Vulnerability Summary for the Week of August 1, 2022

08/08/2022 08:33 AM EDT

Original release date: August 8, 2022 | Last revised: August 9, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
@acrontum — filesystem-template
 
The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. 2022-08-05 not yet calculated CVE-2022-21186
CONFIRM
CONFIRM
Ittiam — libmpeg2
 
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. 2022-08-05 not yet calculated CVE-2022-37416
MISC
MISC
accusoft — imagegear
 
An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-29465
MISC
aes_crypt — aes_crypt
 
AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key. 2022-08-03 not yet calculated CVE-2022-35928
MISC
CONFIRM
alphaware_simple_e-commerce_system — alphaware_simple_e-commerce_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input ‘”><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2682
MISC
MISC
apache — hadoop
 
Apache Hadoop’s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring/zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). 2022-08-04 not yet calculated CVE-2022-25168
MISC
apache — jspwiki
 
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. 2022-08-04 not yet calculated CVE-2022-28730
MISC
apache — jspwiki
 
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2022-08-04 not yet calculated CVE-2022-27166
MISC
apache — jspwiki
 
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. 2022-08-04 not yet calculated CVE-2022-28732
MISC
apache — jspwiki
 
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. 2022-08-04 not yet calculated CVE-2022-34158
MISC
apache — jspwiki
 
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. 2022-08-04 not yet calculated CVE-2022-28731
MISC
apartment_visitor_management_system — apartment_visitor_management_system
 
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ‘ AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND ‘htiy’=’htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2677
MISC
MISC
apartment_visitor_management_system — apartment_visitor_management_system
 
A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672. 2022-08-05 not yet calculated CVE-2022-2684
MISC
MISC
aplhaware_simple_e-commerce_system — aplhaware_simple_e-commerce_system
 
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2678
MISC
MISC
arista — cloudvision_portal
 
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. 2022-08-05 not yet calculated CVE-2022-29071
MISC
arista_networks — eos
 
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. 2022-08-05 not yet calculated CVE-2021-28511
MISC
arm — mali_gpu_kernel_driver
 
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. 2022-08-02 not yet calculated CVE-2022-33917
MISC
arris — multiple_products
 
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. 2022-08-04 not yet calculated CVE-2022-31793
MISC
MISC
MISC
MISC
artica — pandora_fms Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role. 2022-08-01 not yet calculated CVE-2022-26308
CONFIRM
CONFIRM
artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. 2022-08-05 not yet calculated CVE-2021-46678
CONFIRM
CONFIRM
artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. 2022-08-05 not yet calculated CVE-2021-46679
CONFIRM
CONFIRM
artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. 2022-08-05 not yet calculated CVE-2021-46680
CONFIRM
artica — pandora_fms Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user. 2022-08-01 not yet calculated CVE-2022-26310
CONFIRM
CONFIRM
artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. 2022-08-05 not yet calculated CVE-2021-46677
CONFIRM
CONFIRM
artica — pandora_fms
 
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. 2022-08-05 not yet calculated CVE-2021-46681
CONFIRM
CONFIRM
artica– pandora_fms Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. 2022-08-01 not yet calculated CVE-2022-26309
CONFIRM
CONFIRM
artica — pandora_fms A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. 2022-08-05 not yet calculated CVE-2021-46676
CONFIRM
CONFIRM
asustor — adm
 
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. 2022-08-05 not yet calculated CVE-2022-37398
MISC
asuswrt-merlin — asuswrt
 
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-26376
MISC
atlassian — jira_data_center This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. 2022-08-01 not yet calculated CVE-2022-36799
MISC
atlassian — jira_service_management_server_and_data_center
 
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the “Browse Users” permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. 2022-08-03 not yet calculated CVE-2022-36800
MISC
autodesk — autocad Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-07-29 not yet calculated CVE-2022-33881
MISC
autodesk — autodesk_design_review
 
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-07-29 not yet calculated CVE-2022-27866
MISC
autodesk — autodesk_design_review
 
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code. 2022-07-29 not yet calculated CVE-2022-27865
MISC
autodesk — autodesk_design_review
 
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2022-07-29 not yet calculated CVE-2022-27864
MISC
autodesk — fusion_360 An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. 2022-07-29 not yet calculated CVE-2022-27873
MISC
backdrop — backdrop
 
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. 2022-08-01 not yet calculated CVE-2022-34530
MISC
MISC
beancount — fava Cross-site Scripting (XSS) – Reflected in GitHub repository beancount/fava prior to 1.22.3. 2022-08-01 not yet calculated CVE-2022-2589
CONFIRM
MISC
best_fee_management_system — best_fee_management_system
 
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2674
MISC
bigtree_cms — bigtree_cms
 
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. 2022-08-03 not yet calculated CVE-2022-36197
MISC
bmc — track-it
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. 2022-08-03 not yet calculated CVE-2022-35864
MISC
MISC
bmc — track-it
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709. 2022-08-03 not yet calculated CVE-2022-35865
MISC
MISC
boltcms — boltcms
 
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. 2022-08-01 not yet calculated CVE-2022-31321
MISC
MISC
bookwyrm — bookwyrm
 
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually. 2022-08-02 not yet calculated CVE-2022-35925
MISC
CONFIRM
MISC
bookwyrm — bookwyrm
 
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. 2022-08-04 not yet calculated CVE-2022-2651
CONFIRM
MISC
bosch — bf-os
 
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. 2022-08-01 not yet calculated CVE-2022-36301
CONFIRM
bosch — bf-os
 
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. 2022-08-01 not yet calculated CVE-2022-36302
CONFIRM
centreon — centreon
 
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. 2022-08-03 not yet calculated CVE-2022-34871
MISC
MISC
centreon — centreon
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. 2022-08-03 not yet calculated CVE-2022-34872
MISC
MISC
chia_network — cat1
 
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious. 2022-07-29 not yet calculated CVE-2022-36447
MISC
MISC
church_management_system — church_management_system
 
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ‘ OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668. 2022-08-05 not yet calculated CVE-2022-2680
MISC
MISC
ckeditor — ckeditor5
 
CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `<textarea>` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue. 2022-08-03 not yet calculated CVE-2022-31175
CONFIRM
MISC
MISC
MISC
company_website_cms — company_website_cms
 
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability. 2022-08-06 not yet calculated CVE-2022-2694
MISC
MISC
complete_online_job_search system — complete_online_job_search system
 
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. 2022-08-05 not yet calculated CVE-2022-35163
MISC
complete_online_job_search system — complete_online_job_search system
 
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. 2022-08-05 not yet calculated CVE-2022-35162
MISC
connman — connman
 
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. 2022-08-03 not yet calculated CVE-2022-32293
CONFIRM
MISC
CONFIRM
connman — connman
 
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. 2022-08-03 not yet calculated CVE-2022-32292
MISC
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654. 2022-08-04 not yet calculated CVE-2022-35926
CONFIRM
MISC
MISC
MISC
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615. 2022-08-04 not yet calculated CVE-2021-32771
MISC
MISC
CONFIRM
MISC
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue. 2022-08-04 not yet calculated CVE-2022-35927
MISC
CONFIRM
MISC
cpcletop — io.socket:socket.io-client
 
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. 2022-08-02 not yet calculated CVE-2022-25867
MISC
MISC
MISC
MISC
MISC
crowcpp — crowcpp
 
Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. 2022-08-04 not yet calculated CVE-2022-34970
MISC
MISC
curljs — curljs
 
This affects all versions of package curljs. 2022-08-02 not yet calculated CVE-2020-28425
MISC
cvat — cvat
 
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-31188
MISC
CONFIRM
d-link — dir-818lw a1:dir818l_fw105b01
 
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. 2022-08-03 not yet calculated CVE-2022-35620
MISC
MISC
d-link — dir820la1_fw106b02
 
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. 2022-08-03 not yet calculated CVE-2022-34974
MISC
MISC
d-link — dsl-3782 D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. 2022-07-29 not yet calculated CVE-2022-34527
MISC
MISC
d-link — dsl-3782 D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. 2022-07-29 not yet calculated CVE-2022-34528
MISC
MISC
d-link — dir-818lw a1:dir818l_fw105b01
 
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. 2022-08-03 not yet calculated CVE-2022-35619
MISC
MISC
d-link — dir820la1_fw106b02
 
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. 2022-08-03 not yet calculated CVE-2022-34973
MISC
MISC
dd-wrt — dd-wrt
 
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 – Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-27631
MISC
dedecms — dedecms DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. 2022-07-29 not yet calculated CVE-2022-34531
MISC
devexpress — devexpress
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710. 2022-08-03 not yet calculated CVE-2022-28684
MISC
discourse — discourse
 
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-08-01 not yet calculated CVE-2022-31182
MISC
CONFIRM
discourse — discourse
 
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email. 2022-08-01 not yet calculated CVE-2022-31184
CONFIRM
MISC
django — django
 
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. 2022-08-03 not yet calculated CVE-2022-36359
MISC
CONFIRM
MISC
MLIST
dogtagpki — dogtagpki Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. 2022-07-29 not yet calculated CVE-2022-2414
MISC
dotcms — dotcms
 
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. 2022-08-05 not yet calculated CVE-2022-37431
MISC
dpgaspar — flash-appbuilder
 
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-31177
CONFIRM
MISC
dspace — jspui DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability. 2022-08-01 not yet calculated CVE-2022-31194
CONFIRM
MISC
MISC
dspace — jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-31191
MISC
MISC
MISC
MISC
CONFIRM
dspace — jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path “/xmlui”, then you’d need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path “/jspui”, then you’d need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability. 2022-08-01 not yet calculated CVE-2022-31195
MISC
CONFIRM
MISC
dspace — jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker’s choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. 2022-08-01 not yet calculated CVE-2022-31193
MISC
MISC
CONFIRM
dspace — jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-08-01 not yet calculated CVE-2022-31192
MISC
CONFIRM
MISC
dspace — jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an “Internal System Error” occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file. 2022-08-01 not yet calculated CVE-2022-31189
CONFIRM
MISC
dspace — xmlui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer. 2022-08-01 not yet calculated CVE-2022-31190
CONFIRM
MISC
MISC
easyuse — mailhunter_ultimate
 
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service. 2022-08-02 not yet calculated CVE-2022-35223
MISC
eclipse — californium In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. 2022-07-29 not yet calculated CVE-2022-2576
CONFIRM
elabftw — elabftw eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-31178
CONFIRM
electronic_medical_records_system — electronic_medical_records_system
 
A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664. 2022-08-05 not yet calculated CVE-2022-2676
MISC
MISC
electronic_medical_records_system — electronic_medical_records_system
 
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816. 2022-08-06 not yet calculated CVE-2022-2693
MISC
MISC
enalean — tuleap Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-31128
CONFIRM
MISC
MISC
MISC
ercom — citadel
 
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. 2022-08-02 not yet calculated CVE-2022-1293
MISC
estsoft — alyac
 
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-29886
MISC
estsoft — alyac
 
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-32543
MISC
evmos — ethermint
 
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract’s code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state. 2022-08-05 not yet calculated CVE-2022-35936
MISC
MISC
CONFIRM
exim — exim
 
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. 2022-08-06 not yet calculated CVE-2022-37451
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
expense_management_system — expense_management_system
 
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811. 2022-08-06 not yet calculated CVE-2022-2688
MISC
f-secure — atlant_and_withsecure
 
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-08-05 not yet calculated CVE-2022-28880
MISC
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-34651
MISC
f5 — big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-34851
MISC
f5 — big-ip
 
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-34655
MISC
f5 — big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35272
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35245
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35240
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35243
MISC
f5 — big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35728
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35735
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker’s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-34844
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-34862
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35236
MISC
f5 — big-ip
 
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-34865
MISC
f5 — big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-33962
MISC
f5 — big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-33968
MISC
f5 — big_ip
 
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-32455
MISC
f5 — big_ip
 
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-33203
MISC
f5 — big_ip
 
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-33947
MISC
f5 — nginx_ingress_controller
 
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-30535
MISC
f5 — nginx_instance_manager
 
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-35241
MISC
f5 — big-ip
 
In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-08-04 not yet calculated CVE-2022-31473
MISC
flask_security — flask_security
 
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore. 2022-08-02 not yet calculated CVE-2021-23385
MISC
MISC
MISC
fortinet — fortiadc
 
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. 2022-08-03 not yet calculated CVE-2022-27484
CONFIRM
fortinet — fortios
 
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. 2022-08-03 not yet calculated CVE-2022-23442
CONFIRM
fortinet — multiple_products
 
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. 2022-08-05 not yet calculated CVE-2022-22299
CONFIRM
foxit — pdf_reader_and_pdf_editor
 
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. 2022-08-06 not yet calculated CVE-2022-27944
MISC
MISC
foxit — pdf_reader_and_pdf_editor
 
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. 2022-08-06 not yet calculated CVE-2022-26979
MISC
MISC
freshtomato — freshtomato
 
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption. 2022-08-05 not yet calculated CVE-2022-28665
MISC
freshtomato — freshtomato
 
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption. 2022-08-05 not yet calculated CVE-2022-28664
MISC
friendsofflarum — byobu
 
fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum’s users and choose to disable the extension if needed. There are no workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-35921
CONFIRM
MISC
frrouting — frrouting
 
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. 2022-08-02 not yet calculated CVE-2022-37035
MISC
MISC
garage_management_system — garage_management_system A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2’%20UNION%20select%2011,user(),333,444–+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-07-29 not yet calculated CVE-2022-2577
MISC
MISC
garage_management_system — garage_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-07-29 not yet calculated CVE-2022-2578
MISC
MISC
garage_management_system — garage_management_system
 
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655. 2022-08-05 not yet calculated CVE-2022-2671
MISC
garage_management_system — garage_management_system
 
A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1″><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability. 2022-08-04 not yet calculated CVE-2022-2645
MISC
garage_management_system — garage_management_system
 
