Vulnerability Summary for the Week of February 7, 2022

02/14/2022 09:03 AM EST
Original release date: February 14, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
[gwa]_autoresponder_project — [gwa]_autoresponder Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. 2022-02-04 7.5 CVE-2021-44779
CONFIRM
CONFIRM
advantech — adam-3600_firmware The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. 2022-02-04 7.5 CVE-2022-22987
CONFIRM
apache — gobblin Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 2022-02-04 7.5 CVE-2021-36152
MISC
debian — perm perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) 2022-02-05 7.5 CVE-2021-38172
MISC
MISC
MISC
CONFIRM
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. 2022-02-04 7.5 CVE-2021-46227
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. 2022-02-04 7.5 CVE-2021-46229
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. 2022-02-04 7.5 CVE-2021-46233
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. 2022-02-04 7.5 CVE-2021-46232
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. 2022-02-04 7.5 CVE-2021-46231
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. 2022-02-04 7.5 CVE-2021-46226
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. 2022-02-04 7.5 CVE-2021-46230
MISC
MISC
dlink — di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. 2022-02-04 7.5 CVE-2021-46228
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. 2022-02-04 7.5 CVE-2021-46455
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. 2022-02-04 7.5 CVE-2021-46452
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. 2022-02-04 7.5 CVE-2021-46457
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. 2022-02-04 7.5 CVE-2021-46456
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. 2022-02-04 7.5 CVE-2021-46453
MISC
MISC
dlink — dir-823_pro_firmware D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. 2022-02-04 7.5 CVE-2021-46454
MISC
MISC
dlink — dir-878_firmware D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 10 CVE-2021-44880
MISC
MISC
dlink — dir-878_firmware D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 10 CVE-2021-44882
MISC
MISC
dlink — dir-882_firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 7.5 CVE-2021-45998
MISC
MISC
dlink — dir-882_firmware D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 10 CVE-2021-44881
MISC
MISC
emlog — emlog Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). 2022-02-04 7.5 CVE-2022-23379
MISC
eset — endpoint_antivirus ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITYSYSTEM. 2022-02-09 7.2 CVE-2021-37852
MISC
MISC
gitea — gitea Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code. 2022-02-08 7.5 CVE-2021-45327
MISC
MISC
MISC
MISC
globalnorthstar — northstar_club_management Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. 2022-02-04 7.5 CVE-2021-29396
MISC
MISC
globalnorthstar — northstar_club_management Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled “command” and “commandvalues” parameters. 2022-02-04 10 CVE-2021-29393
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 7.5 CVE-2022-23587
MISC
MISC
CONFIRM
hyphp — hybbs2 Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. 2022-02-09 7.5 CVE-2022-24677
MISC
idreamsoft — icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. 2022-02-04 7.5 CVE-2021-44978
MISC
MISC
itunesrpc-remastered_project — itunesrpc-remastered iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade. 2022-02-04 7.5 CVE-2022-23611
CONFIRM
MISC
joplin_project — joplin Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. 2022-02-08 7.5 CVE-2022-23340
MISC
korenix — jetwave_2212s_firmware Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. 2022-02-06 9 CVE-2021-39280
MISC
MISC
linux — linux_kernel A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. 2022-02-04 7.2 CVE-2021-4154
MISC
MISC
mruby — mruby NULL Pointer Dereference in Homebrew mruby prior to 3.2. 2022-02-04 7.8 CVE-2022-0481
CONFIRM
MISC
nats — nats_server NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the “dynamically provisioned sandbox accounts” feature. 2022-02-08 9 CVE-2022-24450
MISC
CONFIRM
neutrinolabs — xrdp xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds. 2022-02-07 7.2 CVE-2022-23613
MISC
CONFIRM
putil-merge_project — putil-merge This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 2022-02-04 7.5 CVE-2021-23470
CONFIRM
CONFIRM
radare — radare2 Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. 2022-02-08 7.5 CVE-2022-0139
MISC
CONFIRM
riconmobile — s9922l_firmware The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. 2022-02-04 10 CVE-2022-0365
CONFIRM
sap — content_server SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. 2022-02-09 10 CVE-2022-22536
MISC
MISC
sap — netweaver_application_server_java In SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim’s logon session. 2022-02-09 7.5 CVE-2022-22532
MISC
MISC
schneider-electric — easergy_p3_firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205) 2022-02-04 8.3 CVE-2022-22725
MISC
schneider-electric — easergy_p5_firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 2022-02-04 8.3 CVE-2022-22723
MISC
schneider-electric — ecostruxure_power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 9.3 CVE-2022-22727
MISC
sealevel — seaconnect_370w_firmware A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 7.5 CVE-2021-21960
MISC
sealevel — seaconnect_370w_firmware A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 7.5 CVE-2021-21961
MISC
sealevel — seaconnect_370w_firmware A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 7.1 CVE-2021-21964
MISC
servisnet — tessa An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. 2022-02-06 10 CVE-2022-22832
MISC
MISC
MISC
MISC
servisnet — tessa An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. 2022-02-06 7.5 CVE-2022-22831
MISC
MISC
MISC
MISC
set_project — set This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 2022-02-04 7.5 CVE-2021-23497
CONFIRM
CONFIRM
CONFIRM
silabs — zgm130s037hgn_firmware Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. 2022-02-04 7.9 CVE-2013-20003
MISC
MISC
MISC
skratchdot — object-path-set The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 2022-02-04 7.5 CVE-2021-23507
CONFIRM
CONFIRM
CONFIRM
CONFIRM
starwindsoftware — iscsi_san StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. 2022-02-06 7.5 CVE-2013-20004
MISC
starwindsoftware — nas StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command. 2022-02-06 10 CVE-2022-24552
MISC
starwindsoftware — nas StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users’ passwords. 2022-02-06 9 CVE-2022-24551
MISC
strangerstudios — paid_memberships_pro The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection 2022-02-07 7.5 CVE-2021-25114
MISC
MISC
symfony — twig Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. 2022-02-04 7.5 CVE-2022-23614
MISC
MISC
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
synology — diskstation_manager Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. 2022-02-07 7.5 CVE-2021-43925
CONFIRM
synology — diskstation_manager Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. 2022-02-07 7.5 CVE-2021-43926
CONFIRM
synology — diskstation_manager Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. 2022-02-07 7.5 CVE-2021-43927
CONFIRM
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters. 2022-02-04 7.5 CVE-2022-24144
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24152
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. 2022-02-04 7.5 CVE-2022-24148
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter. 2022-02-04 7.5 CVE-2022-24150
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. 2022-02-04 7.8 CVE-2022-24142
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. 2022-02-04 7.8 CVE-2022-24145
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24146
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. 2022-02-04 7.8 CVE-2022-24147
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. 2022-02-04 7.8 CVE-2022-24149
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. 2022-02-04 7.8 CVE-2022-24151
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 2022-02-04 7.8 CVE-2022-24143
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. 2022-02-04 7.8 CVE-2022-24153
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. 2022-02-04 7.8 CVE-2022-24157
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. 2022-02-04 7.8 CVE-2022-24160
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24158
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter. 2022-02-04 7.8 CVE-2022-24161
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-02-04 7.8 CVE-2022-24162
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter. 2022-02-04 7.8 CVE-2022-24154
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters. 2022-02-04 7.8 CVE-2022-24159
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 7.8 CVE-2022-24156
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 2022-02-04 7.8 CVE-2022-24163
MISC
tenda — ax3_firmware Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. 2022-02-04 7.8 CVE-2022-24155
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. 2022-02-04 7.5 CVE-2022-24171
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. 2022-02-04 7.5 CVE-2022-24168
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. 2022-02-04 7.5 CVE-2022-24167
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter. 2022-02-04 7.5 CVE-2022-24165
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter. 2022-02-04 7.8 CVE-2022-24164
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter. 2022-02-04 7.8 CVE-2022-24166
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. 2022-02-04 7.5 CVE-2022-24170
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. 2022-02-04 7.8 CVE-2021-45988
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. 2022-02-04 7.8 CVE-2021-45989
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters. 2022-02-04 7.8 CVE-2021-45995
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. 2022-02-04 7.5 CVE-2021-45990
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. 2022-02-04 7.5 CVE-2021-45987
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. 2022-02-04 7.5 CVE-2021-45986
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter. 2022-02-04 7.8 CVE-2022-24172
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-02-04 7.8 CVE-2021-45997
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-02-04 7.8 CVE-2021-45996
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter. 2022-02-04 7.8 CVE-2021-45994
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters. 2022-02-04 7.8 CVE-2021-45993
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter. 2022-02-04 7.8 CVE-2021-45992
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter. 2022-02-04 7.8 CVE-2021-45991
MISC
MISC
tendacn — g1_firmware Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter. 2022-02-04 7.8 CVE-2022-24169
MISC
totolink — a720r_firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. 2022-02-04 7.8 CVE-2021-44246
MISC
totolink — a720r_firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. 2022-02-04 7.5 CVE-2021-44247
MISC
ujcms — jspxcms A vulnerability in ${“freemarker.template.utility.Execute”?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. 2022-02-04 7.5 CVE-2022-23329
MISC
voipmonitor — voipmonitor An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. 2022-02-04 7.5 CVE-2022-24259
MISC
voipmonitor — voipmonitor A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. 2022-02-04 10 CVE-2022-24260
MISC
zephyrproject — zephyr The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj 2022-02-07 7.2 CVE-2021-3861
N/A

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — opc_server_for_ac_800m Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. 2022-02-04 6.5 CVE-2021-22284
MISC
abb — pni800_firmware Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 5 CVE-2021-22286
MISC
abb — pni800_firmware Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 5 CVE-2021-22285
MISC
abb — pni800_firmware Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 5 CVE-2021-22288
MISC
acronis — agent Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.6 CVE-2022-24113
MISC
acronis — true_image Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.6 CVE-2021-44204
MISC
acronis — true_image Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.4 CVE-2021-44206
MISC
acronis — true_image Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 4.4 CVE-2021-44205
MISC
acronis — true_image Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 2022-02-04 4.6 CVE-2022-24115
MISC
acronis — true_image Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 2022-02-04 4.4 CVE-2022-24114
MISC
amd — radeon_pro_software AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. 2022-02-04 4.4 CVE-2020-12891
MISC
amd — ryzen_pro_5650g_firmware When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. 2022-02-04 5 CVE-2020-12965
MISC
apache — activemq_artemis In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. 2022-02-04 5 CVE-2022-23913
MISC
apache — traffic_control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. 2022-02-06 5 CVE-2022-23206
MISC
arangodb — arangodb In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost. 2022-02-09 4 CVE-2021-25939
MISC
MISC
MISC
arista — eos The impact of this vulnerability is that Arista’s EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. 2022-02-04 6.8 CVE-2021-28503
MISC
atftp_project — atftp options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. 2022-02-04 5 CVE-2021-46671
MISC
MISC
beanstalk_console_project — beanstalk_console Cross-site Scripting (XSS) – Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. 2022-02-05 4.3 CVE-2022-0501
MISC
CONFIRM
blog_project — blog m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-02-08 6.5 CVE-2022-23626
CONFIRM
MISC
bracketspace — advanced_cron_manager The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress plugin before 2.5.3 does not have authorisation checks in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example 2022-02-07 4 CVE-2021-25084
MISC
broadcom — ca_harvest_software_change_manager CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. 2022-02-04 6.5 CVE-2022-22689
MISC
chatwoot — chatwoot Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. 2022-02-09 4.3 CVE-2022-0527
MISC
CONFIRM
chatwoot — chatwoot Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. 2022-02-09 4 CVE-2021-3813
MISC
CONFIRM
chatwoot — chatwoot Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. 2022-02-09 4.3 CVE-2022-0526
CONFIRM
MISC
codemiq — wordpress_email_template_designer The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. 2022-02-04 4.3 CVE-2022-0218
MISC
MISC
codex_project — codex A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. 2022-02-04 4.3 CVE-2021-43635
MISC
MISC
MISC
dataease_project — dataease In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. 2022-02-08 6.5 CVE-2022-23331
MISC
dounokouno — transmitmail Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 2022-02-08 4.3 CVE-2022-22146
MISC
MISC
dounokouno — transmitmail Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. 2022-02-08 5 CVE-2022-21193
MISC
MISC
econosys-system — php_mailform Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 2022-02-08 4.3 CVE-2022-22142
MISC
MISC
econosys-system — php_mailform Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 2022-02-08 4.3 CVE-2022-21805
