yet calculated CVE-2022-0860
CONFIRM
MISC
cockpit — cockpit
 
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. 2022-03-10 not yet calculated CVE-2021-3698
MISC
cockpit — cockpit
 
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. 2022-03-10 not yet calculated CVE-2021-3660
MISC
MISC
MISC
contact_form_x — contact_form_x
 
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 2022-03-11 not yet calculated CVE-2022-25601
CONFIRM
CONFIRM
couchbase_operator — couchbase_operator
 
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments. 2022-03-10 not yet calculated CVE-2022-26311
CONFIRM
MISC
croogo — croogo
 
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. 2022-03-10 not yet calculated CVE-2021-44673
MISC
cx-programmer — cx-programmer Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. 2022-03-10 not yet calculated CVE-2022-25230
MISC
cx-programmer — cx-programmer Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. 2022-03-10 not yet calculated CVE-2022-25325
MISC
cx-programmer — cx-programmer
 
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. 2022-03-10 not yet calculated CVE-2022-21124
MISC
cx-programmer — cx-programmer
 
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. 2022-03-10 not yet calculated CVE-2022-25234
MISC
cx-programmer — cx-programmer
 
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-03-10 not yet calculated CVE-2022-21219
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24416
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24419
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24420
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24421
MISC
dell — bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24415
MISC
f-secure — support_tool
 
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands. 2022-03-10 not yet calculated CVE-2021-44750
MISC
MISC
fedora — fedora
 
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. 2022-03-10 not yet calculated CVE-2021-20269
MISC
fiori — launchpad
 
Fiori launchpad – versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-26101
MISC
MISC
freetakserver — freetakserver FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. 2022-03-11 not yet calculated CVE-2022-25510
MISC
freetakserver — freetakserver An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. 2022-03-11 not yet calculated CVE-2022-25508
MISC
freetakserver-ui — freetakserver-ui An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. 2022-03-11 not yet calculated CVE-2022-25511
MISC
freetakserver-ui — freetakserver-ui FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. 2022-03-11 not yet calculated CVE-2022-25506
MISC
freetakserver-ui — freetakserver-ui
 
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. 2022-03-11 not yet calculated CVE-2022-25512
MISC
freetakserver-ui — freetakserver-ui
 
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. 2022-03-11 not yet calculated CVE-2022-25507
MISC
gerapy — gerapy
 
An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function. 2022-03-10 not yet calculated CVE-2021-44597
MISC
go-gitea — gitea
 
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. 2022-03-10 not yet calculated CVE-2022-0905
CONFIRM
MISC
gogs — gogs
 
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. 2022-03-11 not yet calculated CVE-2022-0870
MISC
CONFIRM
gogs — gogs
 
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5. 2022-03-11 not yet calculated CVE-2022-0871
MISC
CONFIRM
gpac — gpac
 
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. 2022-03-12 not yet calculated CVE-2022-26967
MISC
grub2 — grub2
 
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. 2022-03-10 not yet calculated CVE-2021-3981
MISC
FEDORA
hitachi — aab_power_grids_ellipse_enterprise_asset_management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. 2022-03-11 not yet calculated CVE-2021-27416
CONFIRM
CONFIRM
hitachi — aab_power_grids_ellipse_enterprise_asset_management
 
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. 2022-03-11 not yet calculated CVE-2021-27414
CONFIRM
CONFIRM
horde — mime_viewer
 
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. 2022-03-11 not yet calculated CVE-2022-26874
MISC
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. 2022-03-10 not yet calculated CVE-2021-40064
MISC
MISC
huawei — devices There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. 2022-03-10 not yet calculated CVE-2021-40049
MISC
MISC
huawei — devices There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40051
MISC
MISC
huawei — devices There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. 2022-03-10 not yet calculated CVE-2021-40048
MISC
MISC
huawei — devices There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40052
MISC
huawei — devices There is a permission control vulnerability in the Nearby module. Successful exploitation of this vulnerability will affect availability and integrity. 2022-03-10 not yet calculated CVE-2021-40053
MISC
huawei — devices There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40054
MISC
huawei — devices There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40055
MISC
MISC
huawei — devices There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40056
MISC
huawei — devices There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40057
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40058
MISC
huawei — devices There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40059
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40060
MISC
huawei — devices There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40061
MISC
MISC
huawei — devices There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40062
MISC
huawei — devices There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40063
MISC
MISC
huawei — devices There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow. 2022-03-10 not yet calculated CVE-2021-40050
MISC
MISC
huawei — devices
 