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656. 2022-08-05 not yet calculated CVE-2022-2672
MISC
garage_management_system — garage_management_system A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src=”https://us-cert.cisa.gov” onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-07-29 not yet calculated CVE-2022-2579
MISC
MISC
get-npm-package-version — get-npm-package-version The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. 2022-08-02 not yet calculated CVE-2020-7795
MISC
MISC
MISC
MISC
getlaminas — laminas-diactoros laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a `LaminasDiactorosUri` instance associated with the incoming server request modified to reflect values from `X-Forwarded-*` headers. Such changes can potentially lead to XSS attacks (if a fully-qualified URL is used in links) and/or URL poisoning. Since the `X-Forwarded-*` headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users of v2 releases from 2.11.1 can provide an additional argument to `LaminasDiactorosServerRequestFactory::fromGlobals()` in the form of a `LaminasDiactorosRequestFilterRequestFilterInterface` instance, including the shipped `LaminasDiactorosRequestFilterNoOpRequestFilter` implementation which ignores the `X-Forwarded-*` headers. Starting in version 3.0, the library will reverse behavior to use the `NoOpRequestFilter` by default, and require users to opt-in to `X-Forwarded-*` header usage via a configured `LaminasDiactorosRequestFilterLegacyXForwardedHeaderFilter` instance. Users are advised to upgrade to version 2.11.1 or later to resolve this issue. Users unable to upgrade may configure web servers to reject `X-Forwarded-*` headers at the web server level. 2022-08-01 not yet calculated CVE-2022-31109
MISC
CONFIRM
MISC
gitblame — gitblame
 
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. 2022-08-02 not yet calculated CVE-2020-28434
MISC
github — enterprise_server A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github’s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. 2022-08-02 not yet calculated CVE-2022-23733
CONFIRM
CONFIRM
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. 2022-08-05 not yet calculated CVE-2022-2539
MISC
CONFIRM
gitlab — ce/ee
 
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project’s Deploy Key’s public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key. 2022-08-05 not yet calculated CVE-2022-2095
CONFIRM
MISC
MISC
gitlab — ce/ee
 
A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. 2022-08-05 not yet calculated CVE-2022-2307
CONFIRM
MISC
gitlab — ce/ee
 
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. 2022-08-05 not yet calculated CVE-2022-2500
CONFIRM
MISC
MISC
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. 2022-08-05 not yet calculated CVE-2022-2534
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. 2022-08-05 not yet calculated CVE-2022-2459
MISC
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user’s email address as an unverified secondary email. 2022-08-05 not yet calculated CVE-2022-2326
MISC
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. 2022-08-05 not yet calculated CVE-2022-2497
MISC
CONFIRM
MISC
gitlab — ce/ee
 
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. 2022-08-05 not yet calculated CVE-2022-2417
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. 2022-08-05 not yet calculated CVE-2022-2512
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. 2022-08-05 not yet calculated CVE-2022-2303
MISC
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. 2022-08-05 not yet calculated CVE-2022-2456
MISC
MISC
CONFIRM
gitlab — ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. 2022-08-05 not yet calculated CVE-2022-2531
MISC
CONFIRM
MISC
gitlab — ee
 
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required. 2022-08-05 not yet calculated CVE-2022-2501
CONFIRM
MISC
MISC
gitlab — ee
 
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription’s author. 2022-08-05 not yet calculated CVE-2022-2498
MISC
CONFIRM
MISC
gitlab — ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab’s Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. 2022-08-05 not yet calculated CVE-2022-2499
CONFIRM
MISC
MISC
gnu_affero — minio
 
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all ‘admin’ users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. 2022-08-01 not yet calculated CVE-2022-35919
MISC
MISC
CONFIRM
gnutls — gnutls A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. 2022-08-01 not yet calculated CVE-2022-2509
MISC
MISC
go_ethereum — go_ethereum
 
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022. 2022-08-05 not yet calculated CVE-2022-37450
MISC
MISC
MISC
MISC
google — android In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553. 2022-08-01 not yet calculated CVE-2022-26431
MISC
google — android In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486. 2022-08-01 not yet calculated CVE-2022-26426
MISC
google — android In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059. 2022-08-01 not yet calculated CVE-2022-21791
MISC
google — android In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450. 2022-08-01 not yet calculated CVE-2022-26434
MISC
google — android In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400. 2022-08-01 not yet calculated CVE-2022-26433
MISC
google — android In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542. 2022-08-01 not yet calculated CVE-2022-26432
MISC
google — android In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260. 2022-08-01 not yet calculated CVE-2022-26428
MISC
google — android In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410. 2022-08-01 not yet calculated CVE-2022-21792
MISC
google — android In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521. 2022-08-01 not yet calculated CVE-2022-26430
MISC
google — android In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728. 2022-08-01 not yet calculated CVE-2022-21788
MISC
google — android In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415. 2022-08-01 not yet calculated CVE-2022-26429
MISC
google — android In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101. 2022-08-01 not yet calculated CVE-2022-21789
MISC
google — android In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435. 2022-08-01 not yet calculated CVE-2022-26435
MISC
google — android In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306. 2022-08-01 not yet calculated CVE-2022-21790
MISC
google — android In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540. 2022-08-01 not yet calculated CVE-2022-26427
MISC
google — android In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666. 2022-08-01 not yet calculated CVE-2022-26436
MISC
google — android
 
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). 2022-07-30 not yet calculated CVE-2022-30083
MISC
google — google_play_services_software_development_kit Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release. 2022-07-29 not yet calculated CVE-2022-1799
MISC
graphql-go — graphql-go graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. 2022-08-01 not yet calculated CVE-2022-37315
MISC
graphql-rust — juniper
 
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually. 2022-08-01 not yet calculated CVE-2022-31173
MISC
MISC
MISC
CONFIRM
grummunio — gromox
 
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. 2022-08-04 not yet calculated CVE-2022-37030
MISC
MISC
gvret — gvret
 
GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. 2022-08-03 not yet calculated CVE-2022-35161
MISC
gym_management_system — gym_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability. 2022-08-06 not yet calculated CVE-2022-2687
MISC
MISC
hcl_commerce — remote_store_server
 
HCL Commerce’s Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. 2022-07-30 not yet calculated CVE-2021-27785
MISC
hcl_software — launch
 
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. 2022-08-03 not yet calculated CVE-2022-27551
CONFIRM
heroku-env — heroku-env
 
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. 2022-08-02 not yet calculated CVE-2020-28437
MISC
hestiacp — hestiacp Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6. 2022-08-05 not yet calculated CVE-2022-2636
CONFIRM
MISC
hestiacp — hestiacp
 
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. 2022-08-05 not yet calculated CVE-2022-2626
MISC
CONFIRM
hiby — r3_pro_firmware Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. 2022-07-29 not yet calculated CVE-2022-34496
MISC
MISC
hinet — hicos_citizen_verification
 
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. 2022-08-02 not yet calculated CVE-2022-35222
MISC
ibm — cics_tx IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. 2022-08-01 not yet calculated CVE-2022-34163
CONFIRM
CONFIRM
XF
ibm — cics_tx IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. 2022-08-01 not yet calculated CVE-2022-34161
CONFIRM
XF
CONFIRM
ibm — cics_tx IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. 2022-08-01 not yet calculated CVE-2022-34307
XF
CONFIRM
CONFIRM
ibm — cics_tx IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. 2022-08-01 not yet calculated CVE-2022-34164
CONFIRM
CONFIRM
XF
ibm — cics_tx IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. 2022-08-01 not yet calculated CVE-2022-34162
CONFIRM
CONFIRM
XF
ibm — cics_tx IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. 2022-08-01 not yet calculated CVE-2022-33955
CONFIRM
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359. 2022-08-01 not yet calculated CVE-2022-31775
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435. 2022-08-01 not yet calculated CVE-2022-32750
CONFIRM
XF
ibm — datapower_gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. 2022-08-01 not yet calculated CVE-2022-31776
XF
CONFIRM
ibm — datapower_gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358. 2022-08-01 not yet calculated CVE-2022-31774
CONFIRM
XF
ibm — datapower_gateway IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. 2022-08-01 not yet calculated CVE-2022-22326
CONFIRM
CONFIRM
XF
ibm — powervm_vios IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. 2022-07-29 not yet calculated CVE-2022-35643
CONFIRM
XF
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. 2022-08-01 not yet calculated CVE-2022-34338
XF
CONFIRM
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. 2022-08-01 not yet calculated CVE-2022-22505
CONFIRM
XF
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. 2022-08-01 not yet calculated CVE-2022-30616
XF
CONFIRM
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. 2022-08-01 not yet calculated CVE-2022-22334
CONFIRM
XF
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. 2022-08-01 not yet calculated CVE-2022-33169
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360. 2022-08-01 not yet calculated CVE-2022-35716
XF
CONFIRM
image-tiler — image-tiler This affects the package image-tiler before 2.0.2. 2022-08-02 not yet calculated CVE-2020-28451
MISC
MISC
imbrn — v8n
 
NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `attacker@attacker.com,victim@victim.com`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim’s e-mail addresses. The attacker could then login as a newly created user with the email being `attacker@attacker.com,victim@victim.com`. This means that basic authorization like `email.endsWith(“@victim.com”)` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. (E.g.: strict RFC2821 compliance). Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization. 2022-08-02 not yet calculated CVE-2022-35924
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
imbrn — v8n
 
v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of ‘a’ + ‘a’.repeat(i) + ‘A’ with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-02 not yet calculated CVE-2022-35923
CONFIRM
MISC
MISC
inavitas — solar_log Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. 2022-07-29 not yet calculated CVE-2022-1277
CONFIRM
inductive_automation — ignition
 
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup. 2022-08-05 not yet calculated CVE-2022-1704
MISC
interview_management_system — interview_management_system
 
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2685
MISC
MISC
MISC
interview_management_system — interview_management_system
 
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. 2022-08-05 not yet calculated CVE-2022-2679
MISC
MISC
itpison — omicard_edm
 
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 2022-08-04 not yet calculated CVE-2022-35216
MISC
itpison — omnicard_edm
 
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. 2022-08-04 not yet calculated CVE-2022-32965
MISC
itpison — omnicard_edm
 
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 2022-08-04 not yet calculated CVE-2022-32963
MISC
itpison — omnicard_edm
 
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. 2022-08-04 not yet calculated CVE-2022-32964
MISC
jeecg-boot — jeecg-boot
 
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. 2022-08-04 not yet calculated CVE-2022-2647
MISC
MISC
jetbrains — rider
 
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution 2022-08-03 not yet calculated CVE-2022-37396
MISC
jflyfox — jfinal_cms JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. 2022-08-03 not yet calculated CVE-2022-34928
MISC
kaspersky — vpn_secure_connection
 
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its ‘Delete All Service Data And Reports’ feature by the local authenticated attacker. 2022-08-05 not yet calculated CVE-2022-27535
MISC
keycloak — keycloak
 
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled 2022-08-05 not yet calculated CVE-2022-2668
MISC
krakend — multiple_products
 
Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable. 2022-08-01 not yet calculated CVE-2022-1561
CONFIRM
CONFIRM
kromit — titra Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. 2022-08-01 not yet calculated CVE-2022-2595
MISC
CONFIRM
kvm — kvm
 
A flaw was found in KVM. When updating a guest’s page table entry, vm_pgoff was improperly used as the offset to get the page’s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. 2022-08-05 not yet calculated CVE-2022-1158
MISC
MISC
landray — landling_oa
 
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. 2022-08-02 not yet calculated CVE-2022-34924
MISC
MISC
laravel — laravel
 
Laravel v5.1 was discovered to contain a remote code execution (RCE) vulnerability via the component ChanceGenerator in __call. 2022-08-03 not yet calculated CVE-2022-34943
MISC
libtiff — libtiff A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file. 2022-07-29 not yet calculated CVE-2022-34526
MISC
FEDORA
linux — linux_kernel
 
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. 2022-08-05 not yet calculated CVE-2022-1012
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. 2022-08-05 not yet calculated CVE-2022-1973
MISC
loan_management_system — loan_management_system
 
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619. 2022-08-05 not yet calculated CVE-2022-2667
MISC
MISC
luadec — luadec
 
Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. 2022-08-03 not yet calculated CVE-2022-34992
MISC
makedeb — mprweb
 
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed. 2022-08-01 not yet calculated CVE-2022-31185
MISC
CONFIRM
mango — mango
 
An issue in RoamingMangoPlugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins. 2022-08-01 not yet calculated CVE-2022-34567
MISC
MISC
MISC
MISC
mealie — mealie A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. 2022-08-02 not yet calculated CVE-2022-34619
MISC
MISC
MISC
MISC
MISC
mealie — mealie A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. 2022-08-02 not yet calculated CVE-2022-34618
MISC
MISC
MISC
MISC
MISC
mealie — mealie
 
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. 2022-08-02 not yet calculated CVE-2022-34613
MISC
MISC
MISC
MISC
mealie — mealie
 
Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. 2022-08-02 not yet calculated CVE-2022-34625
MISC
MISC
MISC
MISC
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088. 2022-08-01 not yet calculated CVE-2022-26445
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075. 2022-08-01 not yet calculated CVE-2022-26444
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068. 2022-08-01 not yet calculated CVE-2022-26443
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051. 2022-08-01 not yet calculated CVE-2022-26442
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044. 2022-08-01 not yet calculated CVE-2022-26441
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037. 2022-08-01 not yet calculated CVE-2022-26440
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013. 2022-08-01 not yet calculated CVE-2022-26438
MISC
mediatek — chipsets_in_multiple_products In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020. 2022-08-01 not yet calculated CVE-2022-26439
MISC
mediatek — chipsets_in_multiple_products In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831. 2022-08-01 not yet calculated CVE-2022-26437
MISC
michlol-rashim — michlol-rashim
 
Michlol – rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. 2022-08-05 not yet calculated CVE-2022-34769
MISC
milkytracker — milkytracker
 
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. 2022-08-03 not yet calculated CVE-2022-34927
MISC
MISC
monetdb — monetdb
 