MISC
MISC
embed_swagger_project — embed_swagger The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. 2022-02-04 4.3 CVE-2022-0381
MISC
MISC
MISC
etoilewebdesign — ultimate_product_catalog The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin’s settings for example 2022-02-07 4 CVE-2021-24993
CONFIRM
MISC
f-secure — atlant A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2022-02-09 5 CVE-2021-40837
MISC
MISC
ffjpeg_project — ffjpeg Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. 2022-02-08 4.3 CVE-2021-44956
MISC
ffjpeg_project — ffjpeg Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. 2022-02-08 4.3 CVE-2021-44957
MISC
filebrowser — filebrowser A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. 2022-02-04 6.8 CVE-2021-46398
MISC
MISC
MISC
MISC
MISC
fisco-bcos — fisco-bcos FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. 2022-02-07 5 CVE-2021-46359
MISC
follow-redirects_project — follow-redirects Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8. 2022-02-09 4.3 CVE-2022-0536
CONFIRM
MISC
fotobook_project — fotobook The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER[‘PHP_SELF’] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. 2022-02-04 4.3 CVE-2022-0380
MISC
MISC
foxit — pdf_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-02-04 6.8 CVE-2021-40420
MISC
foxit — pdf_reader A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-02-04 6.8 CVE-2022-22150
MISC
frourio — frourio Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. 2022-02-07 6.5 CVE-2022-23623
CONFIRM
MISC
frourio — frourio-express Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. 2022-02-07 6.5 CVE-2022-23624
MISC
CONFIRM
gerbv_project — gerbv A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 6.8 CVE-2021-40401
MISC
gerbv_project — gerbv An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 4.3 CVE-2021-40403
MISC
gitea — gitea Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (‘Open Redirect’) via internal URLs. 2022-02-08 5.8 CVE-2021-45328
MISC
MISC
gitea — gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. 2022-02-08 5 CVE-2021-45325
MISC
MISC
gitea — gitea Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. 2022-02-08 4.3 CVE-2021-45329
MISC
MISC
gitea — gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. 2022-02-08 6.8 CVE-2021-45326
MISC
MISC
MISC
globalnorthstar — northstar_club_management Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. 2022-02-04 5 CVE-2021-29395
MISC
MISC
globalnorthstar — northstar_club_management Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. 2022-02-04 5 CVE-2021-29397
MISC
MISC
globalnorthstar — northstar_club_management Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled “userID” parameter of the HTTP POST request. 2022-02-04 4 CVE-2021-29394
MISC
MISC
globalnorthstar — northstar_club_management Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. 2022-02-04 5 CVE-2021-29398
MISC
MISC
google — android In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05850708; Issue ID: ALPS05850708. 2022-02-09 4.6 CVE-2022-20031
MISC
google — android In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793. 2022-02-09 4.6 CVE-2022-20030
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID: ALPS06198663. 2022-02-09 4.6 CVE-2022-20028
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. 2022-02-09 4.6 CVE-2022-20025
MISC
google — android In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806. 2022-02-09 4.6 CVE-2022-20034
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. 2022-02-09 4.6 CVE-2022-20026
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826. 2022-02-09 4.6 CVE-2022-20027
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23591
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23570
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23571
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23572
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23575
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23576
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23579
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23580
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 5 CVE-2022-23581
CONFIRM
MISC
MISC
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23577
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 2022-02-04 5 CVE-2022-23593
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23564
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23578
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23582
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don’t match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23583
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23584
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(…, &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23585
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23586
MISC
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23588
MISC
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23589
CONFIRM
MISC
MISC
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23595
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23565
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. 2022-02-04 5 CVE-2022-23590
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23561
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. 2022-02-04 6.5 CVE-2022-23560
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 4 CVE-2022-23557
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. TensorFlow’s type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 2022-02-04 5.5 CVE-2022-23592
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow’s `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23574
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23573
CONFIRM
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23566
CONFIRM
MISC
MISC
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23562
MISC
MISC
CONFIRM
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 6.5 CVE-2022-23558
MISC
MISC
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. 2022-02-04 6.5 CVE-2022-23559
MISC
CONFIRM
MISC
MISC
MISC
gpac — gpac A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. 2022-02-04 4.3 CVE-2022-24249
MISC
gpac — gpac NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. 2022-02-04 4.3 CVE-2021-4043
CONFIRM
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-02-08 6.8 CVE-2022-21703
MISC
MISC
CONFIRM
high_resolution_streaming_image_server_project — high_resolution_streaming_image_server IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. 2022-02-07 5 CVE-2021-46389
MISC
MISC
hpe — agentless_management A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. 2022-02-04 4.6 CVE-2021-29218
MISC
hpe — flexnetwork_5130_jg932a_firmware A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. 2022-02-04 4.6 CVE-2021-29219
MISC
hyphp — hybbs2 update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. 2022-02-09 6.5 CVE-2022-24676
MISC
ibm — power_system_ac922_(8335-gtx)_firmware IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. 2022-02-04 5 CVE-2021-38960
XF
CONFIRM
idreamsoft — icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. 2022-02-04 5 CVE-2021-44977
MISC
ip2location — country_blocker The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. 2022-02-07 4.3 CVE-2021-25108
CONFIRM
MISC
ip2location — country_blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL 2022-02-07 6.4 CVE-2021-25096
CONFIRM
MISC
ip2location — country_blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. 2022-02-07 5.5 CVE-2021-25095
CONFIRM
MISC
itunesrpc-remastered_project — itunesrpc-remastered iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible. 2022-02-04 6.4 CVE-2022-23609
CONFIRM
MISC
jenkins — jenkins Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. 2022-02-09 5 CVE-2022-0538
CONFIRM
MLIST
jpress — jpress A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. 2022-02-04 6.5 CVE-2022-23330
MISC
karma_project — karma Cross-site Scripting (XSS) – DOM in NPM karma prior to 6.3.14. 2022-02-05 4.3 CVE-2022-0437
CONFIRM
MISC
kicad — kicad_eda A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 6.8 CVE-2022-23947
MISC
kicad — kicad_eda A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 6.8 CVE-2022-23946
MISC
linuxfoundation — argo-cd Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. 2022-02-04 4 CVE-2022-24348
MISC
CONFIRM
mahara — mahara In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) 2022-02-09 4 CVE-2022-24694
MISC
MISC
microfocus — voltage_securemail A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. 2022-02-04 4 CVE-2021-38130
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Tampering Vulnerability. 2022-02-07 5 CVE-2022-23261
N/A
microsoft — edge_chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. 2022-02-07 4.4 CVE-2022-23263
N/A
microsoft — edge_chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. 2022-02-07 6.8 CVE-2022-23262
N/A
microweber — microweber Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. 2022-02-08 4.3 CVE-2022-0505
MISC
CONFIRM
microweber — microweber Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. 2022-02-08 4 CVE-2022-0504
MISC
CONFIRM
mirantis — container_cloud_lens_extension Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. 2022-02-04 6.8 CVE-2022-0484
MISC
mongodb — mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. 2022-02-04 5.5 CVE-2021-32036
MISC
mruby — mruby Out-of-bounds Read in Homebrew mruby prior to 3.2. 2022-02-09 6.4 CVE-2022-0525
CONFIRM
MISC
msi — app_player Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44900
MISC
MISC
msi — center Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44899
MISC
MISC
msi — center_pro Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44903
MISC
MISC
msi — dragon_center Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 4.6 CVE-2021-44901
MISC
MISC
nvidia — gpu_display_driver NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. 2022-02-07 4.9 CVE-2022-21815
CONFIRM
nvidia — virtual_gpu NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. 2022-02-07 4.9 CVE-2022-21816
CONFIRM
MISC
ocproducts — composr Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. 2022-02-09 6.5 CVE-2021-46360
MISC
octopus — octopus_deploy In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. 2022-02-07 5.8 CVE-2022-23184
MISC
openzeppelin — openzeppelin In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution. 2022-02-04 5 CVE-2021-46320
MISC
publify_project — publify Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. 2022-02-08 5 CVE-2022-0524
MISC
CONFIRM
quickbox — quickbox QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at “adminuseredit.php?usertoedit=XSS”, as the user supplied input for the value of this parameter is not properly sanitized. 2022-02-07 4.3 CVE-2021-45281
MISC
radare — radare2 Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 6.8 CVE-2022-0523
MISC
CONFIRM
radare — radare2 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0518
MISC
CONFIRM
radare — radare2 Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0519
MISC
CONFIRM
radare — radare2 Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0521
MISC
CONFIRM
radare — radare2 Use After Free in NPM radare2.js prior to 5.6.2. 2022-02-08 6.8 CVE-2022-0520
MISC
CONFIRM
radare — radare2 Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. 2022-02-08 5.8 CVE-2022-0522
CONFIRM
MISC
rearrange_woocommerce_products_project — rearrange_woocommerce_products The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post. 2022-02-07 4 CVE-2021-24928
MISC
sap — netweaver_application_server_java Due to improper error handling in SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. 2022-02-09 5 CVE-2022-22533
MISC
MISC
schneider-electric — bmxp342020_firmware A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) 2022-02-04 6.8 CVE-2020-7534
MISC
schneider-electric — easergy_p5_firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 2022-02-04 5.4 CVE-2022-22722
MISC
schneider-electric — ecostruxure_power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 4 CVE-2022-22726
MISC
sealevel — seaconnect_370w_firmware An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 4.3 CVE-2021-21971
MISC
MISC
sealevel — seaconnect_370w_firmware An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 2022-02-04 6.8 CVE-2021-21969
MISC
sealevel — seaconnect_370w_firmware An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 4.3 CVE-2021-21963
MISC
sealevel — seaconnect_370w_firmware A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. 2022-02-04 6.8 CVE-2021-21959
MISC
sealevel — seaconnect_370w_firmware A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 6.4 CVE-2021-21965
MISC
sealevel — seaconnect_370w_firmware A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 5.8 CVE-2021-21968
MISC
sealevel — seaconnect_370w_firmware An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 2022-02-04 6.8 CVE-2021-21970
MISC
sealevel — seaconnect_370w_firmware A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. 2022-02-04 6.8 CVE-2021-21962
MISC
seeddms — seeddms Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the “referuri” parameter. 2022-02-04 5.8 CVE-2021-45408
MISC
servisnet — tessa An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. 2022-02-06 5 CVE-2022-22833
MISC
MISC
MISC
MISC
seur_oficial_project — seur_oficial The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. 2022-02-07 4 CVE-2021-25004
MISC
shibboleth — oidc_op The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. 2022-02-04 6.4 CVE-2022-24129
MISC
MISC
CONFIRM
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593) 2022-02-09 6.8 CVE-2021-46155
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602) 2022-02-09 6.8 CVE-2021-46158
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050) 2022-02-09 6.8 CVE-2021-46159
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286) 2022-02-09 6.8 CVE-2021-46160
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684) 2022-02-09 6.8 CVE-2021-46156
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302) 2022-02-09 6.8 CVE-2021-46161
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304) 2022-02-09 6.8 CVE-2021-46154
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757) 2022-02-09 6.8 CVE-2021-46157
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599) 2022-02-09 6.8 CVE-2021-46153
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) 2022-02-09 6.8 CVE-2021-46152
MISC
MISC
MISC
MISC
MISC
siemens — simcenter_femap A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082) 2022-02-09 6.8 CVE-2021-46151
MISC
MISC
MISC
silabs — zgm130s037hgn_firmware The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. 2022-02-04 4.8 CVE-2018-25029
CONFIRM
MISC
silverstripe — silverstripe Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1. 2022-02-04 4 CVE-2022-0227
CONFIRM
MISC
starwindsoftware — iscsi_san StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion. 2022-02-06 5 CVE-2007-20001
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue 2022-02-07 4.3 CVE-2021-24878
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. 2022-02-07 4.3 CVE-2021-24843
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it. 2022-02-07 6.8 CVE-2021-24879
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well. 2022-02-07 4.3 CVE-2021-24839
MISC
synology — diskstation_manager Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. 2022-02-07 5 CVE-2022-22680