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40047
MISC
MISC
ibm — aix_and_vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. 2022-03-07 not yet calculated CVE-2021-38988
XF
CONFIRM
ibm — aix_and_vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. 2022-03-07 not yet calculated CVE-2021-38989
XF
CONFIRM
ibm — datapower_gateway
 
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. 2022-03-10 not yet calculated CVE-2021-38910
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858. 2022-03-10 not yet calculated CVE-2021-39022
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. 2022-03-10 not yet calculated CVE-2021-39025
XF
CONFIRM
icinga_web_2 — icinga_web_2 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. 2022-03-08 not yet calculated CVE-2022-24716
CONFIRM
MISC
icinga_web_2 — icinga_web_2 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. 2022-03-08 not yet calculated CVE-2022-24715
CONFIRM
MISC
icinga_web_2 — icinga_web_2
 
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. 2022-03-08 not yet calculated CVE-2022-24714
CONFIRM
MISC
ifilter_ver — ifilter_ver
 
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. 2022-03-10 not yet calculated CVE-2022-21170
MISC
MISC
MISC
MISC
MISC
MISC
intel — sgx
 
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis. 2022-03-10 not yet calculated CVE-2021-44421
CONFIRM
MISC
CONFIRM
MISC
intel — trace_hub
 
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2022-03-11 not yet calculated CVE-2021-33150
MISC
ipdio — ipdio
 
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 2022-03-10 not yet calculated CVE-2022-24432
MISC
istio — istio
 
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities. 2022-03-10 not yet calculated CVE-2022-24726
MISC
MISC
CONFIRM
jackson-databind — jackson-databind
 
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 2022-03-11 not yet calculated CVE-2020-36518
MISC
jboss-client — jboss-client
 
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. 2022-03-11 not yet calculated CVE-2022-0853
MISC
MISC
jeecg-boot — jceeg-boot
 
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. 2022-03-10 not yet calculated CVE-2021-44585
MISC
jetson — linux
 
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. 2022-03-11 not yet calculated CVE-2022-21819
MISC
libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 2022-03-11 not yet calculated CVE-2022-0909
MISC
MISC
CONFIRM
libtiff — libtiff Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 2022-03-11 not yet calculated CVE-2022-0908
CONFIRM
MISC
MISC
libtiff — libtiff
 
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 2022-03-11 not yet calculated CVE-2022-0907
MISC
CONFIRM
MISC
libtiff — libtiff
 
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 2022-03-11 not yet calculated CVE-2022-0924
MISC
CONFIRM
MISC
libtiff — libtiff
 
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. 2022-03-10 not yet calculated CVE-2022-0865
MISC
MISC
CONFIRM
libtiff — libtiff
 
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact 2022-03-10 not yet calculated CVE-2022-0891
CONFIRM
MISC
MISC
MISC
linux — linux_kernel drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). 2022-03-11 not yet calculated CVE-2022-26878
MISC
MISC
MISC
MISC
MLIST
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. 2022-03-10 not yet calculated CVE-2021-3739
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. 2022-03-12 not yet calculated CVE-2022-26966
MISC
MISC
linux — linux_kernel
 
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. 2022-03-10 not yet calculated CVE-2021-4023
MISC
linux — linux_kernel
 