The assertion `stmt->Dbc->FirstStmt’ failed in MonetDB Database Server v11.43.13. 2022-08-03 not yet calculated CVE-2022-34967
MISC
monorepo-build — monorepo-build This affects all versions of package monorepo-build. 2022-08-02 not yet calculated CVE-2020-28423
MISC
moodle — moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the ‘access all groups’ capability were not restricted to viewing grades of users within their own groups. 2022-08-05 not yet calculated CVE-2020-1754
MISC
moodle — moodle In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. 2022-08-05 not yet calculated CVE-2020-1691
MISC
multi_language_hotel_management_software — multi_language_hotel_management_software
 
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596. 2022-08-04 not yet calculated CVE-2022-2656
MISC
MISC
multi_language_hotel_management_software — multi_language_hotel_management_software
 
A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595. 2022-08-04 not yet calculated CVE-2022-2648
MISC
MISC
next.js — nextauth.js
 
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider’s secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs. 2022-08-01 not yet calculated CVE-2022-31186
MISC
MISC
CONFIRM
MISC
nextcloud — mail
 
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration. 2022-08-04 not yet calculated CVE-2022-31119
CONFIRM
MISC
MISC
nextcloud — mail
 
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php` 2022-08-04 not yet calculated CVE-2022-31132
CONFIRM
nextcloud — server
 
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`. 2022-08-04 not yet calculated CVE-2022-31118
CONFIRM
MISC
nextcloud — server
 
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available. 2022-08-04 not yet calculated CVE-2022-31120
CONFIRM
MISC
MISC
nhi_card — nhi_card
 
The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. 2022-08-02 not yet calculated CVE-2022-35218
MISC
nhi_card — nhi_card
 
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. 2022-08-02 not yet calculated CVE-2022-35219
MISC
nhi_card — nhi_card
 
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. 2022-08-02 not yet calculated CVE-2022-35217
MISC
nlnet_labs — unbound
 
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. 2022-08-01 not yet calculated CVE-2022-30699
CONFIRM
nlnet_labs — unbound
 
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound’s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. 2022-08-01 not yet calculated CVE-2022-30698
CONFIRM
node-fetch — node-fetch Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10. 2022-08-01 not yet calculated CVE-2022-2596
MISC
CONFIRM
node-latex-pdf — node-latex-pdf
 
This affects all versions of package node-latex-pdf. 2022-08-02 not yet calculated CVE-2020-28433
MISC
npos-tesseract — npos-tesseract This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. 2022-08-02 not yet calculated CVE-2020-28453
MISC
nvidia — vgpu_software
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. 2022-08-05 not yet calculated CVE-2022-31614
MISC
nvidia — vgpu_software
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. 2022-08-05 not yet calculated CVE-2022-31618
MISC
nvidia — vgpu_software
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. 2022-08-05 not yet calculated CVE-2022-31609
MISC
online_admission_system — online_admission_system
 
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability. 2022-08-04 not yet calculated CVE-2022-2644
MISC
MISC
online_admission_system — online_admission_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572. 2022-08-04 not yet calculated CVE-2022-2646
MISC
MISC
online_admission_system — online_admission_system
 
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564. 2022-08-04 not yet calculated CVE-2022-2643
MISC
MISC
online_student_admission_system — online_student_admission_system
 
A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2681
MISC
MISC
online_tours_and_travels_management_system — online_tours_and_travels_management_system Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. 2022-08-02 not yet calculated CVE-2022-35421
MISC
openstack — nova
 
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. 2022-08-03 not yet calculated CVE-2022-37394
MISC
MISC
MISC
openzeppelin — contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-35916
MISC
CONFIRM
openzeppelin — contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-35915
MISC
CONFIRM
openzeppelin — contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token’s total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum. 2022-08-01 not yet calculated CVE-2022-31198
MISC
CONFIRM
oretnom23 — fast_food_ordering_system
 
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability. 2022-08-06 not yet calculated CVE-2022-2686
MISC
MISC
percona — percona_server_for_mysql
 
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. 2022-08-03 not yet calculated CVE-2022-34968
MISC
pgjdbc — pgjdbc
 
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application’s JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who’s column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application’s JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-03 not yet calculated CVE-2022-31197
MISC
CONFIRM
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. 2022-08-02 not yet calculated CVE-2022-34953
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. 2022-08-02 not yet calculated CVE-2022-34952
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. 2022-08-02 not yet calculated CVE-2022-34951
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. 2022-08-02 not yet calculated CVE-2022-34950
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. 2022-08-02 not yet calculated CVE-2022-34949
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. 2022-08-02 not yet calculated CVE-2022-34954
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. 2022-08-02 not yet calculated CVE-2022-34948
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. 2022-08-02 not yet calculated CVE-2022-34947
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. 2022-08-02 not yet calculated CVE-2022-34946
MISC
pharmacy_management_system — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. 2022-08-02 not yet calculated CVE-2022-34945
MISC
pingcap — pingcap_tidb
 
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. 2022-08-03 not yet calculated CVE-2022-34969
MISC
plankanban — planka
 
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. 2022-08-04 not yet calculated CVE-2022-2653
MISC
CONFIRM
pligg — pligg_cms Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. 2022-08-02 not yet calculated CVE-2022-34955
MISC
pligg — pligg_cms Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. 2022-08-02 not yet calculated CVE-2022-34956
MISC
prestashop — prestashop
 
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP’s Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. 2022-08-01 not yet calculated CVE-2022-31181
MISC
MISC
CONFIRM
private_cloud_management_platform — private_cloud_management_platform
 
A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2664
MISC
progress — ws-ftp_server
 
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator’s web session. This would allow the attacker to execute code within the context of the victim’s browser. 2022-08-02 not yet calculated CVE-2022-36967
MISC
MISC
progress — ws-ftp_server
 
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. 2022-08-02 not yet calculated CVE-2022-36968
MISC
MISC
pyrocms — pyrocms PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. 2022-08-01 not yet calculated CVE-2022-35118
MISC
MISC
quest — kace_systems_management_appliance
 
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. 2022-08-02 not yet calculated CVE-2022-29808
MISC
MISC
quest — kace_systems_management_appliance
 
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. 2022-08-02 not yet calculated CVE-2022-29807
MISC
MISC
quest — kace_systems_management_appliance
 
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. 2022-08-02 not yet calculated CVE-2022-30285
MISC
MISC
rapid7 — velociraptor A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35630
CONFIRM
rapid7 — velociraptor On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35631
CONFIRM
rapid7 — velociraptor The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35632
CONFIRM
rapid7 — velociraptor Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. 2022-07-29 not yet calculated CVE-2022-35629
CONFIRM
realtek  — e-cos_rsdk
 
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. 2022-08-01 not yet calculated CVE-2022-27255
MISC
MISC
renato — renato
 
Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. 2022-08-04 not yet calculated CVE-2022-35144
MISC
MISC
MISC
MISC
renato — renato
 
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. 2022-08-04 not yet calculated CVE-2022-35143
MISC
MISC
MISC
MISC
renato — renato
 
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. 2022-08-04 not yet calculated CVE-2022-35142
MISC
MISC
MISC
MISC
rigatur — online_booking_and_hotel_management_system
 
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability. 2022-08-05 not yet calculated CVE-2022-2673
MISC
rsync — rsync
 
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). 2022-08-02 not yet calculated CVE-2022-29154
MLIST
MISC
s3-kilatstorage — s3-kilatstorage This affects all versions of package s3-kilatstorage. 2022-08-02 not yet calculated CVE-2020-28424
MISC
samsung — cameralyzer
 
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. 2022-08-05 not yet calculated CVE-2022-36832
MISC
samsung — charm
 
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. 2022-08-05 not yet calculated CVE-2022-36830
MISC
samsung — charm
 
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. 2022-08-05 not yet calculated CVE-2022-33734
MISC
samsung — charm
 
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. 2022-08-05 not yet calculated CVE-2022-36836
MISC
samsung — charm
 
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. 2022-08-05 not yet calculated CVE-2022-36829
MISC
samsung — charm
 
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. 2022-08-05 not yet calculated CVE-2022-33733
MISC
samsung — checkout
 
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. 2022-08-05 not yet calculated CVE-2022-36839
MISC
samsung — galaxy_wearable
 
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. 2022-08-05 not yet calculated CVE-2022-36838
MISC
samsung — game_launcher
 
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. 2022-08-05 not yet calculated CVE-2022-36834
MISC
samsung — game_optimizing_service
 
Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. 2022-08-05 not yet calculated CVE-2022-36833
MISC
samsung — internet_browser
 
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. 2022-08-05 not yet calculated CVE-2022-36835
MISC
samsung — internet_browser
 
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. 2022-08-05 not yet calculated CVE-2022-36837
MISC
samsung — mtower
 
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. 2022-08-04 not yet calculated CVE-2022-35858
MISC
MISC
samsung — multiple_products Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. 2022-08-05 not yet calculated CVE-2022-33724
MISC
samsung — multiple_products
 
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. 2022-08-05 not yet calculated CVE-2022-33729
MISC
samsung — multiple_products
 
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. 2022-08-05 not yet calculated CVE-2022-33727
MISC
samsung — multiple_products
 
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. 2022-08-05 not yet calculated CVE-2022-33730
MISC
samsung — multiple_products
 
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. 2022-08-05 not yet calculated CVE-2022-33731
MISC
samsung — multiple_products
 
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. 2022-08-05 not yet calculated CVE-2022-33732
MISC
samsung — multiple_products
 
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. 2022-08-05 not yet calculated CVE-2022-33726
MISC
samsung — multiple_products
 
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. 2022-08-05 not yet calculated CVE-2022-33720
MISC
samsung — multiple_products
 
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. 2022-08-05 not yet calculated CVE-2022-33725
MISC
samsung — multiple_products
 
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. 2022-08-05 not yet calculated CVE-2022-33723
MISC
samsung — multiple_products
 
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. 2022-08-05 not yet calculated CVE-2022-33719
MISC
samsung — multiple_products
 
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. 2022-08-05 not yet calculated CVE-2022-33728
MISC
samsung — multiple_products
 
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. 2022-08-05 not yet calculated CVE-2022-33718
MISC
samsung — multiple_products
 
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. 2022-08-05 not yet calculated CVE-2022-33717
MISC
samsung — multiple_products
 
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. 2022-08-05 not yet calculated CVE-2022-33716
MISC
samsung — multiple_products
 
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. 2022-08-05 not yet calculated CVE-2022-33722
MISC
samsung — multiple_products
 
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. 2022-08-05 not yet calculated CVE-2022-33721
MISC
samsung — multiple_products
 
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. 2022-08-05 not yet calculated CVE-2022-33714
MISC
samsung — multiple_products
 
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. 2022-08-05 not yet calculated CVE-2022-33715
MISC
samsung — notes
 
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. 2022-08-05 not yet calculated CVE-2022-36831
MISC
samsung — update_setup
 
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. 2022-08-05 not yet calculated CVE-2022-36840
MISC
sanic — sanic
 
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue. 2022-08-01 not yet calculated CVE-2022-35920
MISC
CONFIRM
MISC
sante — dicom_viewer_pro
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679. 2022-08-03 not yet calculated CVE-2022-28668
MISC
sante — pacs_server
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. 2022-08-03 not yet calculated CVE-2022-2272
MISC
scala — fs2
 
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection. 2022-08-01 not yet calculated CVE-2022-31183
CONFIRM
MISC
MISC
shescape — shescape
 
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`’n’`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`’n’`) can be stripped out manually or the user input can be made the last argument (this only limits the impact). 2022-08-01 not yet calculated CVE-2022-31179
MISC
CONFIRM
MISC
shescape — shescape
 
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. The result is that if an attacker is able to include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. 2. Invoke shell-specific behaviour through shell-specific special characters inserted or appearing after line terminating characters. 3. Invoke arbitrary commands by inserting a line feed character. 4. Invoke arbitrary commands by inserting a carriage return character. Behaviour number 1 has been patched in [v1.5.7] which you can upgrade to now. No further changes are required. Behaviour number 2, 3, and 4 have been patched in [v1.5.8] which you can upgrade to now. No further changes are required. The best workaround is to avoid having to use the `interpolation: true` option – in most cases using an alternative is possible, see [the recipes](github.com/ericcornelissen/shescape#recipes) for recommendations. Alternatively, users may strip all whitespace from user input. Note that this is error prone, for example: for PowerShell this requires stripping `’u0085’` which is not included in JavaScript’s definition of `s` for Regular Expressions. 2022-08-01 not yet calculated CVE-2022-31180
MISC
MISC
MISC
MISC
CONFIRM
shopware — shopware Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-31148
CONFIRM
MISC
MISC
sigstore — cosign
 
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `–type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (–type defaults to “custom”). This can happen when signing with a standard keypair and with “keyless” signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation –type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-04 not yet calculated CVE-2022-35929
MISC
CONFIRM
sigstore — policycontroller
 
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (–type defaults to “custom”). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade. 2022-08-04 not yet calculated CVE-2022-35930
MISC
CONFIRM
MISC
simple_e-learning_system  — simple_e-learning_system
 
A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615. 2022-08-05 not yet calculated CVE-2022-2665
MISC
simple_food_ordereing_system — simple_food_ordereing_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input “><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671. 2022-08-05 not yet calculated CVE-2022-2683
MISC
MISC
solana-labs — pay
 
Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-35917
MISC
MISC
CONFIRM
MISC
sonicwall — email_security
 
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions 2022-07-29 not yet calculated CVE-2022-2324
CONFIRM
sonicwall — multiple_products
 
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. 2022-07-29 not yet calculated CVE-2022-22280
CONFIRM
sonicwall — switch
 
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions 2022-07-29 not yet calculated CVE-2022-2323
CONFIRM
sourcegraph — sourcegraph
 
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended. 2022-08-01 not yet calculated CVE-2022-31154
CONFIRM
MISC
sourcegraph — sourcegraph
 