CONFIRM
synology — diskstation_manager Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. 2022-02-07 4 CVE-2022-22679
CONFIRM
synology — diskstation_manager Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2022-02-07 4 CVE-2021-43929
CONFIRM
synology — mail_station Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in mail sending and receiving component in Synology Mail Station before 7.0.1-42218-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2022-02-07 6.5 CVE-2021-43928
CONFIRM
MISC
taogogo — taocms An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. 2022-02-04 4 CVE-2022-23316
MISC
taogogo — taocms In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. 2022-02-04 4 CVE-2021-44983
MISC
thinkupthemes — responsive_vector_maps The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server 2022-02-07 4 CVE-2021-24947
MISC
tp-link — wn886n_firmware TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. 2022-02-08 4 CVE-2021-44864
MISC
twistedmatrix — twisted twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. 2022-02-07 5 CVE-2022-21712
MISC
MISC
CONFIRM
virustotal — yara A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. 2022-02-04 4.3 CVE-2021-45429
MISC
visser — store_exporter_for_woocommerce The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. 2022-02-07 4.3 CVE-2022-0149
CONFIRM
MISC
visser — store_toolkit_for_woocommerce The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting 2022-02-07 4.3 CVE-2021-25077
MISC
CONFIRM
vmware — cloud_foundation VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. 2022-02-04 4 CVE-2022-22939
MISC
voipmonitor — voipmonitor The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. 2022-02-04 6.8 CVE-2022-24262
MISC
xwiki — xwiki ### Impact It’s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it’s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: – a first one to fix the CSRF problem – a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It’s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsern… In version after 13.x it’s also possible to edit manually the forgotusername.vm file, but it’s really encouraged to upgrade the version here. ### References * jira.xwiki.org/browse/XWIKI-18384 * jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org) 2022-02-04 4.3 CVE-2021-32732
MISC
MISC
CONFIRM
MISC
MISC
yet_another_stars_rating_project — yet_another_stars_rating Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter ‘source’. 2022-02-04 4.3 CVE-2022-23980
CONFIRM
CONFIRM
zammad — zammad In Zammad 5.0.2, agents can configure “out of office” periods and substitute persons. If the substitute persons didn’t have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. 2022-02-04 5 CVE-2021-44886
MISC
zammad — zammad With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. 2022-02-04 5.5 CVE-2021-43145
MISC
zephyrproject — zephyr Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf 2022-02-07 5.8 CVE-2021-3835
N/A
zimbra — collaboration An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. 2022-02-09 4.3 CVE-2022-24682
MISC
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — epyc_7763_firmware AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. 2022-02-04 2.1 CVE-2020-12966
MISC
apache — gobblin In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 2022-02-04 2.1 CVE-2021-36151
MISC
beanstalk_console_project — beanstalk_console Cross-site Scripting (XSS) – Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. 2022-02-09 3.5 CVE-2022-0539
CONFIRM
MISC
cluevo — learning_management_system The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course’s module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-07 3.5 CVE-2021-25029
MISC
elecom — wrc-300febk-r_firmware Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. 2022-02-08 2.9 CVE-2022-21799
MISC
MISC
fleetdm — fleet fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider (SP) could reuse the SAML response to log into Fleet as a user — only if the user has an account with the same email in Fleet, _and_ the user signs into the malicious SP via SAML SSO from the same Identity Provider (IdP) configured with Fleet. 2. A user with an account in Fleet could reuse a SAML response intended for another SP to log into Fleet. This is only a concern if the user is blocked from Fleet in the IdP, but continues to have an account in Fleet. If the user is blocked from the IdP entirely, this cannot be exploited. Fleet 4.9.1 resolves this issue. Users unable to upgrade should: Reduce the length of sessions on your IdP to reduce the window for malicious re-use, Limit the amount of SAML Service Providers/Applications used by user accounts with access to Fleet, and When removing access to Fleet in the IdP, delete the Fleet user from Fleet as well. 2022-02-04 3.5 CVE-2022-23600
MISC
CONFIRM
google — android In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. 2022-02-09 2.1 CVE-2022-20029
MISC
google — android In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862973; Issue ID: ALPS05862973. 2022-02-09 2.1 CVE-2022-20033
MISC
google — android In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675. 2022-02-09 2.1 CVE-2022-20035
MISC
google — android In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. 2022-02-09 2.1 CVE-2022-20042
MISC
google — android In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822. 2022-02-09 1.9 CVE-2022-20032
MISC
google — go-attestation An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above. 2022-02-04 2.1 CVE-2022-0317
MISC
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. 2022-02-04 2.1 CVE-2022-23594
MISC
CONFIRM
google — tensorflow Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. 2022-02-04 3.3 CVE-2022-23563
CONFIRM
grafana — grafana Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. 2022-02-08 2.1 CVE-2022-21702
CONFIRM
MISC
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-02-08 3.5 CVE-2022-21713
MISC
MISC
CONFIRM
gtranslate — translate_wordpress_with_gtranslate The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY 2022-02-07 2.6 CVE-2021-25103
MISC
ivorysearch — ivory_search The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-07 3.5 CVE-2021-25105
MISC
laracom_project — laracom Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. 2022-02-04 3.5 CVE-2022-0472
CONFIRM
MISC
linux — linux_kernel An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. 2022-02-04 1.9 CVE-2022-24448
MISC
MISC
MISC
MISC
linux — linux_kernel A vulnerability was found in the Linux kernel’s eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 2022-02-04 2.1 CVE-2022-0264
MISC
linux — linux_kernel A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. 2022-02-04 2.1 CVE-2022-0487
MISC
MISC
livehelperchat — live_helper_chat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-02-06 3.5 CVE-2022-0502
MISC
CONFIRM
microweber — microweber Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. 2022-02-08 3.5 CVE-2022-0506
CONFIRM
MISC
nvidia — gpu_display_driver NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 2022-02-07 3.6 CVE-2022-21813
CONFIRM
nvidia — gpu_display_driver NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 2022-02-07 3.6 CVE-2022-21814
CONFIRM
pimcore — pimcore Cross-site Scripting (XSS) – Reflected in Packagist pimcore/pimcore prior to 10.3.1. 2022-02-08 3.5 CVE-2022-0510
MISC
CONFIRM
pimcore — pimcore Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.3.1. 2022-02-08 3.5 CVE-2022-0509
CONFIRM
MISC
premio — mystickyelements The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. 2022-02-07 3.5 CVE-2022-0148
MISC
CONFIRM
schneider-electric — ecostruxure_power_monitoring_expert A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 3.5 CVE-2022-22804
MISC
std42 — elfinder Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. 2022-02-08 3.5 CVE-2021-45919
MISC
supportcandy — supportcandy The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2022-02-07 3.5 CVE-2021-24880
MISC
tastyigniter — tastyigniter A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The “items%5B0%5D%5Bpath%5D” parameter of a request made to /admin/allergens/edit/1 is vulnerable. 2022-02-09 3.5 CVE-2022-23378
MISC
MISC
trendmicro — worry-free_business_security A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-02-04 3.6 CVE-2022-23805
MISC
MISC
wire — wire-webapp Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue. 2022-02-04 2.1 CVE-2022-23605
MISC
CONFIRM
wpeka — wplegalpages The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting 2022-02-07 3.5 CVE-2021-25106
MISC
xwiki — xwiki XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it’s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn’t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files. 2022-02-04 3.5 CVE-2021-43841
MISC
MISC
CONFIRM
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acronis — vss_doctor  Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 2022-02-11 not yet calculated CVE-2022-0483
MISC
adobe — illustrator  When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 2022-02-09 not yet calculated CVE-2022-22538
MISC
MISC
apache — apisix  An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX’s data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. 2022-02-11 not yet calculated CVE-2022-24112
MISC
MLIST
apache — apple_cassandra  When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. 2022-02-11 not yet calculated CVE-2021-44521
MISC
MLIST
apache — cayenne  Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne’s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to ‘remote’ applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution. 2022-02-11 not yet calculated CVE-2022-24289
MISC
MLIST
apache — jim  Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: – maildir mailbox store – Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). 2022-02-07 not yet calculated CVE-2022-22931
MISC
MISC
apple — swift-nio-http2  A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-02-09 not yet calculated CVE-2022-24668
MISC
apple — swift-nio-http2  A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-02-09 not yet calculated CVE-2022-24666
MISC
apple — swift-nio-http2  A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time 2022-02-09 not yet calculated CVE-2022-24667
MISC
bd — pyxis_products  Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information. 2022-02-11 not yet calculated CVE-2022-22766
CONFIRM
bd — viper_lt  BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability. 2022-02-12 not yet calculated CVE-2022-22765
CONFIRM
blitzjs — superjson  superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23631
CONFIRM
canon — laser_printers_and_small_office_multifunctional_printers  Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. 2022-02-08 not yet calculated CVE-2021-20877
MISC
MISC
MISC
MISC
MISC
chocobozzz — peertube  Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 2022-02-08 not yet calculated CVE-2022-0508
MISC
CONFIRM
cisco — dna_center  A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. 2022-02-10 not yet calculated CVE-2022-20630
CISCO
cisco — prime_service_catalog  A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. 2022-02-10 not yet calculated CVE-2022-20680
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20749
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20712
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20707
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20711
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20708
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20710
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20705
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20709
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20706
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20704
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20703
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20701
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20700
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20702
CISCO
cisco — small_business_series_routers  Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. 2022-02-10 not yet calculated CVE-2022-20699
CISCO
cisco — umbrella_secure_web_gateway  A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. 2022-02-10 not yet calculated CVE-2022-20738
CISCO
citrix — workspace_app  An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 – 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. 2022-02-09 not yet calculated CVE-2022-21825
MISC
concrete — cms  A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. 2022-02-09 not yet calculated CVE-2021-22954
MISC
cri-o — cri-o  An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of “safe” sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. 2022-02-09 not yet calculated CVE-2022-0532
MISC
MISC
csv+ — csv+  Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag. 2022-02-08 not yet calculated CVE-2022-21241
MISC
MISC
cuppa — cms  Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. 2022-02-10 not yet calculated CVE-2022-24647
MISC
d-link — routers  A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. 2022-02-10 not yet calculated CVE-2021-41445
MISC
MISC
MISC
MISC
d-link — routers  An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. 2022-02-09 not yet calculated CVE-2021-41442
MISC
MISC
MISC
MISC
d-link — routers  A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot. 2022-02-09 not yet calculated CVE-2021-41441
MISC
MISC
MISC
MISC
dairy_farm_shop_management_system — dairy_farm_shop_management_system  Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. 2022-02-11 not yet calculated CVE-2020-36062
MISC
MISC
MISC
debian — debian-edu-config  It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. 2022-02-11 not yet calculated CVE-2021-20001
MISC
MLIST
MLIST
dell — client_commercial_and_consumer_platforms  Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware. 2022-02-09 not yet calculated CVE-2022-22567
CONFIRM
dell — client_commercial_consumer_platforms  Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. 2022-02-09 not yet calculated CVE-2022-22566
CONFIRM
dell — emc_integrated_system  All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system. 2022-02-09 not yet calculated CVE-2021-36302
CONFIRM
drupal — drupal_core Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. 2022-02-11 not yet calculated CVE-2020-13669
CONFIRM
drupal — drupal_core Cross-site Scripting (XSS) vulnerability in Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. 2022-02-11 not yet calculated CVE-2020-13672
CONFIRM
drupal — drupal_core Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. 2022-02-11 not yet calculated CVE-2020-13677
CONFIRM
drupal — drupal_core Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. 2022-02-11 not yet calculated CVE-2020-13670
CONFIRM
drupal — drupal_core  Drupal’s JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. 2022-02-11 not yet calculated CVE-2020-13675
CONFIRM
drupal — drupal_core  Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. 2022-02-11 not yet calculated CVE-2020-13668
CONFIRM
drupal — entity_embed  The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting. 2022-02-11 not yet calculated CVE-2020-13673
CONFIRM
drupal — quickedit The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. 2022-02-11 not yet calculated CVE-2020-13676
CONFIRM