A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount. 2022-03-10 not yet calculated CVE-2021-3732
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A NULL pointer dereference was found in the Linux kernel’s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. 2022-03-10 not yet calculated CVE-2021-4095
MISC
MLIST
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. 2022-03-10 not yet calculated CVE-2022-24604
MISC
luocms — luocms Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. 2022-03-10 not yet calculated CVE-2022-24608
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. 2022-03-10 not yet calculated CVE-2022-24602
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. 2022-03-10 not yet calculated CVE-2022-24601
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. 2022-03-10 not yet calculated CVE-2022-24603
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. 2022-03-10 not yet calculated CVE-2022-24605
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. 2022-03-10 not yet calculated CVE-2022-24606
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. 2022-03-10 not yet calculated CVE-2022-24607
MISC
luocms — luocms Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file. 2022-03-10 not yet calculated CVE-2022-24609
MISC
luocms — luocms
 
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. 2022-03-10 not yet calculated CVE-2022-24600
MISC
maddy — mail_server
 
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms. 2022-03-09 not yet calculated CVE-2022-24732
MISC
CONFIRM
mattermost — server A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document. 2022-03-10 not yet calculated CVE-2022-0904
MISC
mattermost — server
 
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body. 2022-03-10 not yet calculated CVE-2022-0903
MISC
microsoft — .net_and_visual_studio
 
.NET and Visual Studio Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24512
N/A
microsoft — .net_and_visual_studio
 
.NET and Visual Studio Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-24464
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518. 2022-03-09 not yet calculated CVE-2022-24519
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24518
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24517
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24470
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517. 2022-03-09 not yet calculated CVE-2022-24520
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24471
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24469
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24468
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24506
N/A
microsoft — azure
 
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24515
N/A
microsoft — azure
 
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24467
N/A
microsoft — defender Microsoft Defender for IoT Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23266
N/A
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23265
N/A
microsoft — defender
 
Microsoft Defender for Endpoint Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-23278
N/A
microsoft — exchange
 
Microsoft Exchange Server Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23277
N/A
microsoft — exchange_server
 
Microsoft Exchange Server Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-24463
N/A
microsoft — intune_portal
 
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24465
N/A
microsoft — media_foundation
 
Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22010. 2022-03-09 not yet calculated CVE-2022-21977
N/A
microsoft — office
 
Microsoft Office Word Tampering Vulnerability. 2022-03-09 not yet calculated CVE-2022-24511
N/A
microsoft — office_visio Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509. 2022-03-09 not yet calculated CVE-2022-24510
N/A
microsoft — office_visio Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510. 2022-03-09 not yet calculated CVE-2022-24509
N/A
microsoft — office_visio
 
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510. 2022-03-09 not yet calculated CVE-2022-24461
N/A
microsoft — pint_3d
 
Paint 3D Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23282
N/A
microsoft — skype
 
Skype Extension for Chrome Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-24522
N/A
microsoft — visual_studio
 
Visual Studio Code Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-24526
N/A
microsoft — windows Windows CD-ROM Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24455
N/A
microsoft — windows Windows Fax and Scan Service Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24459
N/A
microsoft — windows Tablet Windows User Interface Application Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24460
N/A
microsoft — windows Windows HTML Platforms Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24502
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287. 2022-03-09 not yet calculated CVE-2022-24505
N/A
microsoft — windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24507
N/A
microsoft — windows Windows SMBv3 Client/Server Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24508
N/A
microsoft — windows Microsoft Word Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24462
N/A
microsoft — windows Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23293
N/A
microsoft — windows Windows Event Tracing Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23294
N/A
microsoft — windows Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-23297
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23284
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-24505. 2022-03-09 not yet calculated CVE-2022-23287
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23291. 2022-03-09 not yet calculated CVE-2022-23288
N/A
microsoft — windows Windows Inking COM Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23290
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23288. 2022-03-09 not yet calculated CVE-2022-23291
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23296
N/A
MISC
microsoft — windows Windows PDEV Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23299
N/A
microsoft — windows Windows NT OS Kernel Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23298
N/A
microsoft — windows
 
Windows Hyper-V Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-21975
N/A
microsoft — windows
 