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended. 2022-08-01 not yet calculated CVE-2022-31155
MISC
CONFIRM
sqlite — sqlite
 
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. 2022-08-03 not yet calculated CVE-2022-35737
MISC
MISC
streamlit — streamlit
 
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-08-01 not yet calculated CVE-2022-35918
CONFIRM
MISC
supersmart.me — supersmart.me
 
Supersmart.me – Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer’s cart without verification. Because the number of purchases is serial. 2022-08-05 not yet calculated CVE-2022-34768
MISC
synology — calendar
 
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. 2022-08-03 not yet calculated CVE-2022-27617
CONFIRM
synology — diskstation_manager
 
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2022-08-03 not yet calculated CVE-2022-27616
CONFIRM
synology — note_station_client
 
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. 2022-08-03 not yet calculated CVE-2022-27619
CONFIRM
synology — sso_server
 
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. 2022-08-03 not yet calculated CVE-2022-27620
CONFIRM
synology — storage_analyzer
 
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. 2022-08-03 not yet calculated CVE-2022-27618
CONFIRM
synology — usb_copy
 
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. 2022-08-03 not yet calculated CVE-2022-27621
CONFIRM
tcl — linkhub_mesh_wifi
 
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-22140
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary. 2022-08-05 not yet calculated CVE-2022-24017
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the multiWAN binary. 2022-08-05 not yet calculated CVE-2022-24018
MISC
tcl — linkhub_mesh_wifi
 
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-22144
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-23103
MISC
tcl — linkhub_mesh_wifi
 
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-27660
MISC
tcl — linkhub_mesh_wifi
 
An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-27633
MISC
tcl — linkhub_mesh_wifi
 
An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-27630
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary. 2022-08-05 not yet calculated CVE-2022-24005
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow. 2022-08-05 not yet calculated CVE-2022-23918
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow. 2022-08-05 not yet calculated CVE-2022-23919
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-23399
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the arpbrocast binary. 2022-08-05 not yet calculated CVE-2022-24006
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary. 2022-08-05 not yet calculated CVE-2022-24007
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confcli binary. 2022-08-05 not yet calculated CVE-2022-24008
MISC
tcl — linkhub_mesh_wifi
 
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-21178
MISC
tcl — linkhub_mesh_wifi
 
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-27178
MISC
tcl — linkhub_mesh_wifi
 
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-27185
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-21201
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confsrv binary. 2022-08-05 not yet calculated CVE-2022-24009
MISC
tcl — linkhub_mesh_wifi
 
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-26346
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary. 2022-08-05 not yet calculated CVE-2022-24019
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary. 2022-08-05 not yet calculated CVE-2022-24022
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommonprod.so binary. 2022-08-05 not yet calculated CVE-2022-24028
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-26009
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary. 2022-08-05 not yet calculated CVE-2022-24012
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary. 2022-08-05 not yet calculated CVE-2022-24013
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the logserver binary. 2022-08-05 not yet calculated CVE-2022-24014
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary. 2022-08-05 not yet calculated CVE-2022-24015
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rp-pppoe.so binary. 2022-08-05 not yet calculated CVE-2022-24029
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary. 2022-08-05 not yet calculated CVE-2022-24016
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommon.so binary. 2022-08-05 not yet calculated CVE-2022-24027
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pppd binary. 2022-08-05 not yet calculated CVE-2022-24023
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the network_check binary. 2022-08-05 not yet calculated CVE-2022-24020
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the online_process binary. 2022-08-05 not yet calculated CVE-2022-24021
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary. 2022-08-05 not yet calculated CVE-2022-24010
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the telnet_ate_monitor binary. 2022-08-05 not yet calculated CVE-2022-24026
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary. 2022-08-05 not yet calculated CVE-2022-24025
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary. 2022-08-05 not yet calculated CVE-2022-24024
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary. 2022-08-05 not yet calculated CVE-2022-24011
MISC
tcl — linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-26342
MISC
tcl — linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2022-08-05 not yet calculated CVE-2022-25996
MISC
teamplus_technology — teamplus_pro
 
Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application. 2022-08-02 not yet calculated CVE-2022-35220
MISC
teamplus_technology — teamplus_pro
 
Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service. 2022-08-02 not yet calculated CVE-2022-35221
MISC
tem — flex-1085 A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-08-01 not yet calculated CVE-2022-2591
MISC
tencent — tscancode
 
A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. 2022-08-03 not yet calculated CVE-2022-35158
MISC
thoughtbot — administrate Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user’s OAuth autorization code. 2022-08-05 not yet calculated CVE-2016-3098
MISC
tibco — iway_service_manager
 
The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below. 2022-08-02 not yet calculated CVE-2022-30572
CONFIRM
CONFIRM
tibco — iway_service_manager
 
The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below. 2022-08-02 not yet calculated CVE-2022-30571
CONFIRM
CONFIRM
tooljet — tooljet Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. 2022-08-02 not yet calculated CVE-2022-2631
MISC
CONFIRM
totolink — totlink_a3600r_firmware
 
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. 2022-08-04 not yet calculated CVE-2022-34993
MISC
MISC
trend_micro — apex_one_and_worry-free_business_security
 
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. 2022-07-30 not yet calculated CVE-2022-36336
MISC
MISC
trend_micro — security Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. 2022-07-30 not yet calculated CVE-2022-35234
MISC
MISC
trend_mirco — vpn_proxy_one_pro
 
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. 2022-07-30 not yet calculated CVE-2022-33158
MISC
MISC
triplecross — triplecross
 
TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters. 2022-08-03 not yet calculated CVE-2022-35506
MISC
triplecross — triplecross
 
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command. 2022-08-03 not yet calculated CVE-2022-35505
MISC
umlaeute — v4l2loopback
 
Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). 2022-08-04 not yet calculated CVE-2022-2652
CONFIRM
MISC
undertow — undertow
 
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow’s AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in “All workers are in error state” and mod_cluster responds “503 Service Unavailable” for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the “retry” timeout passes. However, luckily, mod_proxy_balancer has “forcerecovery” setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding “503 Service Unavailable”. An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2. 2022-08-05 not yet calculated CVE-2022-2053
MISC
MISC
unitree — go_1_robotics_platform
 
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. 2022-08-05 not yet calculated CVE-2022-2675
MISC
MISC
MISC
uniwill — sparkio.sys_driver
 
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. 2022-08-05 not yet calculated CVE-2022-37415
MISC
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. 2022-08-01 not yet calculated CVE-2022-2571
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. 2022-08-01 not yet calculated CVE-2022-2580
CONFIRM
MISC
vim — vim Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. 2022-08-01 not yet calculated CVE-2022-2581
CONFIRM
MISC
vim — vim Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100. 2022-08-01 not yet calculated CVE-2022-2598
MISC
CONFIRM
vinchin — backup_and_recovery
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. 2022-08-03 not yet calculated CVE-2022-35866
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. 2022-08-05 not yet calculated CVE-2022-31656
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. 2022-08-05 not yet calculated CVE-2022-31660
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. 2022-08-05 not yet calculated CVE-2022-31664
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. 2022-08-05 not yet calculated CVE-2022-31662
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window. 2022-08-05 not yet calculated CVE-2022-31663
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to ‘root’. 2022-08-05 not yet calculated CVE-2022-31661
MISC
vmware — multiple_products
 
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. 2022-08-05 not yet calculated CVE-2022-31659
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. 2022-08-05 not yet calculated CVE-2022-31658
MISC
vmware — multiple_products
 
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. 2022-08-05 not yet calculated CVE-2022-31657
MISC
vmware — multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. 2022-08-05 not yet calculated CVE-2022-31665
MISC
web_based_quiz_system — web_based_quiz_system Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. 2022-08-02 not yet calculated CVE-2022-35422
MISC
websockets-rs — rust-websocket
 
Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When `Vec::with_capacity` fails to allocate, the default Rust allocator will abort the current process, killing all threads. This affects only sync (non-Tokio) implementation. Async version also does not limit memory, but does not use `with_capacity`, so DoS can happen only when bytes for oversized dataframe or message actually got delivered by the attacker. The crashes are fixed in version 0.26.5 by imposing default dataframe size limits. Affected users are advised to update to this version. Users unable to upgrade are advised to filter websocket traffic externally or to only accept trusted traffic. 2022-08-01 not yet calculated CVE-2022-35922
MISC
CONFIRM
wedding_hall_booking_system — wedding_hall_booking_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability. 2022-08-06 not yet calculated CVE-2022-2691
MISC
MISC
wedding_hall_booking_system — wedding_hall_booking_system
 
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812. 2022-08-06 not yet calculated CVE-2022-2689
MISC
MISC
wedding_hall_booking_system — wedding_hall_booking_system
 
A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability. 2022-08-06 not yet calculated CVE-2022-2690
MISC
MISC
wedding_hall_booking_system — wedding_hall_booking_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815. 2022-08-06 not yet calculated CVE-2022-2692
MISC
MISC
western_digital — sweet_b When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23004
MISC
western_digital — sweet_b When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23003
MISC
western_digital — sweet_b When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23002
MISC
western_digital — sweet_b When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 2022-07-29 not yet calculated CVE-2022-23001
MISC
wordpress — wordpress The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. 2022-08-01 not yet calculated CVE-2022-1906
MISC
wordpress — wordpress Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. 2022-08-01 not yet calculated CVE-2022-36343
CONFIRM
CONFIRM
wordpress — wordpress The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well. 2022-08-01 not yet calculated CVE-2022-2171
MISC
wordpress — wordpress The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. 2022-08-01 not yet calculated CVE-2022-2170
MISC
wordpress — wordpress The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection 2022-08-01 not yet calculated CVE-2022-1950
MISC
wordpress — wordpress The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting 2022-08-01 not yet calculated CVE-2022-2181
MISC
wordpress — wordpress The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. 2022-08-01 not yet calculated CVE-2022-1600
MISC
wordpress — wordpress The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 2022-08-01 not yet calculated CVE-2022-2184
MISC
wordpress — wordpress The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. 2022-08-01 not yet calculated CVE-2022-1585
MISC
wordpress — wordpress Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. 2022-07-29 not yet calculated CVE-2022-36378
CONFIRM
CONFIRM
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. 2022-08-05 not yet calculated CVE-2022-33201
CONFIRM
CONFIRM
wordpress — wordpress The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-08-01 not yet calculated CVE-2022-2215
MISC
wordpress — wordpress The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. 2022-08-01 not yet calculated CVE-2022-2273
MISC
wordpress — wordpress The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-08-01 not yet calculated CVE-2022-0598
MISC
wordpress — wordpress The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-08-01 not yet calculated CVE-2022-2325
MISC
wordpress — wordpress The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues 2022-08-01 not yet calculated CVE-2022-2241
MISC
wordpress — wordpress The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-08-01 not yet calculated CVE-2022-2278
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. 2022-08-05 not yet calculated CVE-2021-36861
CONFIRM
CONFIRM
wordpress — wordpress Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. 2022-08-01 not yet calculated CVE-2022-34154
CONFIRM
CONFIRM
wordpress — wordpress The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-08-01 not yet calculated CVE-2022-2305
MISC
wordpress — wordpress The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. 2022-08-01 not yet calculated CVE-2022-2317
MISC
wordpress — wordpress The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks 2022-08-01 not yet calculated CVE-2022-2245
MISC
wordpress — wordpress The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-08-01 not yet calculated CVE-2022-2328
MISC
wordpress — wordpress The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target’s CPU. 2022-08-01 not yet calculated CVE-2022-2260
MISC
wordpress — wordpress The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin 2022-08-01 not yet calculated CVE-2022-2369
MISC
wordpress — wordpress The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them 2022-08-01 not yet calculated CVE-2022-2370
MISC
wordpress — wordpress The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-08-01 not yet calculated CVE-2022-1324
MISC
wordpress — wordpress
 
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. 2022-08-05 not yet calculated CVE-2022-25649
CONFIRM
CONFIRM
wordpress — wordpress
 
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. 2022-08-05 not yet calculated CVE-2022-36284
CONFIRM
CONFIRM
wordpress — wordpress
 
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the “Insert from URL” feature. NOTE: the XSS payload does not execute in the context of the WordPress instance’s domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. 2022-07-30 not yet calculated CVE-2022-33994
MISC
wordpress — wordpress
 
Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. 2022-08-05 not yet calculated CVE-2022-36296
CONFIRM
CONFIRM
xhyve — xhyve
 
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056. 2022-08-03 not yet calculated CVE-2022-35867
MISC
yuba — u5cms
 
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. 2022-08-03 not yet calculated CVE-2022-34937
MISC
zlib — zlib
 
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). 2022-08-05 not yet calculated CVE-2022-37434
MISC
MISC
MISC
MISC
MLIST