drupal — quickedit  The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the “access in-place editing” permission from untrusted users will not fully mitigate the vulnerability. 2022-02-11 not yet calculated CVE-2020-13674
CONFIRM
elastic — kibana  An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users 2022-02-11 not yet calculated CVE-2022-23707
MISC
elecom — lan_routers  Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. 2022-02-08 not yet calculated CVE-2022-21173
MISC
MISC
exponent_cms — exponent_cms  Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the “Site/Organization Name”,”Site Title” and “Site Header” parameters while updating the site settings on “/exponentcms/administration/configure_site” 2022-02-09 not yet calculated CVE-2022-23047
MISC
MISC
MISC
exponent_cms — exponent_cms  Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at “themes/simpletheme/{rce}.php” from where can be accessed in order to execute commands. 2022-02-09 not yet calculated CVE-2022-23048
MISC
MISC
MISC
exponent_cms — exponent_cms  Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the “User-Agent” header when logging in. When an administrator user visits the “User Sessions” tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session. 2022-02-09 not yet calculated CVE-2022-23049
MISC
MISC
MISC
fastify — fastify-multipart  This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382). 2022-02-11 not yet calculated CVE-2021-23597
CONFIRM
CONFIRM
CONFIRM
ffjpeg — ffjpeg  A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. 2022-02-11 not yet calculated CVE-2021-45385
MISC
MISC
foxit — pdf_reader Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the ‘subform colSpan=”-2″‘ and ‘draw colSpan=”1″‘ substrings. 2022-02-11 not yet calculated CVE-2022-24954
MISC
MISC
foxit — pdf_reader  Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. 2022-02-11 not yet calculated CVE-2022-24955
MISC
gin-vue-admin — gin-vue-admin  Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. 2022-02-09 not yet calculated CVE-2022-21660
CONFIRM
git — git  The –mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the “GitBleed” issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the –mirror option. 2022-02-11 not yet calculated CVE-2022-24975
MISC
MISC
gitea — gitea  An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. 2022-02-09 not yet calculated CVE-2021-45330
MISC
gitea — gitea  An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. 2022-02-09 not yet calculated CVE-2021-45331
MISC
MISC
gitlab — enterprise_edition  An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call 2022-02-09 not yet calculated CVE-2021-39943
MISC
CONFIRM
MISC
golang — go  Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. 2022-02-11 not yet calculated CVE-2022-23772
MISC
golang — go  cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. 2022-02-11 not yet calculated CVE-2022-23773
MISC
golang — go  Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. 2022-02-11 not yet calculated CVE-2022-23806
MISC
google — android  In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948 2022-02-11 not yet calculated CVE-2021-39619
MISC
google — android  In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A 2022-02-11 not yet calculated CVE-2021-39688
MISC
google — android  In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A 2022-02-11 not yet calculated CVE-2021-39687
MISC
google — android  In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 2022-02-11 not yet calculated CVE-2021-39677
MISC
google — android  In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 2022-02-11 not yet calculated CVE-2021-39676
MISC
google — android  Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 2022-02-11 not yet calculated CVE-2021-39616
MISC
google — android  In clear_data_dlg_text of strings.xml, there is a possible situation when “Clear storage” functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 2022-02-11 not yet calculated CVE-2021-39631
MISC
google — android  In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183 2022-02-11 not yet calculated CVE-2021-39675
MISC
google — android  ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller’s permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 2022-02-11 not yet calculated CVE-2021-39635
MISC
google — android  ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 2022-02-11 not yet calculated CVE-2021-39658
MISC
google — android  In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 2022-02-11 not yet calculated CVE-2021-39662
MISC
google — android  In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135 2022-02-11 not yet calculated CVE-2021-39663
MISC
google — android  In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029 2022-02-11 not yet calculated CVE-2021-39664
MISC
google — android  In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881 2022-02-11 not yet calculated CVE-2021-39665
MISC
google — android  In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 2022-02-11 not yet calculated CVE-2021-39666
MISC
google — android  In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603 2022-02-11 not yet calculated CVE-2021-39668
MISC
google — android  In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 2022-02-11 not yet calculated CVE-2021-39669
MISC
google — android  In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630 2022-02-11 not yet calculated CVE-2021-39671
MISC
google — android  In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701 2022-02-11 not yet calculated CVE-2021-39672
MISC
google — android  In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334 2022-02-11 not yet calculated CVE-2021-0524
MISC
google — android  In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442 2022-02-11 not yet calculated CVE-2021-39674
MISC
google — chrome  Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0117
MISC
MISC
google — chrome  Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0298
MISC
MISC
google — chrome  Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4099
MISC
MISC
google — chrome  Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4098
MISC
MISC
google — chrome  Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0291
MISC
MISC
google — chrome  Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0292
MISC
MISC
google — chrome  Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0293
MISC
MISC
google — chrome  Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0294
MISC
MISC
google — chrome  Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0295
MISC
MISC
google — chrome  Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0296
MISC
MISC
google — chrome  Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0297
MISC
MISC
google — chrome  Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0300
MISC
MISC
google — chrome  Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4101
MISC
MISC
google — chrome  Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0301
MISC
MISC
google — chrome  Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0302
MISC
MISC
google — chrome  Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0304
MISC
MISC
google — chrome  Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0305
MISC
MISC
google — chrome  Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0306
MISC
MISC
google — chrome  Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0307
MISC
MISC
google — chrome  Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0308
MISC
MISC
google — chrome  Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0309
MISC
MISC
google — chrome  Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. 2022-02-12 not yet calculated CVE-2022-0310
MISC
MISC
google — chrome  Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0311
MISC
MISC
google — chrome  Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4100
MISC
MISC
google — chrome  Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-11 not yet calculated CVE-2021-4102
MISC
MISC
google — chrome  Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0116
MISC
MISC
google — chrome  Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0118
MISC
MISC
google — chrome  Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0115
MISC
MISC
google — chrome  Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. 2022-02-12 not yet calculated CVE-2022-0114
MISC
MISC
google — chrome  Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0113
MISC
MISC
google — chrome  Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. 2022-02-12 not yet calculated CVE-2022-0112
MISC
MISC
google — chrome  Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0111
MISC
MISC
google — chrome  Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0110
MISC
MISC
google — chrome  Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0109
MISC
MISC
google — chrome  Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0108
MISC
MISC
google — chrome  Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0107
MISC
MISC
google — chrome  Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0105
MISC
MISC
google — chrome  Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0289
MISC
MISC
google — chrome  Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0104
MISC
MISC
google — chrome  Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0103
MISC
MISC
google — chrome  Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0102
MISC
MISC
google — chrome  Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture. 2022-02-12 not yet calculated CVE-2022-0101
MISC
MISC
google — chrome  Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0100
MISC
MISC
google — chrome  Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. 2022-02-12 not yet calculated CVE-2022-0099
MISC
MISC
google — chrome  Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. 2022-02-12 not yet calculated CVE-2022-0098
MISC
MISC
google — chrome  Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0097
MISC
MISC
google — chrome  Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0096
MISC
MISC
google — chrome  Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. 2022-02-12 not yet calculated CVE-2022-0120
MISC
MISC
google — chrome  Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0106
MISC
MISC
google — chrome  Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2022-02-12 not yet calculated CVE-2022-0290
MISC
MISC
gradle — gradle  Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled. 2022-02-10 not yet calculated CVE-2022-23630
MISC
MISC
CONFIRM
hospital_management_system — hospital_management_system  Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. 2022-02-10 not yet calculated CVE-2022-24646
MISC
htmldoc — htmldoc  A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). 2022-02-09 not yet calculated CVE-2022-0534
MISC
MISC
huawei — huawei There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access. 2022-02-09 not yet calculated CVE-2021-39997
MISC
huawei — huawei There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-40045
MISC
MISC
huawei — huawei There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability. 2022-02-09 not yet calculated CVE-2021-40015
MISC
MISC
huawei — huawei  There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-39991
MISC
huawei — huawei  There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2022-02-09 not yet calculated CVE-2021-39992
MISC
huawei — huawei  There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2022-02-09 not yet calculated CVE-2021-39994
MISC
huawei — huawei  There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-39986
MISC
huawei — huawei  There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access. 2022-02-09 not yet calculated CVE-2021-37107
MISC
huawei — huawei  There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. 2022-02-09 not yet calculated CVE-2021-40044
MISC
huawei — huawei  There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 2022-02-09 not yet calculated CVE-2021-37115
MISC
huawei — huawei  There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. 2022-02-09 not yet calculated CVE-2021-37109
MISC
ifmeorg — ifme  In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks. 2022-02-10 not yet calculated CVE-2021-25992
MISC
MISC
intel — advisor  Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-23152
MISC
intel — advisor  Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-33129
MISC
intel — amt  Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. 2022-02-09 not yet calculated CVE-2021-33068
MISC
CONFIRM
intel — atom_processors  Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. 2022-02-09 not yet calculated CVE-2021-33120
MISC
intel — capital_global_summit_android_application  Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21153
MISC
intel — core_processors  Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated graphics before version 21.10 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33105
MISC
intel — ethernet controllers_and_adapters  Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-33061
MISC
CONFIRM
intel — ethernet controllers_and_adapters  Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-33096
MISC
CONFIRM
intel — gpa_software  Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-33101
MISC
intel — ipp_crypto_library  Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33147
MISC
intel — kernelflinger  Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-33137
MISC
intel — multiple-products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0176
MISC
intel — multiple-products  Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-02-09 not yet calculated CVE-2021-0162
MISC
intel — multiple-products  Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0147
MISC
intel — multiple-products  Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0179
MISC
intel — multiple-products  Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0178
MISC
intel — multiple-products  Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0177
MISC
intel — multiple-products  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0161
MISC
intel — multiple-products  Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0183
MISC
intel — multiple-products  Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0175
MISC
intel — multiple-products  Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0174
MISC
intel — multiple-products  Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0173
MISC
intel — multiple-products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0172
MISC
intel — multiple-products  Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0171
MISC
intel — multiple-products  Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0170
MISC
intel — multiple-products  Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0169
MISC
intel — multiple-products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0168
MISC
intel — multiple-products  Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0167
MISC
intel — multiple-products  Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0166
MISC
intel — multiple-products  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-0165
MISC
intel — multiple-products  Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0164
MISC
intel — multiple-products  Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-02-09 not yet calculated CVE-2021-0163
MISC
intel — multiple_products  Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33139