Windows Common Log File System Driver Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-23281
N/A
microsoft — windows
 
Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505. 2022-03-09 not yet calculated CVE-2022-23283
N/A
microsoft — windows
 
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23286
N/A
microsoft — windows
 
Windows Update Stack Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24525
N/A
microsoft — windows
 
Windows Security Support Provider Interface Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24454
N/A
microsoft — windows_media_center
 
Windows Media Center Update Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-21973
N/A
microsoft — wps_office_for_windows
 
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. 2022-03-09 not yet calculated CVE-2022-25943
CONFIRM
MISC
JVN
microsoft — xbox_live
 
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-21967
N/A
microweber — microweber XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-12 not yet calculated CVE-2022-0929
MISC
CONFIRM
microweber — microweber Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-11 not yet calculated CVE-2022-0912
MISC
CONFIRM
microweber — microweber Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. 2022-03-11 not yet calculated CVE-2022-0913
CONFIRM
MISC
microweber — microweber Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 not yet calculated CVE-2022-0921
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 not yet calculated CVE-2022-0926
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 not yet calculated CVE-2022-0930
MISC
CONFIRM
microweber — microweber
 
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. 2022-03-10 not yet calculated CVE-2022-0906
CONFIRM
MISC
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 not yet calculated CVE-2022-0928
MISC
CONFIRM
microweber — microweber
 
Static Code Injection in GitHub repository microweber/microweber prior to 1.3. 2022-03-10 not yet calculated CVE-2022-0895
CONFIRM
MISC
mitel — micollab
 
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. 2022-03-10 not yet calculated CVE-2022-26143
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moodle — moodle An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32474
MISC
moodle — moodle The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32478
MISC
moodle — moodle ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32475
MISC
moodle — moodle The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. 2022-03-11 not yet calculated CVE-2021-32477
MISC
moodle — moodle Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. 2022-03-11 not yet calculated CVE-2021-32472
MISC
moodle — moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected 2022-03-11 not yet calculated CVE-2021-32473
MISC
moodle — moodle
 
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32476
MISC
mruby — mruby
 
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. 2022-03-10 not yet calculated CVE-2022-0890
MISC
CONFIRM
myasus — myasus
 
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. 2022-03-10 not yet calculated CVE-2022-22814
MISC
nabu_casa — home_assistant_operating_system
 
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. 2022-03-10 not yet calculated CVE-2020-36517
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nacos — nacos A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. 2022-03-11 not yet calculated CVE-2021-44667
MISC
nats — nats-server
 
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. 2022-03-10 not yet calculated CVE-2022-26652
CONFIRM
MISC
CONFIRM
MLIST
network_olympus — network_olympus
 
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in ‘/api/eventinstance’ via the ‘sqlparameter’ JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. 2022-03-10 not yet calculated CVE-2022-25225
MISC
MISC
nextcloud — server Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting “advanced permissions” on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the “groupfolders” application in the admin settings. 2022-03-08 not yet calculated CVE-2021-41241
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. 2022-03-08 not yet calculated CVE-2021-41239
CONFIRM
MISC
MISC
nextcloud — talk
 
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. 2022-03-08 not yet calculated CVE-2021-41180
CONFIRM
MISC
MISC
nextcloud — text
 
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of “File Drop”. For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings. 2022-03-10 not yet calculated CVE-2021-41233
MISC
CONFIRM
northern.tech — cfengine_enterprise Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. 2022-03-10 not yet calculated CVE-2021-44216
MISC
MISC
northern.tech — cfengine_enterprise
 
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. 2022-03-10 not yet calculated CVE-2021-44215
MISC
MISC
nystudio107 — seomatic
 
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. 2022-03-11 not yet calculated CVE-2021-44618
MISC
MISC
onenav — onenav
 
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. 2022-03-12 not yet calculated CVE-2022-26276
MISC
opensuse — opensuse
 
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. 2022-03-09 not yet calculated CVE-2021-36777
CONFIRM
orchardcms — orchardcore Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0820