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of June 27, 2022

07/04/2022 06:19 AM EDT

Original release date: July 4, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
codesys — gateway In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. 2022-06-24 7.5 CVE-2022-31802
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. 2022-06-24 7.5 CVE-2021-38945
CONFIRM
XF
illumina — local_run_manager LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network. 2022-06-24 10 CVE-2022-1517
MISC
illumina — local_run_manager LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. 2022-06-24 10 CVE-2022-1519
MISC
illumina — local_run_manager LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. 2022-06-24 7.5 CVE-2022-1518
MISC
melag — ftp_server When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. 2022-06-24 9 CVE-2021-41635
MISC
online_student_rate_system_project — online_student_rate_system A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. 2022-06-24 7.5 CVE-2021-39409
MISC
simple_ads_manager_project — simple_ads_manager A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. 2022-06-24 7.5 CVE-2017-20095
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1234n — minicms A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. 2022-06-24 5.8 CVE-2022-33121
MISC
codesys — gateway In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. 2022-06-24 5 CVE-2022-31803
CONFIRM
codesys — gateway The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. 2022-06-24 5 CVE-2022-31804
CONFIRM
codesys — runtime_toolkit Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. 2022-06-24 5.5 CVE-2022-32142
CONFIRM
codesys — runtime_toolkit Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. 2022-06-24 4 CVE-2022-32141
CONFIRM
codesys — runtime_toolkit Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. 2022-06-24 5.5 CVE-2022-1965
CONFIRM
codesys — runtime_toolkit In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required 2022-06-24 6.5 CVE-2022-32143
CONFIRM
codesys — runtime_toolkit In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. 2022-06-24 6.5 CVE-2022-32138
CONFIRM
codesys — runtime_toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. 2022-06-24 4 CVE-2022-32136
CONFIRM
codesys — runtime_toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. 2022-06-24 4 CVE-2022-32139
CONFIRM
codesys — runtime_toolkit Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. 2022-06-24 4 CVE-2022-32140
CONFIRM
codesys — runtime_toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. 2022-06-24 6.5 CVE-2022-32137
CONFIRM
dradisframework — dradis Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. 2022-06-24 4.3 CVE-2022-30028
MISC
gimp — gimp An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). 2022-06-24 4.3 CVE-2022-32990
MISC
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the ‘Cloud Storage’ page for which they should not have access. IBM X-Force ID: 202682. 2022-06-24 4 CVE-2021-29768
CONFIRM
XF
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. 2022-06-24 5 CVE-2021-20355
XF
CONFIRM
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091. 2022-06-24 4.9 CVE-2021-29865
XF
CONFIRM
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931. 2022-06-24 4 CVE-2021-20544
XF
CONFIRM
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. 2022-06-24 4 CVE-2021-20421
CONFIRM
XF
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. 2022-06-24 5 CVE-2021-38879
CONFIRM
XF
illumina — local_run_manager LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. 2022-06-24 6.4 CVE-2022-1521
MISC
illumina — local_run_manager LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. 2022-06-24 4.3 CVE-2022-1524
MISC
melag — ftp_server A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. 2022-06-24 5 CVE-2021-41634
MISC
melag — ftp_server The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. 2022-06-24 5 CVE-2021-41638
MISC
online_student_rate_system_project — online_student_rate_system Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file 2022-06-24 4.3 CVE-2021-39408
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_inmate.php:3 2022-06-24 6.5 CVE-2022-32404
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/cells/view_cell.php:4 2022-06-24 6.5 CVE-2022-32393
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/crimes/manage_crime.php:4 2022-06-24 6.5 CVE-2022-32395
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/view_inmate.php:3 2022-06-24 6.5 CVE-2022-32394
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/visits/manage_visit.php:4 2022-06-24 6.5 CVE-2022-32396
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/cells/manage_cell.php:4 2022-06-24 6.5 CVE-2022-32398
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/view_prison.php:4 2022-06-24 6.5 CVE-2022-32405
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_record.php:4 2022-06-24 6.5 CVE-2022-32403
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/manage_prison.php:4 2022-06-24 6.5 CVE-2022-32402
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_privilege.php:4 2022-06-24 6.5 CVE-2022-32401
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/visits/view_visit.php:4 2022-06-24 6.5 CVE-2022-32397
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/user/manage_user.php:4. 2022-06-24 6.5 CVE-2022-32400
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/crimes/view_crime.php:4 2022-06-24 6.5 CVE-2022-32399
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/actions/manage_action.php:4 2022-06-24 6.5 CVE-2022-32392
MISC
MISC
prison_management_system_project — prison_management_system Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/actions/view_action.php:4 2022-06-24 6.5 CVE-2022-32391
MISC
MISC
validate_color_project — validate_color A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. 2022-06-24 5 CVE-2021-40892
MISC
wp-filebase_download_manager_project — wp-filebase_download_manager A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. 2022-06-24 4.3 CVE-2017-20097
MISC
MISC
wp-spamfree_anti-spam_project — wp-spamfree_anti-spam A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. 2022-06-24 4.3 CVE-2017-20096
MISC
MISC
wpdownloadmanager — wordpress_download_manager A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. 2022-06-24 4.3 CVE-2017-20093
MISC
MISC
yoast — google_analytics_dashboard A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. 2022-06-24 4.3 CVE-2017-20092
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. 2022-06-24 3.5 CVE-2022-33122
MISC
galaxkey — galaxkey Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the ‘subject’ field. The payload executes when the recipient logs into their mailbox. 2022-06-26 3.5 CVE-2020-27509
MISC
MISC
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 198929. 2022-06-24 3.5 CVE-2021-20543
XF
CONFIRM
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345. 2022-06-24 3.5 CVE-2021-38871
XF
CONFIRM
ibm — jazz_team_server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. 2022-06-24 2.1 CVE-2021-20551
CONFIRM
XF
melag — ftp_server Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the “Everyone” group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. 2022-06-24 3.6 CVE-2021-41637
MISC
melag — ftp_server MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. 2022-06-24 2.1 CVE-2021-41639
MISC
newstatpress_project — newstatpress A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-24 3.5 CVE-2017-20094
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
admidio — admidio Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). 2022-06-28 not yet calculated CVE-2022-23896
MISC
aerogear — aerogear
 
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can’t be reached or can slow the server down by purposefully wasting it’s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. 2022-07-01 not yet calculated CVE-2014-3648
MISC
aerogear — aerogear
 
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. 2022-07-01 not yet calculated CVE-2014-3650
MISC
MISC
ampere — alta_and_altramax
 
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. 2022-07-01 not yet calculated CVE-2022-32295
MISC
MISC
android — ebook_app
 
SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. 2022-07-01 not yet calculated CVE-2021-32428
MISC
MISC
MISC
MISC
apache — shiro
 
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. 2022-06-29 not yet calculated CVE-2022-32532
MISC
apache — systemds The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a “low-priority but useful improvement”. SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1. 2022-06-27 not yet calculated CVE-2022-26477
MISC
apache — apache
 
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. 2022-06-27 not yet calculated CVE-2022-33879
MISC
MLIST
apifest — oauth
 
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker’s control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. 2022-06-29 not yet calculated CVE-2020-26877
MISC
MISC
MISC
apple — air_transfer
 
A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2017-20100
MISC
MISC
apple — album_lock
 
A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2017-20102
MISC
MISC
apple — iphone
 
A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. 2022-06-25 not yet calculated CVE-2019-25071
N/A
N/A
N/A
argo — cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim’s permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. 2022-06-27 not yet calculated CVE-2022-31035
MISC
MISC
CONFIRM
argo — cd
 
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade. 2022-06-25 not yet calculated CVE-2022-31016
CONFIRM
argo — cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD’s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. 2022-06-27 not yet calculated CVE-2022-31036
MISC
CONFIRM
argo — cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. 2022-06-27 not yet calculated CVE-2022-31034
MISC
CONFIRM
ast — parser An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. 2022-06-30 not yet calculated CVE-2022-33082
MISC
asus — dsl-n14u-b1
 
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the “*list” parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every “.asp” page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. 2022-07-01 not yet calculated CVE-2022-32988
MISC
MISC
automox — agent_for_osx The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script. 2022-07-01 not yet calculated CVE-2022-27904
MISC
MISC
bento4 — bento4
 
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-27 not yet calculated CVE-2021-40941
MISC
bento4 — bento4
 
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-28 not yet calculated CVE-2021-40943
MISC
bestofinc — online_hotel_booking_system_pro A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20124
N/A
N/A
bestofinc — online_hotel_booking_system_pro
 
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20125
N/A
N/A
bfabiszewski — libmobi
 
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-07-01 not yet calculated CVE-2022-2279
CONFIRM
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31065
CONFIRM
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim’s client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31064
MISC
CONFIRM
MISC
MISC
FULLDISC
MISC
bigbluebutton — greenlight
 
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room’s settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room’s settings. This issue has been patched in release version 2.12.6. 2022-06-27 not yet calculated CVE-2022-31039
CONFIRM
MISC
bitrix — site_manager
 
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src=”http://1″; on onerror=”$(’p’).text(’Hacked’)” /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20122
N/A
N/A
brocade — sannav
 
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log 2022-06-27 not yet calculated CVE-2022-28167
MISC
CONFIRM
brocade — sannav
 
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. 2022-06-27 not yet calculated CVE-2022-28166
MISC
CONFIRM
brocade — sannav
 
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. 2022-06-27 not yet calculated CVE-2022-28168
MISC
CONFIRM
centum — multiple_versions
 
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 ‘For CENTUM VP Support CAMS for HIS’ is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. 2022-06-28 not yet calculated CVE-2022-30707
MISC
MISC
MISC
MISC
cilan2 — iot A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 2022-06-30 not yet calculated CVE-2022-33087
MISC
clever — underscore.deep
 
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening. 2022-06-28 not yet calculated CVE-2022-31106
MISC
CONFIRM
cloudflare — warp_client_for_windows Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. 2022-06-28 not yet calculated CVE-2022-2145
MISC
college_management_sytem — college_management_system
 
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. 2022-07-01 not yet calculated CVE-2022-32420
MISC
d-link — dir-645
 
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. 2022-06-27 not yet calculated CVE-2022-32092
MISC
MISC
dahuasecurity — dahuasecurity When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet. 2022-06-28 not yet calculated CVE-2022-30563
MISC
dahuasecurity –dahuasecurity When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. 2022-06-28 not yet calculated CVE-2022-30560
MISC
dahuasecurity –dahuasecurity When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet. 2022-06-28 not yet calculated CVE-2022-30561
MISC
dahuasecurity –dahuasecurity
 
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 2022-06-28 not yet calculated CVE-2022-30562
MISC
das — u-boot
 
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command enables the corruption of the return address pointer of the do_i2c_md function. 2022-06-30 not yet calculated CVE-2022-34835
MISC
MISC
MISC
das — u-boot
 
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). 2022-07-01 not yet calculated CVE-2022-33103
MISC
MISC
dcmtk — dcmtk DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41689
MISC
MISC
dcmtk — dcmtk DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41690
MISC
MISC
dcmtk — dcmtk
 
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41688
MISC
MISC
dcmtk — dcmtk
 
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41687
MISC
MISC
deep.assign — deep.assign deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’). 2022-06-30 not yet calculated CVE-2021-40663
MISC
MISC
dell — powerscale_onefs Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. 2022-06-28 not yet calculated CVE-2022-31229
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. 2022-06-28 not yet calculated CVE-2022-31230
MISC
delta_electronics — diaenergie A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. 2022-06-27 not yet calculated CVE-2022-33005
MISC
devolutions — remote_desktop_manager
 
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. 2022-06-27 not yet calculated CVE-2022-2221
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn’t match the invite’s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. 2022-06-27 not yet calculated CVE-2022-31096
CONFIRM
distributed_data_systems — webhmi
 
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. 2022-07-01 not yet calculated CVE-2022-2254
CONFIRM
distributed_data_systems — webhmi
 
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. 2022-07-01 not yet calculated CVE-2022-2253
CONFIRM
dompdf — dompdf Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. 2022-06-28 not yet calculated CVE-2022-0085
MISC
CONFIRM
easy_table_plugin — easy_table_plugin
 
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input “><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. 2022-06-29 not yet calculated CVE-2017-20108
MISC
MISC
ecshop — eschop
 
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. 2022-06-28 not yet calculated CVE-2021-41460
MISC
edimax — ic-3140w
 
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. 2022-06-29 not yet calculated CVE-2021-40597
MISC
MISC
MISC
elcomplus — smartics
 
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. 2022-06-27 not yet calculated CVE-2022-2088
CONFIRM
elcomplus — smartics
 
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. 2022-06-27 not yet calculated CVE-2022-2106
CONFIRM
elcomplus — smartics
 
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. 2022-06-27 not yet calculated CVE-2022-2140
CONFIRM
embarcadero — dev-cpp A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. 2022-06-29 not yet calculated CVE-2022-33036
MISC
ember.js — ember.js
 
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view’s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (“XSS”). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. 2022-06-30 not yet calculated CVE-2013-4170
MISC
MISC
MISC
espcms — espcms
 
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at espcms_publicespcms_templatesESPCMS_Templates. 2022-06-30 not yet calculated CVE-2022-33085
MISC
espressif — bluetootj_mesh_sdk
 
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. 2022-06-25 not yet calculated CVE-2022-24893
CONFIRM
exemys — rme1
 
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. 2022-06-30 not yet calculated CVE-2022-2197
MISC
eyeofnetwork — eyeofnetwork
 
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the “sendmail” application in the “cacti” configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration (“send test mail”). 2022-06-30 not yet calculated CVE-2021-40643
MISC
MISC
form –contact_form_wordpress_plugin The Form – Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1326
MISC
fusionpbx — fusionpbx
 
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized “path” parameter in resources/login.php. 2022-07-01 not yet calculated CVE-2021-37524
MISC
MISC
getgrav — grav Code Injection in GitHub repository getgrav/grav prior to 1.7.34. 2022-06-29 not yet calculated CVE-2022-2073
MISC
CONFIRM
gitee — gitee
 
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33654
MISC
gitee — gitee
 
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33653
MISC
gitee — gitee
 
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33652
MISC
gitee — gitee
 
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33648
MISC
gitee — gitee
 
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. 2022-06-27 not yet calculated CVE-2021-33647
MISC
gitee — gitee
 
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33650
MISC
gitee — gitee
 
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33651
MISC
gitee — gitee
 
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33649
MISC
gitlab — ce/ee Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions 2022-07-01 not yet calculated CVE-2022-2227
MISC
MISC
CONFIRM
gitlab — ce/ee
 
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they’re a member of. 2022-07-01 not yet calculated CVE-2022-2229
CONFIRM
MISC
MISC
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. 2022-07-01 not yet calculated CVE-2022-1999
MISC
CONFIRM
gitlab — ce/ee
 
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf. 2022-07-01 not yet calculated CVE-2022-2230
MISC
CONFIRM
MISC
gitlab — ee
 
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. 2022-07-01 not yet calculated CVE-2022-2281
MISC
MISC
CONFIRM
gitlab — ee
 
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. 2022-07-01 not yet calculated CVE-2022-1983
MISC
CONFIRM
gitlab — ee
 