MISC
intel — multiple_products  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0072
MISC
intel — multiple_products  Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. 2022-02-09 not yet calculated CVE-2021-33107
MISC
intel — multiple_products  Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33110
MISC
intel — multiple_products  Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0076
MISC
intel — multiple_products  Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33155
MISC
intel — multiple_products  Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. 2022-02-09 not yet calculated CVE-2021-33113
MISC
intel — multiple_products  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0066
MISC
intel — multiple_products  Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0060
MISC
CONFIRM
intel — multiple_products  Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access. 2022-02-09 not yet calculated CVE-2021-33114
MISC
intel — processors  Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0107
MISC
CONFIRM
intel — processors  Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0156
MISC
CONFIRM
intel — processors  Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0116
MISC
CONFIRM
intel — processors  Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0117
MISC
CONFIRM
intel — processors  Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0118
MISC
CONFIRM
intel — processors  Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0119
MISC
CONFIRM
intel — processors  NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0111
MISC
CONFIRM
intel — processors  Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0103
MISC
CONFIRM
intel — processors  Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-0145
MISC
CONFIRM
intel — processors  Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0115
MISC
CONFIRM
intel — processors  Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0093
MISC
CONFIRM
intel — processors  Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0092
MISC
CONFIRM
intel — processors  Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. 2022-02-09 not yet calculated CVE-2021-0127
MISC
CONFIRM
intel — processors  Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0091
MISC
CONFIRM
intel — processors  Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0125
MISC
CONFIRM
intel — processors  Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-02-09 not yet calculated CVE-2021-0124
MISC
CONFIRM
intel — processors  Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-0099
MISC
CONFIRM
intel — quartus_prime_pro  Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2021-44454
MISC
intel — quartus_prime_pro_edition  Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21174
MISC
intel — quartus_prime_pro_edition  Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21204
MISC
intel — quartus_prime_standard_edition  Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21203
MISC
intel — realsense_dcm  Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33119
MISC
intel — rxt  Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2021-33166
MISC
intel — smart_campus_android_application  Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21157
MISC
intel — trace_analyzer_and_collector  Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21218
MISC
intel — trace_analyzer_and_collector  Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2022-21133
MISC
intel — trace_analyzer_and_collector  Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. 2022-02-09 not yet calculated CVE-2022-21226
MISC
intel — trace_analyzer_and_collector  Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. 2022-02-09 not yet calculated CVE-2022-21156
MISC
intel — uefi  Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-02-09 not yet calculated CVE-2021-33115
MISC
intl — quartus_prime_pro_edition  Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. 2022-02-09 not yet calculated CVE-2022-21205
MISC
justarchinet — archisteamfarm  ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn’t adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user’s access against bot `A` – instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible. 2022-02-08 not yet calculated CVE-2022-23627
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
kde — kate_and_ktexteditor  The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. 2022-02-11 not yet calculated CVE-2022-23853
MISC
CONFIRM
libtiff — libtiff  Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 2022-02-11 not yet calculated CVE-2022-0561
MISC
MISC
CONFIRM
libtiff — libtiff  Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 2022-02-11 not yet calculated CVE-2022-0562
MISC
MISC
CONFIRM
linux — linux_kernel  An information leak flaw was found due to uninitialized memory in the Linux kernel’s TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. 2022-02-11 not yet calculated CVE-2022-0382
MISC
linux — linux_kernel  An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. 2022-02-11 not yet calculated CVE-2022-24959
MISC
MISC
linux — linux_kernel  A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. 2022-02-11 not yet calculated CVE-2022-0185
MISC
MISC
MISC
MISC
linux — linux_kernel  drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. 2022-02-11 not yet calculated CVE-2022-24958
MISC
MISC
MISC
linux — linux_kernel  The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a “pointer leak.” 2022-02-11 not yet calculated CVE-2021-45402
MISC
MISC
MISC
magnolia — magnolia  A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. 2022-02-11 not yet calculated CVE-2021-46362
MISC
magnolia — magnolia  An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. 2022-02-11 not yet calculated CVE-2021-46365
MISC
magnolia — magnolia  An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file. 2022-02-11 not yet calculated CVE-2021-46363
MISC
magnolia_cms — magnolia_cms  An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. 2022-02-11 not yet calculated CVE-2021-46361
MISC
magnolia_cms — magnolia_cms  An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users’ credentials. 2022-02-11 not yet calculated CVE-2021-46366
MISC
magnolia_cms — magnolia_cms  A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. 2022-02-11 not yet calculated CVE-2021-46364
MISC
mahara — mahara  In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. 2022-02-10 not yet calculated CVE-2022-24111
MISC
MISC
mediatek — bluetooth  In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. 2022-02-09 not yet calculated CVE-2022-20046
MISC
mediatek — bluetooth  In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820. 2022-02-09 not yet calculated CVE-2022-20045
MISC
mediatek — bluetooth  In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. 2022-02-09 not yet calculated CVE-2022-20043
MISC
mediatek — bluetooth  In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814. 2022-02-09 not yet calculated CVE-2022-20044
MISC
mediatek — bluetooth  In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. 2022-02-09 not yet calculated CVE-2022-20041
MISC
mediatek — ccu_driver  In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345. 2022-02-09 not yet calculated CVE-2022-20039
MISC
mediatek — ccu_driver  In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183335; Issue ID: ALPS06183335. 2022-02-09 not yet calculated CVE-2022-20038
MISC
mediatek — ion_driver  In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. 2022-02-09 not yet calculated CVE-2022-20036
MISC
mediatek — ion_driver  In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. 2022-02-09 not yet calculated CVE-2022-20037
MISC
mediatek — ion_driver  In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. 2022-02-09 not yet calculated CVE-2022-20017
MISC
mediatek — power_hal_manager_service  In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID: ALPS06219150. 2022-02-09 not yet calculated CVE-2022-20040
MISC
mediatek — system_service  In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. 2022-02-09 not yet calculated CVE-2022-20024
MISC
mellium — mellium  In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification. 2022-02-11 not yet calculated CVE-2022-24968
MISC
MISC
microsoft — .net  .NET Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-21986
MISC
microsoft — azure_data_explorer  Azure Data Explorer Spoofing Vulnerability. 2022-02-09 not yet calculated CVE-2022-23256
MISC
microsoft — dynamics_365  Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21957
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23272, CVE-2022-23273. 2022-02-09 not yet calculated CVE-2022-23271
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Spoofing Vulnerability. 2022-02-09 not yet calculated CVE-2022-23269
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-23274
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23273. 2022-02-09 not yet calculated CVE-2022-23272
MISC
microsoft — dynamics_gp  Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23272. 2022-02-09 not yet calculated CVE-2022-23273
MISC
microsoft — excel  Microsoft Excel Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-22716
MISC
microsoft — hevc_video_extensions  HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. 2022-02-09 not yet calculated CVE-2022-21844
MISC
microsoft — hevc_video_extensions  HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. 2022-02-09 not yet calculated CVE-2022-21926
MISC
microsoft — hevc_video_extensions  HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. 2022-02-09 not yet calculated CVE-2022-21927
MISC
microsoft — office_  Microsoft Office Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-23252
MISC
microsoft — office_clicktorun  Microsoft Office ClickToRun Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22004
MISC
microsoft — office_graphics  Microsoft Office Graphics Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22003
MISC
microsoft — office_visio  Microsoft Office Visio Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21988
MISC
microsoft — onedrive  Microsoft OneDrive for Android Security Feature Bypass Vulnerability. 2022-02-09 not yet calculated CVE-2022-23255
MISC
microsoft — outlook_for_mac  Microsoft Outlook for Mac Security Feature Bypass Vulnerability. 2022-02-09 not yet calculated CVE-2022-23280
MISC
MISC
microsoft — power_bi  Microsoft Power BI Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-23254
MISC
microsoft — roaming_security_rights_management_services  Roaming Security Rights Management Services Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21974
MISC
microsoft — sharepoint  Microsoft SharePoint Server Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22005
MISC
microsoft — sharepoint_server  Microsoft SharePoint Server Spoofing Vulnerability. 2022-02-09 not yet calculated CVE-2022-21987
MISC
microsoft — sharepoint_server  Microsoft SharePoint Server Security Feature BypassVulnerability. 2022-02-09 not yet calculated CVE-2022-21968
MISC
microsoft — sql_server_for_linux_containers  SQL Server for Linux Containers Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-23276
MISC
microsoft — teams  Microsoft Teams Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-21965
MISC
microsoft — visual_studio  Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21991
MISC
microsoft — vp9_video_extensions  VP9 Video Extensions Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-22709
MISC
microsoft — win32k  Win32k Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-21996
MISC
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22718. 2022-02-09 not yet calculated CVE-2022-22717
MISC
MISC
microsoft — windows  Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22717. 2022-02-09 not yet calculated CVE-2022-22718
MISC
microsoft — windows  Named Pipe File System Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-22715
MISC
microsoft — windows  Windows Runtime Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21971
MISC
microsoft — windows  Windows Remote Access Connection Manager Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-21985
MISC
microsoft — windows  Windows Kernel Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-21989
MISC
microsoft — windows  Windows Hyper-V Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-22712
MISC
microsoft — windows_common_log_file_system  Windows Common Log File System Driver Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-22710
MISC
microsoft — windows_common_log_file_system_driver  Windows Common Log File System Driver Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-21998
MISC
microsoft — windows_common_log_file_system_driver  Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981. 2022-02-09 not yet calculated CVE-2022-22000
MISC
microsoft — windows_common_log_file_system_driver  Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22000. 2022-02-09 not yet calculated CVE-2022-21981
MISC
microsoft — windows_dns_server Windows DNS Server Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21984
MISC
microsoft — windows_dwm_core_library  Windows DWM Core Library Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-21994
MISC
microsoft — windows_hyper-v  Windows Hyper-V Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21995
MISC
microsoft — windows_mobile_device_management  Windows Mobile Device Management Remote Code Execution Vulnerability. 2022-02-09 not yet calculated CVE-2022-21992
MISC
microsoft — windows_print_spooler  Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718. 2022-02-09 not yet calculated CVE-2022-21997
MISC
microsoft — windows_print_spooler  Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. 2022-02-09 not yet calculated CVE-2022-21999
MISC
microsoft — windows_remote_access_connection_manager  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. 2022-02-09 not yet calculated CVE-2022-22001
MISC
microsoft — windows_services_for_nfs_oncrpc_xdr_driver  Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. 2022-02-09 not yet calculated CVE-2022-21993
MISC
microsoft — windows_user_account_profile_picture  Windows User Account Profile Picture Denial of Service Vulnerability. 2022-02-09 not yet calculated CVE-2022-22002
MISC
MISC
microweber — microweber Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. 2022-02-10 not yet calculated CVE-2022-0558
CONFIRM
MISC
microweber — microweber Open Redirect in Packagist microweber/microweber prior to 1.2.11. 2022-02-11 not yet calculated CVE-2022-0560
CONFIRM
MISC
microweber — microweber  OS Command Injection in Packagist microweber/microweber prior to 1.2.11. 2022-02-11 not yet calculated CVE-2022-0557
CONFIRM
MISC
minicms — minicms  MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. 2022-02-10 not yet calculated CVE-2021-44970
MISC
mitsubishi_electric — factory_automation_engineering_products Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. 2022-02-11 not yet calculated CVE-2020-14523
MISC
mitsubishi_electric — factory_automation_engineering_products  Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. 2022-02-11 not yet calculated CVE-2020-14521
MISC
nexacro — nexacro  improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. 2022-02-09 not yet calculated CVE-2021-26613
MISC
nokia — bts_trs_web_console Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. 2022-02-11 not yet calculated CVE-2021-31932
MISC