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range 2022-07-01 not yet calculated CVE-2022-2228
CONFIRM
MISC
gitlab — ee
 
Insufficient sanitization in GitLab EE’s external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link 2022-07-01 not yet calculated CVE-2022-2235
MISC
MISC
CONFIRM
gitlab — ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the ‘Invite a group’ feature to invite a group that has members that don’t comply with domain allow-list. 2022-07-01 not yet calculated CVE-2022-1981
MISC
MISC
CONFIRM
gitlab — ee/ce
 
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. 2022-07-01 not yet calculated CVE-2022-2250
CONFIRM
MISC
MISC
gitlab — ee/ce
 
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project’s error tracking feature. 2022-07-01 not yet calculated CVE-2022-2244
CONFIRM
MISC
MISC
gitlab — ee/ce
 
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. 2022-07-01 not yet calculated CVE-2022-2243
MISC
MISC
CONFIRM
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. 2022-07-01 not yet calculated CVE-2022-0167
MISC
CONFIRM
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. 2022-07-01 not yet calculated CVE-2022-2270
CONFIRM
MISC
MISC
gitlab — ce/ee A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers 2022-07-01 not yet calculated CVE-2022-1954
MISC
CONFIRM
MISC
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. 2022-07-01 not yet calculated CVE-2022-1963
MISC
MISC
CONFIRM
gitlab — gitlab
 
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. 2022-07-01 not yet calculated CVE-2022-2185
CONFIRM
MISC
MISC
glpi — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. 2022-06-28 not yet calculated CVE-2022-31068
MISC
CONFIRM
glpi — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. 2022-06-27 not yet calculated CVE-2022-31082
MISC
CONFIRM
glpi — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. 2022-06-28 not yet calculated CVE-2022-31056
CONFIRM
glpi — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-06-28 not yet calculated CVE-2022-31061
CONFIRM
MISC
gnupg — gnupg
 
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. 2022-07-01 not yet calculated CVE-2022-34903
MISC
MISC
MISC
MLIST
gpac — gpac
 
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40608
MISC
gpac — gpac
 
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40606
MISC
gpac — gpac
 
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40607
MISC
gpac — gpac
 
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40609
MISC
gpac — mp4box In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-28 not yet calculated CVE-2021-40944
MISC
gpac — mp4box
 
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-27 not yet calculated CVE-2021-40942
MISC
gps-sdr-sim — gps-sdr-sim
 
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution. 2022-06-30 not yet calculated CVE-2021-37778
MISC
gunet — open_eclass_platform An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. 2022-06-27 not yet calculated CVE-2022-33116
MISC
MISC
MISC
MISC
guzzle — guzzle
 
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. 2022-06-27 not yet calculated CVE-2022-31090
MISC
CONFIRM
guzzle — guzzle
 
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. 2022-06-27 not yet calculated CVE-2022-31091
MISC
CONFIRM
halo_cms — halo_cms Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. 2022-06-27 not yet calculated CVE-2022-32995
MISC
halo_cms — halo_cms Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. 2022-06-27 not yet calculated CVE-2022-32994
MISC
hikvision — hybrid_san/cluster_storage
 
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. 2022-06-27 not yet calculated CVE-2022-28171
MISC
hikvision — hybrid_san_cluster_storage
 
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. 2022-06-27 not yet calculated CVE-2022-28172
MISC
hongcms — hongcms An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. 2022-07-01 not yet calculated CVE-2022-32412
MISC
hongcms — hongcms An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. 2022-07-01 not yet calculated CVE-2022-32411
MISC
hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. 2022-07-01 not yet calculated CVE-2022-32094
MISC
hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. 2022-07-01 not yet calculated CVE-2022-32093
MISC
hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. 2022-07-01 not yet calculated CVE-2022-32095
MISC
hpe — nonstop_dsm/scm
 
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. 2022-06-28 not yet calculated CVE-2022-28621
MISC
hpe — storeonce A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. 2022-06-27 not yet calculated CVE-2022-28622
MISC
ibm — cloudpak
 
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. 2022-06-30 not yet calculated CVE-2021-38941
XF
CONFIRM
ibm — infosphere_information_server
 
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. 2022-07-01 not yet calculated CVE-2022-22373
XF
CONFIRM
ibm — security_guardium
 
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2022-06-29 not yet calculated CVE-2021-39074
CONFIRM
XF
ibm — spectrum_protect IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. 2022-06-30 not yet calculated CVE-2022-22474
XF
CONFIRM
ibm — spectrum_protect
 
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. 2022-06-30 not yet calculated CVE-2022-22496
XF
CONFIRM
ibm — spectrum_protect
 
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326. 2022-06-30 not yet calculated CVE-2022-22487
XF
CONFIRM
ibm — spectrum_protect
 
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. 2022-06-30 not yet calculated CVE-2022-22478
CONFIRM
XF
ibm — spectrum_protect
 
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. 2022-06-30 not yet calculated CVE-2022-22494
CONFIRM
XF
ibm — spectrum_protect_plus_container_backup_and_restore IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340. 2022-06-30 not yet calculated CVE-2022-22472
CONFIRM
XF
ibm — sterling_b2b_integrator
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. 2022-06-30 not yet calculated CVE-2021-38954
CONFIRM
XF
ibm — urban_code_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. 2022-07-01 not yet calculated CVE-2022-22367
CONFIRM
XF
ibm — urban_code_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. 2022-07-01 not yet calculated CVE-2022-22366
CONFIRM
XF
ilias — ilias
 
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. 2022-06-29 not yet calculated CVE-2022-31266
MISC
MISC
image_galery — grid_gallery_ wordpress_ plugin The Image Gallery – Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1327
MISC
ionicabizau — parse-path Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-0722
MISC
CONFIRM
ionicabizau — parse-path Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. 2022-06-28 not yet calculated CVE-2022-0624
CONFIRM
MISC
ionicabizau — parse-url
 
Cross-site Scripting (XSS) – Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2218
MISC
CONFIRM
ionicabizau — parse-url
 
Cross-site Scripting (XSS) – Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2217
MISC
CONFIRM
ionicabizau — parse-url
 
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2216
MISC
CONFIRM
ivpn — client
 
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument –up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-29 not yet calculated CVE-2017-20112
MISC
MISC
MISC
jaredhanson — passport
 
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. 2022-07-01 not yet calculated CVE-2022-25896
CONFIRM
CONFIRM
CONFIRM
jenkins — build-metrics_plugin Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. 2022-06-30 not yet calculated CVE-2022-34785
CONFIRM
jenkins — build-metrics_plugin Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. 2022-06-30 not yet calculated CVE-2022-34784
CONFIRM
jenkins — build_notifications_plugin Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2022-06-30 not yet calculated CVE-2022-34801
CONFIRM
jenkins — build_notifications_plugin Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34800
CONFIRM
jenkins — cisco_spark_plugin Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34808
CONFIRM
jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34799
CONFIRM
jenkins — deployment_dashboard_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2022-06-30 not yet calculated CVE-2022-34797
CONFIRM
jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. 2022-06-30 not yet calculated CVE-2022-34795
CONFIRM
jenkins — deployment_dashboard_plugin A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34796
CONFIRM
jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2022-06-30 not yet calculated CVE-2022-34798
CONFIRM
jenkins — elasticsearch_query_plugin Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34807
CONFIRM
jenkins — extreme_feedback_panel_plugin Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34790
CONFIRM
jenkins — failed_job_deactivator_plugin Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. 2022-06-30 not yet calculated CVE-2022-34818
CONFIRM
jenkins — failed_job_deactivator_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. 2022-06-30 not yet calculated CVE-2022-34817
CONFIRM
jenkins — gitlab_plugin
 
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34777
CONFIRM
jenkins — hpe_network_virtualization_plugin Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34816
CONFIRM
jenkins — jigomerge_plugin
 
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34806
CONFIRM
jenkins — plot_plugin Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34783
CONFIRM
jenkins — project_inheritance_plugin
 
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. 2022-06-30 not yet calculated CVE-2022-34787
CONFIRM
jenkins — recipe_plugin Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. 2022-06-30 not yet calculated CVE-2022-34794
CONFIRM
jenkins — recipe_plugin Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-06-30 not yet calculated CVE-2022-34793
CONFIRM
jenkins — recipe_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. 2022-06-30 not yet calculated CVE-2022-34792
CONFIRM
jenkins — request_rename_or_delete_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. 2022-06-30 not yet calculated CVE-2022-34815
CONFIRM
jenkins — request_rename_or_delete_plugin Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. 2022-06-30 not yet calculated CVE-2022-34814
CONFIRM
jenkins — requests-plugin_plugin An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. 2022-06-30 not yet calculated CVE-2022-34782
CONFIRM
jenkins — rocketchat_notifier_plugin Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34802
CONFIRM
jenkins — rqm_plugin A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34810
CONFIRM
jenkins — rqm_plugin Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34809
CONFIRM
jenkins — skype_notifier_plugin
 
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34805
CONFIRM
jenkins — testng_results_plugin Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. 2022-06-30 not yet calculated CVE-2022-34778
CONFIRM
jenkins — validating_email_parameter_plugin Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34791
CONFIRM
jenkins — xebialabs_xl_release_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34780
CONFIRM
jenkins — xebialabs_xl_release_plugin A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34779
CONFIRM
jenkins — xebialabs_xl_release_plugin Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34781
CONFIRM
jenkins — xpath_configuration_viewer_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. 2022-06-30 not yet calculated CVE-2022-34812
CONFIRM
jenkins — xpath_configuration_viewer_plugin A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. 2022-06-30 not yet calculated CVE-2022-34811
CONFIRM
jenkins — xpath_configuration_viewer_plugin A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. 2022-06-30 not yet calculated CVE-2022-34813
CONFIRM
jenkins — matrix_reloaded_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. 2022-06-30 not yet calculated CVE-2022-34789
CONFIRM
jenkins — matrix_reloaded_plugin Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. 2022-06-30 not yet calculated CVE-2022-34788
CONFIRM
jenkins — opsgenie_plugin Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34803
CONFIRM
jenkins — opsgenie_plugin Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. 2022-06-30 not yet calculated CVE-2022-34804
CONFIRM
jenkins — rich_text_publisher_plugin
 
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. 2022-06-30 not yet calculated CVE-2022-34786
CONFIRM
jetbrains — hub
 
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services 2022-07-01 not yet calculated CVE-2022-34894
MISC
jira — data_center_and_server_mobile_plugin
 
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. 2022-06-30 not yet calculated CVE-2022-26135
MISC
MISC
MISC
jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. 2022-06-28 not yet calculated CVE-2022-34133
MISC
MISC
jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. 2022-06-28 not yet calculated CVE-2022-34134
MISC
MISC
jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. 2022-06-28 not yet calculated CVE-2022-34132
MISC
MISC
joy_ebike — wolf
 
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. 2022-06-29 not yet calculated CVE-2022-30467
MISC
MISC
jpegoptim — jpegoptim JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. 2022-07-01 not yet calculated CVE-2022-32325
MISC
kjur — jsrsasign
 
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. 2022-07-01 not yet calculated CVE-2022-25898
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kubeedge — kubeedge
 
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. 2022-06-27 not yet calculated CVE-2022-31076
MISC
CONFIRM
kubeedge — kubeedge
 
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. 2022-06-27 not yet calculated CVE-2022-31077
MISC
CONFIRM
MISC
l2blocker — l2blocker
 
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. 2022-06-27 not yet calculated CVE-2022-33202
MISC
MISC
ldap — account_manager LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. 2022-06-27 not yet calculated CVE-2022-31084
MISC
CONFIRM
ldap — account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31086
CONFIRM
MISC
ldap — account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. 2022-06-27 not yet calculated CVE-2022-31085
CONFIRM
MISC
ldap — account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. 2022-06-27 not yet calculated CVE-2022-31088
MISC
CONFIRM
ldap — account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory. 2022-06-27 not yet calculated CVE-2022-31087
MISC
CONFIRM
lettersanitizer — lettersantizer
 
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. 2022-06-27 not yet calculated CVE-2022-31103
MISC
CONFIRM
MISC
libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2056
MISC
CONFIRM
MISC
libtiff — libtiff
 
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2057
MISC
CONFIRM
MISC
libtiff — libtiff
 
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2058
CONFIRM
MISC
MISC
lightcms — lightcms
 
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. 2022-06-27 not yet calculated CVE-2022-33009
MISC
MISC
MISC
linux — linux_kernel rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. 2022-06-26 not yet calculated CVE-2022-34495
MISC
MISC
linux — linux_kernel rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. 2022-06-26 not yet calculated CVE-2022-34494
MISC
MISC
linux — linux_kernel
 
A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. 2022-06-30 not yet calculated CVE-2022-2078
MISC
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. 2022-06-30 not yet calculated CVE-2022-1852
MISC
lirantal — git-clone All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the –upload-pack feature of git. 2022-07-01 not yet calculated CVE-2022-25900
CONFIRM
CONFIRM
lithium_technologies — lithium_forum
 
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. 2022-06-28 not yet calculated CVE-2017-20106
N/A
N/A
lua — lua
 
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. 2022-07-01 not yet calculated CVE-2022-33099
MISC
MISC
MISC
MISC
MISC
manageiq — awesome_spawn
 
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. 2022-06-30 not yet calculated CVE-2014-0156
MISC
MISC
mariadb — mariadb MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. 2022-07-01 not yet calculated CVE-2022-32086
MISC
mariadb — mariadb MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. 2022-07-01 not yet calculated CVE-2022-32082
MISC
mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. 2022-07-01 not yet calculated CVE-2022-32088
MISC
mariadb — mariadb MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. 2022-07-01 not yet calculated CVE-2022-32089
MISC
mariadb — mariadb MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. 2022-07-01 not yet calculated CVE-2022-32083
MISC
mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. 2022-07-01 not yet calculated CVE-2022-32085
MISC
mariadb — mariadb MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. 2022-07-01 not yet calculated CVE-2022-32081
MISC
mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. 2022-07-01 not yet calculated CVE-2022-32087
MISC
mariadb — mariadb
 
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. 2022-07-01 not yet calculated CVE-2022-32091
MISC
mariadb — mariadb
 
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. 2022-07-01 not yet calculated CVE-2022-32084
MISC
marval_global — marval_msm Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. 2022-06-28 not yet calculated CVE-2022-31883
MISC
MISC
MISC
marval_global — marval_msm Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. 2022-06-28 not yet calculated CVE-2022-31886
MISC
MISC
MISC
MISC
marval_global — marval_msm Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. 2022-06-28 not yet calculated CVE-2022-31884
MISC
MISC
MISC
marval_global — marval_msm
 
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user’s password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. 2022-06-28 not yet calculated CVE-2022-31887
MISC
MISC
MISC
marval_global — marval_msm
 
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. 2022-06-28 not yet calculated CVE-2022-31885
MISC
MISC
MISC
mcms — mcms
 
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. 2022-07-01 not yet calculated CVE-2022-31943
MISC
md2roff — md2roff
 
** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor’s position is that the product is not intended for untrusted input. 2022-07-02 not yet calculated CVE-2022-34913
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. 2022-06-28 not yet calculated CVE-2022-34750
MISC
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won’t be escaped. 2022-07-02 not yet calculated CVE-2022-34912
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to “Welcome” followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). 2022-07-02 not yet calculated CVE-2022-34911
MISC
mermaid — mermaid
 
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to “load” a background image that will let an attacker know what’s the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. 2022-06-28 not yet calculated CVE-2022-31108
MISC
CONFIRM
metamask — metamask_extension
 
MetaMask before 10.11.3 might allow an attacker to access a user’s secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. 2022-06-29 not yet calculated CVE-2022-32969
MISC
MISC
MISC
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. 2022-06-29 not yet calculated CVE-2022-33639
N/A
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. 2022-06-29 not yet calculated CVE-2022-33638
N/A
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. 2022-06-29 not yet calculated CVE-2022-30192
N/A
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. 2022-07-01 not yet calculated CVE-2022-2280
MISC
CONFIRM
microweber — microweber
 
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. 2022-06-29 not yet calculated CVE-2022-2252
MISC
CONFIRM
minicms — minicms
 
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. 2022-06-28 not yet calculated CVE-2020-19896
MISC
minioranges_google_authenticator — minioranges_google_authenticator_wordpress_plugin The miniOrange’s Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1321
MISC
myadmin — myadmin
 
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. 2022-06-30 not yet calculated CVE-2021-37791
MISC
nagios — nagios_xi In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. 2022-06-29 not yet calculated CVE-2022-29269
MISC
MISC
MISC
MISC
nagios — nagios_xi
 
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. 2022-06-29 not yet calculated CVE-2022-29272
MISC
MISC
MISC
MISC
nagios — nagios_xi
 
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. 2022-06-29 not yet calculated CVE-2022-29271
MISC
MISC
MISC
MISC
nagios — nagios_xi
 
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. 2022-06-29 not yet calculated CVE-2022-29270
MISC
MISC
MISC
MISC
naver — whale_browser_mobile_app
 
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. 2022-06-27 not yet calculated CVE-2020-9754
CONFIRM
neors — activex
 
Origin validation error vulnerability in NeoRS’s ActiveX module allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. 2022-06-28 not yet calculated CVE-2022-23763
MISC
nextauth.js — nextauth
 
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. 2022-06-27 not yet calculated CVE-2022-31093
MISC
MISC
MISC
CONFIRM
nomachine — nomachine
 
Incorrect permissions for the folder C:ProgramDataNoMachinevaruninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. 2022-06-29 not yet calculated CVE-2022-34043
MISC
nucleus_cms — nucleus_cms
 
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. 2022-06-30 not yet calculated CVE-2021-37770
MISC
MISC
nvflare — nvflare NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-07-01 not yet calculated CVE-2022-31604
MISC
nvflare — nvflare
 
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-07-01 not yet calculated CVE-2022-31605
MISC
nvidia — dgx_a100
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. 2022-07-02 not yet calculated CVE-2022-28200
MISC
online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. 2022-06-29 not yet calculated CVE-2022-33042
MISC
online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. 2022-06-29 not yet calculated CVE-2022-33058
MISC
online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. 2022-06-29 not yet calculated CVE-2022-33059
MISC
online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. 2022-06-29 not yet calculated CVE-2022-33061
MISC
online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. 2022-06-29 not yet calculated CVE-2022-33060
MISC
online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. 2022-06-29 not yet calculated CVE-2022-33057
MISC
openhwgroup — cva6 CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. 2022-06-29 not yet calculated CVE-2022-33021
MISC
openhwgroup — cva6 CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. 2022-06-29 not yet calculated CVE-2022-33023
MISC
opensearch-project — opensearch-ruby
 
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-30 not yet calculated CVE-2022-31115
CONFIRM
MISC
MISC
openshift — openshift
 
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. 2022-06-30 not yet calculated CVE-2013-4561
MISC
MISC
openshift — openshift
 
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. 2022-06-30 not yet calculated CVE-2014-0068
MISC
openssl –openssl
 
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. 2022-07-01 not yet calculated CVE-2022-2274
CONFIRM
CONFIRM
orwell-dev-cpp — orwell-dev-cpp A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. 2022-06-29 not yet calculated CVE-2022-33037
MISC
ospfranco — link-preview-js
 
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. 2022-07-01 not yet calculated CVE-2022-25876
CONFIRM
CONFIRM
CONFIRM
oxen_i/o — session_android Session 1.13.0 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 2022-06-30 not yet calculated CVE-2022-1955
MISC
MISC
MISC
packagekit — packagekit A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. 2022-06-28 not yet calculated CVE-2022-0987
MISC
parse_community — parse_server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31089
CONFIRM
MISC
parse_server — parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields. 2022-06-30 not yet calculated CVE-2022-31112
MISC
MISC
CONFIRM
MISC
MISC
MISC
pdfalto — pdfalto PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. 2022-07-01 not yet calculated CVE-2022-32324
MISC
perl — perl
 
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the ‘Content-Length’ (`my $cl = $rqst->header(‘Content-Length’)`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of ‘Content-Length’ SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. 2022-06-27 not yet calculated CVE-2022-31081
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
pimcore — pimcore
 
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there’s the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31092
MISC
MISC
CONFIRM
pingid — windows_login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. 2022-06-30 not yet calculated CVE-2022-23717
MISC
MISC
pingid — windows_login
 
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. 2022-06-30 not yet calculated CVE-2022-23725
MISC
MISC
pingid — windows_login
 
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. 2022-06-30 not yet calculated CVE-2022-23720
MISC
MISC
pingid — windows_login
 
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application. 2022-06-30 not yet calculated CVE-2022-23718
MISC
MISC
pingid — windows_login
 
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. 2022-06-30 not yet calculated CVE-2022-23719
MISC
MISC
pingidentity — pingid_mac_login
 
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-06-30 not yet calculated CVE-2021-41995
MISC
MISC
piwigo –piwigo
 
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. 2022-06-28 not yet calculated CVE-2021-40553
MISC
prestashop — blockwishlist
 
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31101
CONFIRM
MISC
projectsend — r754
 
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. 2022-06-27 not yet calculated CVE-2017-20101
MISC
MISC
MISC
raytion — custom_security_manager
 
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS). 2022-06-25 not yet calculated CVE-2022-29931
MISC
regexfn — regexfn A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40900
MISC
repo-git-downloader — repo-git-downloader A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. 2022-06-27 not yet calculated CVE-2021-40899
MISC
rg-eg — rg-eg
 
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. 2022-06-25 not yet calculated CVE-2022-33128
MISC
robustel — r1510
 
A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. 2022-06-30 not yet calculated CVE-2022-28127
MISC
robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33314
MISC
robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33313
MISC
robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33312
MISC
robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33326
MISC
robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33328
MISC
robustel — robustel_r1510
 
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-06-30 not yet calculated CVE-2022-32585
MISC
robustel — robustel_r1510
 
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33325
MISC
robustel — robustel_r1510
 
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33329
MISC
robustel — robustel_r1510
 
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33327
MISC
rsshub — rsshub
 
RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31110
CONFIRM
MISC
MISC
ruby-mysql — ruby-mysql
 
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. 2022-06-28 not yet calculated CVE-2021-3779
MISC
ruckus — wireless_zonedirector
 
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. 2022-06-27 not yet calculated CVE-2020-21161
MISC
MISC
MISC
rulex — rulex rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31099
CONFIRM
MISC
rulex — rulex
 
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. 2022-06-27 not yet calculated CVE-2022-31100
MISC
CONFIRM
sasstools — scss-tokenizer
 
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. 2022-07-01 not yet calculated CVE-2022-25758
CONFIRM
CONFIRM
CONFIRM
scaffold-helper — scaffold-helper A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. 2022-06-27 not yet calculated CVE-2021-40898
MISC
scatchtools — scratchtools
 
ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker github.com/STForScratch/ScratchTools/ 2022-06-27 not yet calculated CVE-2022-31094
CONFIRM
MISC
MISC
shadeyouvpn — client
 
A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20107
N/A
N/A
shopware — shopware
 
Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31057
MISC
CONFIRM
MISC
MISC
silverstripe — framework
 
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. 2022-06-28 not yet calculated CVE-2021-41559
MISC
MISC
MISC
silverstripe — silverstripe/frameowrk
 
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). 2022-06-29 not yet calculated CVE-2022-28803
MISC
MISC
silverstripe — silverstripe/framework
 
Silverstripe silverstripe/framework through 4.10 allows Session Fixation. 2022-06-28 not yet calculated CVE-2022-24444
MISC
MISC
MISC
MISC
MISC
silverstripe — silverstripe/framework
 
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. 2022-06-28 not yet calculated CVE-2022-25238
MISC
MISC
MISC
MISC
silverstripe — silverstripe/assets
 
Silverstripe silverstripe/assets through 1.10 allows XSS. 2022-06-28 not yet calculated CVE-2022-29858
MISC
MISC
MISC
MISC
simplessus — simplessus
 
A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20105
N/A
N/A
simplessus — simplessus
 
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20104
N/A
N/A
sniro-validator  — sniro-validator A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40901
MISC
sourcecodester — library_management_system A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2212
MISC
MISC
sourcecodester — library_management_system
 
A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ‘ AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)– PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2214
MISC
MISC
sourcecodester — library_management_system
 
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2213
MISC
MISC
sourcecodester — zoo_management_system
 
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. 2022-06-29 not yet calculated CVE-2022-31897
MISC
MISC
split-html-to-chars — split-html-to-chars A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. 2022-06-27 not yet calculated CVE-2021-40897
MISC
synapse — synapse
 
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user’s client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false. 2022-06-28 not yet calculated CVE-2022-31052
CONFIRM
MISC
MISC
teleopti — wfm
 
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20109
MISC
MISC
teleopti — wfm
 
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20110
MISC
MISC
teleopti — wfm
 
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20111
MISC
MISC
tenda — ac23
 
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. 2022-07-01 not yet calculated CVE-2022-32384
MISC
MISC
MISC
tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. 2022-07-01 not yet calculated CVE-2022-32032
MISC
tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. 2022-07-01 not yet calculated CVE-2022-32030
MISC
tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. 2022-07-01 not yet calculated CVE-2022-32033
MISC
tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. 2022-07-01 not yet calculated CVE-2022-32031
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. 2022-07-01 not yet calculated CVE-2022-32040
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. 2022-07-01 not yet calculated CVE-2022-32037
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. 2022-07-01 not yet calculated CVE-2022-32034
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. 2022-07-01 not yet calculated CVE-2022-32036
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. 2022-07-01 not yet calculated CVE-2022-32035
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. 2022-07-01 not yet calculated CVE-2022-32039
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. 2022-07-01 not yet calculated CVE-2022-32043
MISC
tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. 2022-07-01 not yet calculated CVE-2022-32041
MISC
teradici — management_console
 
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20121
N/A
N/A
textpattern — textpattern
 
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie’s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. 2022-06-29 not yet calculated CVE-2021-40642
MISC
MISC
that-value — that-value A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40896
MISC
thinkphp — thinkphp
 
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendorleagueflysystem-cached-adaptersrcStorageAbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. 2022-06-29 not yet calculated CVE-2022-33107
MISC
thinkst — canarytokens
 
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken’s history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken’s creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken’s creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator’s network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-01 not yet calculated CVE-2022-31113
CONFIRM
MISC
todo-regrex — todo-regrex A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. 2022-06-27 not yet calculated CVE-2021-40895
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. 2022-07-01 not yet calculated CVE-2022-32052
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. 2022-07-01 not yet calculated CVE-2022-32047
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. 2022-07-01 not yet calculated CVE-2022-32045
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. 2022-07-01 not yet calculated CVE-2022-32044
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. 2022-07-01 not yet calculated CVE-2022-32048
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. 2022-07-01 not yet calculated CVE-2022-32049
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. 2022-07-01 not yet calculated CVE-2022-32050
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. 2022-07-01 not yet calculated CVE-2022-32051
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. 2022-07-01 not yet calculated CVE-2022-32046
MISC
totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. 2022-07-01 not yet calculated CVE-2022-32053
MISC
trendnet — wi-fi_routers TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. 2022-06-27 not yet calculated CVE-2022-33007
MISC
trueconf — server
 
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20117
MISC
MISC
trueconf — server
 
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20118
MISC
MISC
trueconf — server
 
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20120
MISC
MISC
trueconf — server
 
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20114
MISC
MISC
trueconf — server
 
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20113
MISC
MISC
trueconf — server
 
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20115
MISC
MISC
trueconf — server
 
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20119
MISC
MISC
trurconf — server
 