novel-plus — novel-plus  Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. 2022-02-10 not yet calculated CVE-2022-24568
MISC
ocs_inventory — ocs_inventory  OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS). 2022-02-11 not yet calculated CVE-2021-46355
MISC
MISC
open-policy-agent — opa  OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths. **All of these** three conditions have to be met to create an adverse effect: 1. An AST of Rego had to be **created programmatically** such that it ends up containing terms without a location (such as wildcard variables). 2. The AST had to be **pretty-printed** using the `github.com/open-policy-agent/opa/format` package. 3. The result of the pretty-printing had to be **parsed and evaluated again** via an OPA instance using the bundles, or the Golang packages. If any of these three conditions are not met, you are not affected. Notably, all three would be true if using **optimized bundles**, i.e. bundles created with `opa build -O=1` or higher. In that case, the optimizer would fulfil condition (1.), the result of that would be pretty-printed when writing the bundle to disk, fulfilling (2.). When the bundle was then used, we’d satisfy (3.). As a workaround users may disable optimization when creating bundles. 2022-02-09 not yet calculated CVE-2022-23628
MISC
CONFIRM
MISC
MISC
optimism — geth_forth  Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. 2022-02-10 not yet calculated CVE-2022-24916
MISC
MISC
MISC
MISC
MISC
otrs — ag_otrs  OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions. 2022-02-07 not yet calculated CVE-2022-0473
CONFIRM
otrs — otrscustomcontactfields  Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions. 2022-02-07 not yet calculated CVE-2022-0474
CONFIRM
palo_alto_networks — cortex_xsoar  A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. 2022-02-10 not yet calculated CVE-2022-0020
CONFIRM
palo_alto_networks — globalprotect_app  An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0019
CONFIRM
palo_alto_networks — globalprotect_app  An improper link resolution before file access (‘link following’) vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0017
CONFIRM
palo_alto_networks — globalprotect_app  An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0016
CONFIRM
palo_alto_networks — globalprotect_app  An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0021
CONFIRM
palo_alto_networks — globalprotect_app  An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user’s local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms. 2022-02-10 not yet calculated CVE-2022-0018
CONFIRM
palo_alto_networks — pan-os  PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL. 2022-02-10 not yet calculated CVE-2022-0011
CONFIRM
pingidentity — pingfederate  When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. 2022-02-10 not yet calculated CVE-2021-42000
MISC
MISC
piwigo — piwigo  Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. 2022-02-10 not yet calculated CVE-2021-45357
MISC
portainer — agent  In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. 2022-02-11 not yet calculated CVE-2022-24961
MISC
MISC
MISC
MISC
projeqtor — projeqtor  A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. 2022-02-11 not yet calculated CVE-2021-42940
MISC
MISC
puma — puma  Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails’ Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. 2022-02-11 not yet calculated CVE-2022-23634
CONFIRM
MISC
MISC
MISC
MISC
python — python  A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘r’ and ‘n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. 2022-02-09 not yet calculated CVE-2022-0391
MISC
qnap — nas_running_kazoo_server  An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and later 2022-02-11 not yet calculated CVE-2021-38679
MISC
qualcomm — multiple_snapdragon_products  Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-30322
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-02-11 not yet calculated CVE-2021-30323
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-30317
CONFIRM
qualcomm — multiple_snapdragon_products  Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-30309
CONFIRM
qualcomm — multiple_snapdragon_products  Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-30324
CONFIRM
qualcomm — multiple_snapdragon_products  Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-30325
CONFIRM
qualcomm — multiple_snapdragon_products  Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-30326
CONFIRM
qualcomm — multiple_snapdragon_products  Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-02-11 not yet calculated CVE-2021-35068
CONFIRM
qualcomm — multiple_snapdragon_products  Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-35074
CONFIRM
qualcomm — multiple_snapdragon_products  Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-35075
CONFIRM
qualcomm — multiple_snapdragon_products  Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-02-11 not yet calculated CVE-2021-35077
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-02-11 not yet calculated CVE-2021-30318
CONFIRM
qualcomm — multiple_snapdragon_products  Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-02-11 not yet calculated CVE-2021-35069
CONFIRM
quartus — quartus_prime_pro_edition  Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-02-09 not yet calculated CVE-2022-21220
MISC
rails — rails  Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. 2022-02-11 not yet calculated CVE-2022-23633
MISC
CONFIRM
MLIST
ruby-lang — ruby CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. 2022-02-06 not yet calculated CVE-2021-41816
MISC
MISC
CONFIRM
s-cart — s-cart  A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. 2022-02-11 not yet calculated CVE-2021-44111
MISC
samsung — android_application  Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim’s devices. 2022-02-11 not yet calculated CVE-2022-24925
MISC
samsung — bixby_vision  Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. 2022-02-11 not yet calculated CVE-2022-24003
MISC
samsung — bixby_vision  A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. 2022-02-11 not yet calculated CVE-2022-23434
MISC
samsung — camera  Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. 2022-02-11 not yet calculated CVE-2022-23998
MISC
samsung — edge_panel  Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. 2022-02-11 not yet calculated CVE-2022-24001
MISC
samsung — link_sharing  Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. 2022-02-11 not yet calculated CVE-2022-24002
MISC
samsung — livewallpaperservice  An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. 2022-02-11 not yet calculated CVE-2022-24924
MISC
samsung — mobile An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. 2022-02-11 not yet calculated CVE-2022-23432
MISC
samsung — mobile An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. 2022-02-11 not yet calculated CVE-2022-23431
MISC
samsung — mobile An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. 2022-02-11 not yet calculated CVE-2022-23429
MISC
samsung — mobile An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. 2022-02-11 not yet calculated CVE-2022-23428
MISC
samsung — mobile PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. 2022-02-11 not yet calculated CVE-2022-23427
MISC
samsung — mobile A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. 2022-02-11 not yet calculated CVE-2022-23426
MISC
samsung — mobile  PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. 2022-02-11 not yet calculated CVE-2022-23999
MISC
samsung — mobile  PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. 2022-02-11 not yet calculated CVE-2022-24000
MISC
samsung — mobile  Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. 2022-02-11 not yet calculated CVE-2022-23433
MISC
samsung — mobile  Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. 2022-02-11 not yet calculated CVE-2022-22291
MISC
samsung — mobile  A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. 2022-02-10 not yet calculated CVE-2022-23321
MISC
MISC
MISC
samsung — mobile  Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. 2022-02-11 not yet calculated CVE-2022-23425
MISC
samsung — searchwidget  Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. 2022-02-11 not yet calculated CVE-2022-24923
MISC
samsung — smarttagplugin  Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim’s devices. 2022-02-11 not yet calculated CVE-2022-24926
MISC
samsung — telecom  Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. 2022-02-11 not yet calculated CVE-2022-22292
MISC
samsung — video_player  Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. 2022-02-11 not yet calculated CVE-2022-24927
MISC
samsung — wear_os  Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23996
MISC
samsung — wear_os  Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23995
MISC
samsung — wear_os  An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23994
MISC
samsung — wear_os  Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. 2022-02-11 not yet calculated CVE-2022-23997
MISC
sap — 3d_visual_enterprise_viewer  When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 2022-02-09 not yet calculated CVE-2022-22537
MISC
MISC
sap — 3d_visual_enterprise_viewer  When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 2022-02-09 not yet calculated CVE-2022-22539
MISC
MISC
sap — adaptive_server_enterprise  SAP Adaptive Server Enterprise (ASE) – version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. 2022-02-09 not yet calculated CVE-2022-22528
MISC
MISC
sap — business_objects_web_intelligence  Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) – version 420. 2022-02-09 not yet calculated CVE-2022-22546
MISC
MISC
sap — erp_chm_portugal  SAP ERP HCM Portugal – versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. 2022-02-09 not yet calculated CVE-2022-22535
MISC
MISC
sap — netweaver  Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. 2022-02-09 not yet calculated CVE-2022-22534
MISC
MISC
sap — netweaver_application_server_abap_and_abap_platform  A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. 2022-02-09 not yet calculated CVE-2022-22545
MISC
MISC
sap — netweaver_application_server_for_abap_and_abap_platform  SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) – versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. 2022-02-09 not yet calculated CVE-2022-22543
MISC
MISC
sap — netweaver_as_abap  SAP NetWeaver AS ABAP (Workplace Server) – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. 2022-02-09 not yet calculated CVE-2022-22540
MISC
MISC
sap — s/4hana_supplier_factsheet  S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. 2022-02-09 not yet calculated CVE-2022-22542
MISC
MISC
sap — solution_manager  Solution Manager (Diagnostics Root Cause Analysis Tools) – version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service. 2022-02-09 not yet calculated CVE-2022-22544
MISC
MISC
schneider_electric — conext_combox  A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext ComBox (All Versions) 2022-02-11 not yet calculated CVE-2021-22798
MISC
schneider_electric — connexium_network_manager_software  A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) 2022-02-11 not yet calculated CVE-2021-22801
MISC
schneider_electric — easergy_p40  A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration. 2022-02-09 not yet calculated CVE-2022-22813
MISC
schneider_electric — ecostruxure_ev_charging_expert A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) 2022-02-09 not yet calculated CVE-2022-22807
MISC
schneider_electric — ecostruxure_ev_charging_expert  A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) 2022-02-09 not yet calculated CVE-2022-22808
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22805
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) 2022-02-11 not yet calculated CVE-2021-22824
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22802
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) 2022-02-11 not yet calculated CVE-2021-22823
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22804
MISC
schneider_electric — interactive_graphical_scada_system_data_collector  A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) 2022-02-11 not yet calculated CVE-2021-22803
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24317
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24310
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24312
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24314
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24315
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24311
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24316
MISC
MISC
schneider_electric — interactive_graphical_scada_system_data_server  A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) 2022-02-09 not yet calculated CVE-2022-24313
MISC
MISC
schneider_electric — modicon_ethernet_programmable_automation_products  A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) 2022-02-11 not yet calculated CVE-2021-22785
MISC
schneider_electric — modicon_ethernet_programmable_automation_products  A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) 2022-02-11 not yet calculated CVE-2021-22787
MISC
schneider_electric — modicon_ethernet_programmable_automation_products  A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) 2022-02-11 not yet calculated CVE-2021-22788
MISC
schneider_electric — modicon_m218_logic_controller  A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior) 2022-02-11 not yet calculated CVE-2021-22800
MISC
schneider_electric — multiple_products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22810
MISC
schneider_electric — multiple_products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22809
MISC
schneider_electric — multiple_products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22811
MISC
schneider_electric — multiple_products  A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24318
MISC
schneider_electric — multiple_products  A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) 2022-02-11 not yet calculated CVE-2021-22748
MISC
schneider_electric — multiple_products  A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24319
MISC
schneider_electric — multiple_products  A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24321
MISC
schneider_electric — multiple_products  A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) 2022-02-09 not yet calculated CVE-2021-22817
MISC
schneider_electric — multiple_products  A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) 2022-02-11 not yet calculated CVE-2021-22796
MISC
schneider_electric — multiple_products  A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) 2022-02-11 not yet calculated CVE-2021-22806
MISC
schneider_electric — multiple_products  A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) 2022-02-09 not yet calculated CVE-2022-22812
MISC
schneider_electric — multiple_products  A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 2022-02-09 not yet calculated CVE-2022-24320
MISC
secuwiz — secuwayssl  An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments. 2022-02-09 not yet calculated CVE-2021-26616
MISC
servicenow_orlando — servicenow_orlando  The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. 2022-02-10 not yet calculated CVE-2021-45901
MISC
MISC
siemens — comos  A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. 2022-02-09 not yet calculated CVE-2021-37194