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20116
MISC
MISC
tuleap — tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. 2022-06-29 not yet calculated CVE-2022-31058
MISC
CONFIRM
MISC
MISC
tuleap — tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31063
CONFIRM
MISC
MISC
MISC
tuleap — tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31032
MISC
CONFIRM
MISC
MISC
MISC
MISC
vim — vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-06-30 not yet calculated CVE-2022-2257
MISC
CONFIRM
vim — vim
 
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2208
MISC
CONFIRM
FEDORA
FEDORA
vim — vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-06-26 not yet calculated CVE-2022-2206
CONFIRM
MISC
FEDORA
FEDORA
vim — vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2210
CONFIRM
MISC
FEDORA
FEDORA
vim — vim
 
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. 2022-06-28 not yet calculated CVE-2022-2231
CONFIRM
MISC
FEDORA
FEDORA
vim — vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-01 not yet calculated CVE-2022-2264
MISC
CONFIRM
vim — vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2207
CONFIRM
MISC
FEDORA
FEDORA
vim — vim
 
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. 2022-06-30 not yet calculated CVE-2022-33043
MISC
vim — vim
 
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2285
MISC
CONFIRM
vim — vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2286
CONFIRM
MISC
vim — vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2287
MISC
CONFIRM
vim — vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2284
CONFIRM
MISC
viscosity — viscosity
 
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-30 not yet calculated CVE-2017-20123
N/A
N/A
N/A
N/A
wasmtime — wasmtime
 
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime’s implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn’t correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime’s implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don’t yet implement the simd proposal and are not affected. 2022-06-28 not yet calculated CVE-2022-31104
MISC
MISC
CONFIRM
MISC
MISC
MISC
weaveworks — weave_gitops
 
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps’s pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. 2022-06-27 not yet calculated CVE-2022-31098
CONFIRM
MISC
web2py — web2py
 
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. 2022-06-27 not yet calculated CVE-2022-33146
MISC
MISC
MISC
MISC
wireapp — wire
 
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist. 2022-06-25 not yet calculated CVE-2022-29168
CONFIRM
wordpress — add_post_url
 
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping 2022-06-27 not yet calculated CVE-2022-1913
MISC
wordpress — analytics_stats_counter_statistics_plugin
 
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. 2022-06-27 not yet calculated CVE-2017-20099
MISC
MISC
wordpress — armember_plugin
 
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username 2022-06-27 not yet calculated CVE-2022-1903
MISC
wordpress — cimry_header_image_rotator_plugin The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1885
MISC
wordpress — clean_contact_plugin The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1914
MISC
wordpress — easy_svg_support_plugin The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads 2022-06-27 not yet calculated CVE-2022-1964
MISC
wordpress — html2wp_plugin The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file 2022-06-27 not yet calculated CVE-2022-1572
MISC
wordpress — html2wp_plugin
 
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server 2022-06-27 not yet calculated CVE-2022-1574
MISC
wordpress — html2wp_plugin
 
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them 2022-06-27 not yet calculated CVE-2022-1573
MISC
wordpress — import_export_all_plugin The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks 2022-06-27 not yet calculated CVE-2022-1977
MISC
wordpress — limit_login_attempts_wordpress_plugin The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1029
MISC
wordpress — login_with_otp_over_sms_email_whatsapp_and_google_authenticator_plugin
 
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1994
MISC
wordpress — mailpress
 
The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks 2022-06-27 not yet calculated CVE-2022-1843
MISC
wordpress — malware_scanner The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1995
MISC
wordpress — my_private_site_plugin The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1627
MISC
wordpress — mycss_plugin
 
The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1960
MISC
wordpress — nested_pages_plugin The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1990
MISC
wordpress — new_user_approve_plugin The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. 2022-06-27 not yet calculated CVE-2022-1625
MISC
wordpress — nextcellent_gallery_plugin
 
The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1971
MISC
wordpress — no_external_links_wordpress_plugin The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1095
MISC
wordpress — openbook_book_data_plugin The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1842
MISC
wordpress — popups_welcome_bar_optins_and_lead_generation_plugin The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-1776
MISC
wordpress — pricing_tables_plugin
 
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1904
MISC
wordpress — rotating_posts_plugin The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1847
MISC
wordpress — site_offine_or_coming_soon_plugin The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1593
MISC
wordpress — social_share_buttons_by_supsystic_plugin
 
The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it’s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. 2022-06-27 not yet calculated CVE-2022-1653
MISC
wordpress — tiny_contact_form_plugin
 
The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1846
MISC
wordpress — ultimate_woocommerce_csv_importer_plugin
 
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1470
MISC
wordpress — woocommerce_plugin The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1916
MISC
wordpress — woocommerce_plugin
 
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first 2022-06-27 not yet calculated CVE-2022-1953
MISC
wordpress — wp_post_styling_plugin The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin’s data, update the settings, add new entries and more via CSRF attacks 2022-06-27 not yet calculated CVE-2022-1845
MISC
wordpress — wp_security_pro
 
The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1028
MISC
wordpress — wpsentry The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1844
MISC
wordpress — admin_custom_login_plugin
 
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. 2022-06-27 not yet calculated CVE-2017-20098
MISC
MISC
wordpress — brizy_plugin
 
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-2040
MISC
MISC
wordpress — brizy_plugin
 
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-2041
MISC
MISC
wordpress — flower_delivery_by_florist_ one_wordpress_plugin
 
The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups) 2022-06-27 not yet calculated CVE-2022-1113
MISC
wordpress — google_authenticator_word_presse
 
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-0875
MISC
wordpress — kama_click_counter_plugin
 
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-27 not yet calculated CVE-2017-20103
MISC
MISC
wordpress — wp_as_saml_idp_wordpress_plugin The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1010
MISC
wordpress — xcloner_plugin_wordpress_plugin
 
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. 2022-06-27 not yet calculated CVE-2022-0444
MISC
wordpress — secure_swfupload
 
There is an object injection vulnerability in swfupload plugin for wordpress. 2022-06-30 not yet calculated CVE-2013-4144
MISC
MISC
wuzhicms — wuzhicms
 
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. 2022-06-28 not yet calculated CVE-2020-19897
MISC
xiaongmai — multiple_versions
 
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. 2022-06-30 not yet calculated CVE-2021-41506
MISC
MISC
MISC
MISC
xlpd — N/A
 
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. 2022-06-29 not yet calculated CVE-2022-33035
MISC
MISC
xpdf — xpdf
 
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. 2022-06-28 not yet calculated CVE-2022-33108
MISC
MISC
MISC
yokogawa — stradom
 
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. 2022-06-28 not yet calculated CVE-2022-29519
MISC
MISC
MISC
MISC
yokogawa — stardom.fcn
 
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. 2022-06-28 not yet calculated CVE-2022-30997
MISC
MISC
MISC
MISC
zeypher_project — zepyher Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp 2022-06-28 not yet calculated CVE-2021-3433
MISC
zeypher_project — zepyher
 
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr 2022-06-28 not yet calculated CVE-2021-3430
MISC
zeypher_project — zepyher
 
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 2022-06-28 not yet calculated CVE-2021-3431
MISC
zeypher_project — zepyher
 
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 2022-06-28 not yet calculated CVE-2021-3432
MISC
zeypher_project — zepyher
 
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm 2022-06-28 not yet calculated CVE-2021-3434
MISC
zeypher_project — zepyher
 
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh 2022-06-28 not yet calculated CVE-2021-3435
MISC
zoho — manageengine_servicedesk_plus_msp Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). 2022-07-02 not yet calculated CVE-2022-32551
MISC
zulip — zulip
 
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the browser’s developer tools. This bug will be fixed in Zulip Server 5.3. There are no known workarounds. 2022-06-25 not yet calculated CVE-2022-31017
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Cloud Security Technical Reference Architecture

06/23/2022 09:00 AM EDT

Original release date: June 23, 2022

CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal Risk and Authorization Management Program, the CS TRA defines and clarifies considerations for shared services, cloud migration, and cloud security posture management as it fulfills a key mandate in delivering on Executive Order 14028, Improving the Nation’s Cybersecurity.

CISA encourages federal program and project managers involved in cloud migration to review and implement the CS TRA

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of June 13, 2022

06/20/2022 10:49 AM EDT

Original release date: June 20, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
citrix — application_delivery_management Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. 2022-06-16 7.8 CVE-2022-27511
MISC
convert-svg_project — convert-svg The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. 2022-06-10 7.5 CVE-2022-24278
CONFIRM
CONFIRM
CONFIRM
CONFIRM
dell — supportassist_for_business_pcs Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. 2022-06-10 7.2 CVE-2022-29092
CONFIRM
dell — supportassist_for_business_pcs Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 2022-06-10 7.6 CVE-2022-29095
CONFIRM
dynamicvision — dynamicmarkt dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. 2022-06-10 7.5 CVE-2021-41754
MISC
MISC
dynamicvision — dynamicmarkt dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. 2022-06-10 7.5 CVE-2021-41755
MISC
MISC
dynamicvision — dynamicmarkt dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. 2022-06-10 7.5 CVE-2021-41756
MISC
MISC
gatsbyjs — gatsby The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. 2022-06-10 7.5 CVE-2022-25863
CONFIRM
CONFIRM
CONFIRM
CONFIRM
git-promise_project — git-promise All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. 2022-06-10 7.5 CVE-2022-24376
CONFIRM
CONFIRM
huawei — cv81-wdm_firmware There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. 2022-06-13 10 CVE-2022-29797
MISC
huawei — cv81-wdm_firmware There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. 2022-06-13 7.8 CVE-2022-29798
MISC
huawei — flmg-10_firmware There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. 2022-06-13 7.2 CVE-2022-22259
MISC
ideaco — idealms IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. 2022-06-10 7.5 CVE-2022-31788
MISC
MISC
iqonic — kivicare The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users 2022-06-13 7.5 CVE-2022-0786
MISC
memberhero — member_hero The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. 2022-06-13 7.5 CVE-2022-0885
MISC
nystudio107 — seomatic In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. 2022-06-12 7.5 CVE-2021-41749
MISC
MISC
phplist — phplist A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 7.5 CVE-2017-20029
MISC
MISC
phplist — phplist A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 7.5 CVE-2017-20032
MISC
MISC
presspage — bestbooks The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users 2022-06-13 7.5 CVE-2022-0827
MISC
realvnc — vnc_server RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. 2022-06-10 7.2 CVE-2022-27502
MISC
MISC
sicunet — access_control A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. 2022-06-11 7.5 CVE-2017-20039
N/A
N/A
sicunet — access_control A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. 2022-06-11 7.5 CVE-2017-20038
N/A
N/A
tendacn — ac18_firmware Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. 2022-06-14 10 CVE-2022-31446
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 8.2. 2022-06-10 7.5 CVE-2022-2042
CONFIRM
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alibaba — fastjson The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](github.com/alibaba/fastjson/wiki/fastjson_safemode). 2022-06-10 6.8 CVE-2022-25845
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
artbees — jupiter_x_core Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. 2022-06-13 5.5 CVE-2022-1656
MISC
axiosys — bento4 An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. 2022-06-10 4.3 CVE-2022-31287
MISC
axiosys — bento4 Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. 2022-06-10 4.3 CVE-2022-31282
MISC
axiosys — bento4 An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. 2022-06-10 4.3 CVE-2022-31285
MISC
byonepress — social_locker The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-13 4.3 CVE-2022-1608
MISC
citrix — application_delivery_management Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM. 2022-06-16 5 CVE-2022-27512
MISC
combodo — itop ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. 2022-06-10 4.3 CVE-2022-31402
MISC
MISC
MISC
convert-svg-core_project — convert-svg-core The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. 2022-06-10 6.8 CVE-2022-24429
CONFIRM
CONFIRM
CONFIRM
couchbase — sync_gateway An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. 2022-06-10 6.8 CVE-2022-32563
MISC
MISC
email_users_project — email_users The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users 2022-06-13 4.3 CVE-2022-1605
MISC
enqueue_anything_project — enqueue_anything The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. 2022-06-13 4 CVE-2021-25116
MISC
generex — rccmd Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. 2022-06-13 5.5 CVE-2022-26041
MISC
MISC
gtm4wp — google_tag_manager The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. 2022-06-13 4.3 CVE-2022-1707
MISC
MISC
MISC
MISC
gunet — open_eclass_platform GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. 2022-06-11 4.3 CVE-2021-44266
MISC
MISC
MISC
guzzlephp — guzzle Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don’t forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. 2022-06-10 5 CVE-2022-31043
CONFIRM
MISC
MISC
CONFIRM
guzzlephp — guzzle Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. 2022-06-10 5 CVE-2022-31042
CONFIRM
MISC
MISC
CONFIRM
hc_custom_wp-admin_url_project — hc_custom_wp-admin_url The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request 2022-06-13 5 CVE-2022-1595
MISC
huawei — harmonyos The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. 2022-06-13 4.9 CVE-2022-31763
MISC
MISC
huawei — harmonyos The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. 2022-06-13 5 CVE-2021-46812
MISC
MISC
huawei — magic_ui Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. 2022-06-13 5 CVE-2021-46815
MISC
huawei — magic_ui The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. 2022-06-13 5 CVE-2021-46814
MISC
MISC
huawei — magic_ui The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. 2022-06-13 4.6 CVE-2022-31762
MISC
MISC
huawei — magic_ui Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. 2022-06-13 5 CVE-2022-31754
MISC
huawei — magic_ui The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. 2022-06-13 4.9 CVE-2022-31751
MISC
MISC
huawei — magic_ui Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. 2022-06-13 5 CVE-2022-31761
MISC
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. 2022-06-10 6.8 CVE-2022-22479
XF
CONFIRM
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. 2022-06-10 5 CVE-2022-31769
XF
CONFIRM
jpeg — libjpeg There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. 2022-06-10 4.3 CVE-2022-32978
MISC
MISC
jpeg-js_project — jpeg-js The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. 2022-06-10 5 CVE-2022-25851
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kuroit — advanced_admin_search The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-06-13 4.3 CVE-2022-0626
MISC
latest_tweets_widget_project — latest_tweets_widget The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-13 4.3