MISC
siemens — jt2go  A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) 2022-02-09 not yet calculated CVE-2021-44018
MISC
siemens — jt2go  A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) 2022-02-09 not yet calculated CVE-2021-44016
MISC
siemens — jt2go  A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) 2022-02-09 not yet calculated CVE-2021-44000
MISC
siemens — sicam_toolbox_II  A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. 2022-02-09 not yet calculated CVE-2021-45106
MISC
siemens — simatic_firmware A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. 2022-02-09 not yet calculated CVE-2021-40363
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 2022-02-09 not yet calculated CVE-2021-37185
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. 2022-02-09 not yet calculated CVE-2021-37204
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 2022-02-09 not yet calculated CVE-2021-37205
MISC
siemens — simatic_firmware  A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server. 2022-02-09 not yet calculated CVE-2021-40360
MISC
siemens — sinema_remote_connect_server  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. 2022-02-09 not yet calculated CVE-2022-23102
MISC
FULLDISC
MISC
siemens — spectrum_power  A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application “Online Help” in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. 2022-02-09 not yet calculated CVE-2022-23312
MISC
statamic_version — statamic_version  A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. 2022-02-10 not yet calculated CVE-2021-45364
MISC
stormshield — stormshield  In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. 2022-02-10 not yet calculated CVE-2021-31814
MISC
MISC
stormshield — stormshield_network_security  Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. 2022-02-10 not yet calculated CVE-2021-37613
MISC
MISC
stormshield — stormshield_network_security  Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. 2022-02-10 not yet calculated CVE-2021-3398
MISC
MISC
taocms — taocms  Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. 2022-02-10 not yet calculated CVE-2021-44969
MISC
tcman_gim — tcman_gim The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. 2022-02-11 not yet calculated CVE-2021-4046
CONFIRM
tcpreplay — tcpreplay  tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. 2022-02-11 not yet calculated CVE-2021-45387
MISC
tcpreplay — tcpreplay  tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c 2022-02-11 not yet calculated CVE-2021-45386
MISC
tenda — routers  A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. 2022-02-11 not yet calculated CVE-2020-26728
MISC
MISC
thinfinity — virtualui  Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter “Addr” in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. 2022-02-09 not yet calculated CVE-2021-46354
MISC
MISC
thinkphp — thinkphp  A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. 2022-02-10 not yet calculated CVE-2021-44892
MISC
tokheim_profleet_dialog — tokheim_profleet_dialog Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. 2022-02-11 not yet calculated CVE-2021-34235
MISC
tp-link — routers  The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. 2022-02-09 not yet calculated CVE-2022-0162
MISC
unzip — unzip  A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 2022-02-09 not yet calculated CVE-2022-0530
MISC
unzip — unzip  A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 2022-02-09 not yet calculated CVE-2022-0529
MISC
vim — vim  Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. 2022-02-10 not yet calculated CVE-2022-0554
MISC
CONFIRM
vm2 — vm2  The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. 2022-02-11 not yet calculated CVE-2021-23555
CONFIRM
CONFIRM
wocu_monitoring — wocu_monitoring  A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. 2022-02-11 not yet calculated CVE-2021-4035
CONFIRM
xe-core — xe-core XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. 2022-02-09 not yet calculated CVE-2021-44911
MISC
xe-core — xe-core  In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL. 2022-02-09 not yet calculated CVE-2021-44912
MISC
xilinx — zynq7000_soc_devices  On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000’s boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card’s transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM. 2022-02-10 not yet calculated CVE-2021-44850
CONFIRM
CONFIRM
xmpie — ustore  XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. 2022-02-07 not yet calculated CVE-2022-23320
MISC
MISC
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23617
MISC
MISC
MISC
CONFIRM
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password. 2022-02-09 not yet calculated CVE-2022-23616
MISC
CONFIRM
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to guess if a user has an account on the wiki by using the “Forgot your password” form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23619
CONFIRM
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. 2022-02-09 not yet calculated CVE-2022-23618
CONFIRM
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like “../”, “./”. or “/” in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export. 2022-02-09 not yet calculated CVE-2022-23620
CONFIRM
MISC
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString(“/WEB-INF/xwiki.cfg”)`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right. 2022-02-09 not yet calculated CVE-2022-23621
MISC
CONFIRM
MISC
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the “Prevent unregistered users from viewing pages, regardless of the page rights” box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=”hidden” name=”xredirect” value=”$escapetool.xml($!request.xredirect)” />`. If for some reason it’s not possible to patch this file, another workaround is to ensure “Prevent unregistered users from viewing pages, regardless of the page rights” is not checked in the rights and apply a better right scheme using groups and rights on spaces. 2022-02-09 not yet calculated CVE-2022-23622
MISC
MISC
CONFIRM
xwiki — xwiki_platform  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access. 2022-02-09 not yet calculated CVE-2022-23615
CONFIRM
MISC
MISC
xylem — aquaview  A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. 2022-02-07 not yet calculated CVE-2021-42833
CERT
CONFIRM
zoom — chat  The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. 2022-02-09 not yet calculated CVE-2022-22780
MISC
zoom — keybase_client_for_macos_and_windows  The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. 2022-02-09 not yet calculated CVE-2022-22779
MISC
zzcms_2021 — zzcms_2021  Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. 2022-02-09 not yet calculated CVE-2021-45286
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of November 15, 2021

11/22/2021 07:03 AM EST

Original release date: November 22, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40759
MISC
adobe — after_effects Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40752
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40760
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40758
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40757
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40755
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40753
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40754
MISC
adobe — after_effects Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40751
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40733
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. 2021-11-18 9.3 CVE-2021-42271
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. 2021-11-18 9.3 CVE-2021-42524
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. 2021-11-18 9.3 CVE-2021-42272
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-42266
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-42267
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 9.3 CVE-2021-42269
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. 2021-11-18 9.3 CVE-2021-42270
MISC
adobe — indesign Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-16 9.3 CVE-2021-42731
MISC
adobe — media_encoder Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-42721
MISC
adobe — media_encoder Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-42726
MISC
adobe — media_encoder Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-16 9.3 CVE-2021-43013
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-43011
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-43012
MISC
adobe — premiere_pro Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-42723
MISC
amd — epyc_7003_firmware Improper input and range checking in the Platform Security Processor (PSP) boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code execution. 2021-11-16 7.2 CVE-2021-26335
MISC
amd — epyc_7003_firmware AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. 2021-11-16 7.2 CVE-2021-26331
MISC
amd — epyc_7232p_firmware Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. 2021-11-16 7.2 CVE-2021-26326
MISC
amd — epyc_7f72_firmware Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. 2021-11-16 7.8 CVE-2021-26338
MISC
amd — radeon_software An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. 2021-11-15 7.2 CVE-2020-12963
MISC
apache — ozone In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked. 2021-11-19 7.5 CVE-2021-36372
MISC
MLIST
apache — shenyu A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 2021-11-16 7.5 CVE-2021-37580
MISC
MLIST
broadcom — emulex_hba_manager Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated. 2021-11-12 7.5 CVE-2021-42774
MISC
CONFIRM
canonical — accountsservice Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1. 2021-11-17 7.2 CVE-2021-3939
MISC
MISC
darwin — factor In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover. 2021-11-16 7.5 CVE-2021-25985
MISC
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2021-11-12 7.2 CVE-2021-36325
MISC
dell — emc_powerscale_nodes_a100_firmware Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. 2021-11-12 7.2 CVE-2021-36315
MISC
extremenetworks — aerohive_netconfig The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. 2021-11-14 10 CVE-2020-16152
MISC
MISC
facade — ignition The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a “fix variable names” feature that can lead to incorrect access control. 2021-11-17 7.5 CVE-2021-43996
MISC
MISC
MISC
fluxcd — kustomize-controller kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run `kubectl` commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges. In affected versions multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue. This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the `kubectl` binary has been removed from the container image. To prevent the creation of Kubernetes Service Accounts with `secrets` in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used. 2021-11-12 9 CVE-2021-41254
CONFIRM
google — android In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273. 2021-11-18 7.2 CVE-2021-0671
MISC
google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663. 2021-11-18 7.2 CVE-2021-0670
MISC
google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550. 2021-11-18 7.2 CVE-2021-0669
MISC
google — android In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521. 2021-11-18 7.2 CVE-2021-0668
MISC
google — android In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625. 2021-11-18 7.2 CVE-2021-0629
MISC
ibm — system_x3550_m3_firmware A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session. 2021-11-12 9 CVE-2021-3723
CONFIRM
intel — nuc_hdmi_firmware_update_tool Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33090
MISC
intel — nuc_m15_laptop_kit_audio_driver_pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33091
MISC
intel — nuc_m15_laptop_kit_hid_event_filter_driver_pack Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33092
MISC
intel — nuc_m15_laptop_kit_integrated_sensor_hub_driver_pack Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33088
MISC
intel — nuc_m15_laptop_kit_keyboard_led_service_driver_pack Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33095
MISC
intel — nuc_m15_laptop_kit_keyboard_led_service_driver_pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33094
MISC
intel — nuc_m15_laptop_kit_serial_io_driver_pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33093
MISC
ipack — scada_automation Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 2021-11-16 7.5 CVE-2021-3958
MISC
jamf — jamf The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. 2021-11-12 7.5 CVE-2021-39303
MISC
CONFIRM
json-schema_project — json-schema json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-11-13 7.5 CVE-2021-3918
MISC
CONFIRM
laravel — framework Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. 2021-11-14 7.5 CVE-2021-43617
MISC
MISC
MISC
lenovo — thinkcentre_e93_firmware A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2021-11-12 7.2 CVE-2021-3719
CONFIRM
meddata — hbys Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 2021-11-16 7.5 CVE-2021-43362
CONFIRM
meddata — hbys Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 2021-11-16 7.5 CVE-2021-43361
CONFIRM
montala — resourcespace A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server. 2021-11-15 7.5 CVE-2021-41765
MISC
MISC
netgear — ex3700_firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110. 2021-11-15 8.3 CVE-2021-34991
MISC
MISC
nim-lang — nim Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(“http://localhost hello”).hostname is set to “localhost hello”. Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(“http://localhost hello”) makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack. 2021-11-12 7.5 CVE-2021-41259
CONFIRM
npmjs — npm The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. 2021-11-13 7.5 CVE-2021-43616
MISC
MISC
MISC
online_learning_system_project — online_learning_system Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution. 2021-11-15 7.5 CVE-2021-42580
MISC
MISC
opendesign — oda_viewer An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 7.5 CVE-2021-43272
MISC
openzeppelin — contracts OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). 2021-11-12 7.5 CVE-2021-41264
MISC
CONFIRM
MISC
qnap — multimedia_console A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later Multimedia Console 1.5.3 ( 2021/10/05 ) and later 2021-11-13 7.5 CVE-2021-38684
MISC
qualcomm — apq8009_firmware Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 7.2 CVE-2021-30255
CONFIRM
qualcomm — apq8009_firmware Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 7.2 CVE-2021-30254
CONFIRM
qualcomm — apq8009_firmware Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 10 CVE-2021-1975
CONFIRM
qualcomm — apq8009_firmware A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 7.2 CVE-2021-1973
CONFIRM
qualcomm — aqt1000_firmware Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 7.2 CVE-2021-1979
CONFIRM
qualcomm — aqt1000_firmware Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-11-12 7.2 CVE-2021-30259
CONFIRM
qualcomm — aqt1000_firmware Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 7.2 CVE-2021-1912
CONFIRM
qualcomm — aqt1000_firmware Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity 2021-11-12 10 CVE-2021-30321
CONFIRM
recruitment_management_system_project — recruitment_management_system The Company’s Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269′ or ‘1309’=’1309 and 39476597′ or ‘2917’=’2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. 2021-11-17 7.5 CVE-2021-41931
MISC
samsung — ddr4_sdram_firmware Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication. 2021-11-16 10 CVE-2021-42114
MISC
MISC
CONFIRM
smartertools — smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. 2021-11-17 7.5 CVE-2021-32234
MISC
MISC
tibco — partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.’s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: versions 6.2.1 and below. 2021-11-16 8.5 CVE-2021-43047
CONFIRM
CONFIRM
tibco — partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.’s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: versions 6.2.1 and below. 2021-11-16 9.3 CVE-2021-43046
CONFIRM
CONFIRM
tibco — partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.’s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: versions 6.2.1 and below. 2021-11-16 10 CVE-2021-43048
CONFIRM
CONFIRM
tp-link — tl-wr840n_firmware The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. 2021-11-13 10 CVE-2021-41653
MISC
MISC
MISC
vice — webopac Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services. 2021-11-15 9 CVE-2021-42839
MISC
zohocorp — manageengine_remote_access_plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. 2021-11-17 7.2 CVE-2021-42955
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-40761
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-40756
MISC
adobe — animate Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-42525
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-42268
MISC
adobe — campaign Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server. 2021-11-17 5 CVE-2021-40745
MISC
adobe — experience_manager Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access. 2021-11-16 5 CVE-2021-42725
MISC
advantech — webaccess_hmi_designer This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer 2021-11-15 4.6 CVE-2021-42706
MISC
advantech — webaccess_hmi_designer This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. 2021-11-15 4.3 CVE-2021-42703
MISC
aifu — cashier_accounting_management_system The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters. 2021-11-16 4 CVE-2021-42337
MISC
alquistai — alquist AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. 2021-11-15 5 CVE-2021-43495
MISC
alquistai — alquist AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. 2021-11-12 5 CVE-2021-43492
MISC
amd — epyc_7003_firmware When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used. 2021-11-16 4.6 CVE-2021-26315
MISC
amd — epyc_7003_firmware Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations. 2021-11-16 4.4 CVE-2020-12951
MISC
amd — epyc_7003_firmware Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. 2021-11-16 4.9 CVE-2021-26336
MISC
amd — epyc_7003_firmware A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections. 2021-11-16 4.6 CVE-2020-12961
MISC
amd — epyc_7232p_firmware Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. 2021-11-16 4.6 CVE-2021-26323
MISC
amd — epyc_7601_firmware Insufficient validation of BIOS image length by PSP Firmware could lead to arbitrary code execution. 2021-11-16 4.6 CVE-2020-12944
MISC
amd — epyc_7601_firmware Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. 2021-11-16 4.9 CVE-2021-26321
MISC
amd — epyc_7601_firmware Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. 2021-11-16 5 CVE-2021-26322
MISC
amd — epyc_7f72_firmware Insufficient input validation in PSP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. 2021-11-16 6.6 CVE-2020-12946
MISC
amd — radeon_software Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . 2021-11-15 4.6 CVE-2020-12929
MISC
amd — radeon_software Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12903
MISC
amd — radeon_software A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. 2021-11-15 4.6 CVE-2020-12964
MISC
amd — radeon_software Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. 2021-11-15 4.6 CVE-2020-12962
MISC
amd — radeon_software An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. 2021-11-15 4.6 CVE-2020-12900
MISC
amd — radeon_software Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12898
MISC
amd — radeon_software Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12902
MISC
amd — radeon_software Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. 2021-11-15 4.6 CVE-2020-12895
MISC
amd — radeon_software An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. 2021-11-15 4.4 CVE-2020-12892
MISC
amd — radeon_software Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12893
MISC
apache — ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. 2021-11-19 6.5 CVE-2021-39236
MISC
MLIST
apache — ozone In Apache Ozone before 1.2.0, Ozone Datanode doesn’t check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. 2021-11-19 4 CVE-2021-39235
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. 2021-11-19 4.9 CVE-2021-39234
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. 2021-11-19 6.4 CVE-2021-39233
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. 2021-11-19 6.5 CVE-2021-39232
MISC
MLIST
apache — ozone In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. 2021-11-19 5 CVE-2021-41532
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. 2021-11-19 6.4 CVE-2021-39231
MISC
MLIST
apache — superset Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. 2021-11-12 4 CVE-2021-41972
CONFIRM
CONFIRM
apache — superset Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. 2021-11-17 4 CVE-2021-42250
CONFIRM
MLIST
arangodb — arangodb In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system. 2021-11-16 6 CVE-2021-25940
MISC
MISC
area17 — twill twill is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CVE-2021-3932
CONFIRM
MISC
asus — gt-axe11000_firmware ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users’ connections by sending specially crafted SAE authentication frames. 2021-11-12 5 CVE-2021-37910
MISC
atmail — atmail ** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-11-15 4.3 CVE-2021-43574
MISC
MISC
binatoneglobal — halo_camera_firmware Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. 2021-11-12 5 CVE-2021-3792
CONFIRM
binatoneglobal — halo_camera_firmware An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. 2021-11-12 5.8 CVE-2021-3577
CONFIRM
binatoneglobal — halo_camera_firmware An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. 2021-11-12 5 CVE-2021-3793
CONFIRM
binatoneglobal — halo_camera_firmware A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. 2021-11-12 4.6 CVE-2021-3787
CONFIRM
binatoneglobal — halo_camera_firmware An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. 2021-11-12 4.6 CVE-2021-3788
CONFIRM
broadcom — emulex_hba_manager Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. 2021-11-12 6.4 CVE-2021-42775
MISC
CONFIRM
broadcom — emulex_hba_manager Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. 2021-11-12 5 CVE-2021-42773
MISC
CONFIRM
busybox — busybox An attacker-controlled pointer free in Busybox’s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. 2021-11-15 6.8 CVE-2021-42377
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function 2021-11-15 6.5 CVE-2021-42378
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function 2021-11-15 6.5 CVE-2021-42379
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function 2021-11-15 6.5 CVE-2021-42380
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function 2021-11-15 6.5 CVE-2021-42381
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function 2021-11-15 6.5 CVE-2021-42382
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function 2021-11-15 6.5 CVE-2021-42384
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function 2021-11-15 6.5 CVE-2021-42383
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function 2021-11-15 6.5 CVE-2021-42385
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function 2021-11-15 6.5 CVE-2021-42386
N/A
cacti — cacti Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. 2021-11-14 4.3 CVE-2020-14424
CONFIRM
CONFIRM
calibre-web_project — calibre-web In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. 2021-11-16 6.8 CVE-2021-25965
MISC
MISC
clustering_project — clustering Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. 2021-11-12 5 CVE-2021-43496
MISC
codingforentrepreneurs — opencv_rest_api OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. 2021-11-12 5 CVE-2021-43494
MISC
cron-utils_project — cron-utils cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known. 2021-11-15 6.8 CVE-2021-41269
MISC
MISC
CONFIRM
MISC
darwin — factor In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. 2021-11-16 4.3 CVE-2021-25982
MISC
MISC
darwin — factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. 2021-11-16 4.3 CVE-2021-25983
MISC
MISC
darwin — factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. 2021-11-16 4.3 CVE-2021-25984
MISC
MISC
dell — emc_powerscale_onefs Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. 2021-11-12 5 CVE-2021-21528
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. 2021-11-12 4 CVE-2021-36305
MISC
discourse — discourse Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. 2021-11-15 5 CVE-2021-41271
CONFIRM
MISC
discourse — rails_multisite rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails’ signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different ‘sites’ within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture. 2021-11-15 6 CVE-2021-41263
MISC
CONFIRM
django-helpdesk_project — django-helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-13 4.3 CVE-2021-3945
MISC
CONFIRM
dotnetfoundation — piranha_cms In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. 2021-11-16 4 CVE-2021-25976
CONFIRM
MISC
email_log_project — email_log The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the “orderby” and “order” GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections 2021-11-17 6.5 CVE-2021-24758
MISC
firefly-iii — firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CVE-2021-3921
CONFIRM
MISC
fruity_project — fruity An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first ‘ ‘ byte, which might not be the end of the string. 2021-11-15 5 CVE-2021-43620
MISC
MISC
MISC
gesundheit-bewegt — colorful_categories The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack 2021-11-17 4.3 CVE-2021-24802
MISC
gmplib — gmp GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. 2021-11-15 5 CVE-2021-43618
MISC
MISC
MISC
gnu — mailman In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. 2021-11-12 4.3 CVE-2021-43331
MISC
CONFIRM
gnu — mailman In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. 2021-11-12 4 CVE-2021-43332
MISC
CONFIRM
google — android In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424. 2021-11-18 4.6 CVE-2021-0655
MISC
google — android In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376. 2021-11-18 4.6 CVE-2021-0656
MISC
google — android In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103. 2021-11-18 4.6 CVE-2021-0657
MISC
google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107. 2021-11-18 4.6 CVE-2021-0658
MISC
google — android In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158. 2021-11-18 4.6 CVE-2021-0664
MISC
google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581. 2021-11-18 4.6 CVE-2021-0667
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users’ roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. 2021-11-15 6.5 CVE-2021-41244
MISC
CONFIRM
MLIST
ibm — iris_xe_max_dedicated_graphics Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0121
MISC
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782. 2021-11-15 4.3 CVE-2021-38977
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792. 2021-11-15 5 CVE-2021-38983
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783. 2021-11-15 4.3 CVE-2021-38978
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785. 2021-11-15 5 CVE-2021-38979
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. 2021-11-12 4 CVE-2021-38985
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. 2021-11-12 4 CVE-2021-38973
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. 2021-11-15 4 CVE-2021-38974
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. 2021-11-12 4 CVE-2021-38972
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. 2021-11-15 5 CVE-2021-38981
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. 2021-11-15 5 CVE-2021-38984
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780. 2021-11-15 4 CVE-2021-38975
XF
CONFIRM
ibm — security_siteprotector_system IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing ‘HttpOnly’ flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129. 2021-11-12 5 CVE-2020-4146
CONFIRM
XF
idreamsoft — icms iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. 2021-11-12 6.8 CVE-2020-21141
MISC
insert_pages_project — insert_pages The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue. 2021-11-17 4 CVE-2021-24851
CONFIRM
MISC
intel — ax210_firmware Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. 2021-11-17 6.8 CVE-2021-0078
MISC
intel — ax210_firmware Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2021-11-17 5.8 CVE-2021-0071
MISC
intel — ax210_firmware Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2021-11-17 6.1 CVE-2021-0063
MISC
intel — ax210_firmware Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0064
MISC
intel — ax210_firmware Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0065
MISC
intel — ax210_firmware Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2021-11-17 6.1 CVE-2021-0079
MISC
intel — endpoint_management_assistant Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. 2021-11-17 5 CVE-2021-0013
MISC
intel — nuc7i3dn_firmware Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0096
MISC
intel — nuc_hdmi_firmware_update_tool Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-33089
MISC
intel — nuc_m15_laptop_kit_lapbc510_firmware Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 4.9 CVE-2021-33086
MISC
intel — nuc_m15_laptop_kit_management_engine_driver_pack Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 4.9 CVE-2021-33087
MISC
intel — safestring_library Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-33106
MISC
intel — thunderbolt_non-dch_driver Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2020-8741
MISC
jenkins — owasp_dependency-check Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-11-12 5.5 CVE-2021-43577
CONFIRM
MLIST
jenkins — performance Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-11-12 4 CVE-2021-21701
CONFIRM
MLIST
MISC
jenkins — pom2config Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. 2021-11-12 4.3 CVE-2021-43576
CONFIRM
MLIST
MISC
jenkins — squash_tm_publisher Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. 2021-11-12 5.5 CVE-2021-43578
CONFIRM
MLIST
lenovo — antilles A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. 2021-11-12 6.8 CVE-2021-3840
CONFIRM
lenovo — ideacentre_c5-14mb05_firmware A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the “BIOS Password At Boot Device List” BIOS setting is Yes. 2021-11-12 6.9 CVE-2021-3519
CONFIRM
linphone — belle-sip Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via ” ” in the display name of a From header. 2021-11-12 5 CVE-2021-43611
MISC
MISC
linphone — belle-sip Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. 2021-11-12