Vulnerability Summary for the Week of January 31, 2022

02/07/2022 08:45 AM EST

Original release date: February 7, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — deviceon/iedge A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 9.3 CVE-2021-40389
MISC
advantech — deviceon/iservice A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 9.3 CVE-2021-40396
MISC
advantech — sq_manager A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 9.3 CVE-2021-40388
MISC
advantech — wise-paas/ota A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 9.3 CVE-2021-40397
MISC
alpsalpine — touchpad_driver Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. 2022-01-31 7.2 CVE-2021-27971
MISC
bmoor_project — bmoor The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](security.snyk.io/vuln/SNYK-JS-BMOOR-598664) 2022-01-28 7.5 CVE-2021-23558
MISC
MISC
MISC
calibre-web_project — calibre-web Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. 2022-01-30 7.5 CVE-2022-0339
MISC
CONFIRM
classapps — selectsurvey.net SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application’s backend database via boolean-based blind and UNION injection. 2022-01-28 7.5 CVE-2021-41609
MISC
MISC
cuppacms — cuppacms Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. 2022-01-31 7.8 CVE-2022-24264
MISC
MISC
cuppacms — cuppacms Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. 2022-01-31 7.8 CVE-2022-24266
MISC
MISC
cuppacms — cuppacms Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. 2022-01-31 7.8 CVE-2022-24265
MISC
MISC
elitecms — elite_cms eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. 2022-02-01 7.5 CVE-2022-24221
MISC
elitecms — elite_cms eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. 2022-02-01 7.5 CVE-2022-24222
MISC
elitecms — elite_cms eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. 2022-02-01 7.5 CVE-2022-24219
MISC
elitecms — elite_cms eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. 2022-02-01 7.5 CVE-2021-46093
MISC
elitecms — elite_cms eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. 2022-02-01 7.5 CVE-2022-24220
MISC
fortinet — fortiweb A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. 2022-02-02 9 CVE-2021-41018
CONFIRM
getperfectsurvey — perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. 2022-02-01 7.5 CVE-2021-24762
MISC
hhg-multistore — multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. 2022-01-28 7.5 CVE-2021-46448
MISC
MISC
hhg-multistore — multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. 2022-01-28 7.5 CVE-2021-46446
MISC
MISC
hhg-multistore — multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. 2022-01-28 7.5 CVE-2021-46445
MISC
MISC
hhg-multistore — multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. 2022-01-28 7.5 CVE-2021-46444
MISC
MISC
hospital_management_system_project — hospital_management_system Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. 2022-01-31 7.5 CVE-2022-24263
MISC
MISC
insyde — insydeh2o Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. 2022-02-03 7.2 CVE-2021-42059
MISC
insyde — insydeh2o SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 10 CVE-2021-42554
MISC
juce — juce The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object. 2022-01-31 7.5 CVE-2021-23520
CONFIRM
CONFIRM
CONFIRM
keyget_project — keyget The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](security.snyk.io/vuln/SNYK-JS-KEYGET-1048048) 2022-01-28 7.5 CVE-2021-23760
MISC
land-software — faust_iserver An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. 2022-01-31 7.8 CVE-2021-34805
MISC
MISC
MISC
liferay — liferay_portal Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. 2022-01-28 9 CVE-2020-28885
MISC
liferay — liferay_portal Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. 2022-01-28 9 CVE-2020-28884
MISC
minetest — minetest Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. 2022-02-02 7.5 CVE-2022-24300
MISC
MISC
MISC
mobile_shop_system_project — mobile_shop_system An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. 2022-01-28 7.5 CVE-2020-25905
MISC
online_motorcycle_(bike)_rental_system_project — online_motorcycle_(bike)_rental_system Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. 2022-01-28 7.5 CVE-2021-44249
MISC
MISC
phoenixcontact — fl_switch_2005_firmware In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. 2022-02-02 9 CVE-2022-22509
CONFIRM
polkit_project — polkit A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. 2022-01-28 7.2 CVE-2021-4034
MISC
MISC
MISC
MISC
printerlogic — virtual_appliance PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. 2022-01-31 9.3 CVE-2021-42631
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. 2022-01-31 9.3 CVE-2021-42635
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. 2022-02-01 9.3 CVE-2021-42638
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. 2022-01-28 7.8 CVE-2022-21801
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44379
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44378
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44377
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44381
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44371
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44370
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44369
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44374
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44384
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44380
MISC
reolink — rlc-410w_firmware An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.5 CVE-2021-40404
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44376
MISC
reolink — rlc-410w_firmware An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. 2022-01-28 7.5 CVE-2021-40409
MISC
reolink — rlc-410w_firmware An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.5 CVE-2022-21217
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44368
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-40423
MISC
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44373
MISC
reolink — rlc-410w_firmware An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. 2022-01-28 7.5 CVE-2021-40408
MISC
reolink — rlc-410w_firmware An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.5 CVE-2021-40407
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44367
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-40406
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 7.8 CVE-2021-44372
MISC
salesagility — suitecrm SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. 2022-01-28 7.5 CVE-2021-45897
MISC
MISC
MISC
salesagility — suitecrm SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. 2022-01-28 7.5 CVE-2021-45898
MISC
MISC
salesagility — suitecrm SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. 2022-01-28 7.5 CVE-2021-45899
MISC
MISC
schneider-electric — evlink_city_evc1s22p4_firmware A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 7.5 CVE-2021-22820
MISC
schneider-electric — scadapack_312e_firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior 2022-01-28 7.8 CVE-2021-22816
MISC
signiant — manageragents Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. 2022-01-30 7.5 CVE-2021-46660
MISC
MISC
simple_client_management_system_project — simple_client_management_system SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. 2022-02-01 7.5 CVE-2021-43510
MISC
MISC
simple_client_management_system_project — simple_client_management_system SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. 2022-02-01 7.5 CVE-2021-43509
MISC
MISC
simple_cold_storage_management_system_project — simple_cold_storage_management_system An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. 2022-01-28 7.5 CVE-2021-45435
MISC
tenda — ac15_firmware Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. 2022-01-28 7.5 CVE-2021-44971
MISC
MISC
MISC
thedigitalcraft — atomcms AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. 2022-02-01 7.5 CVE-2022-24223
MISC
totolink — a720r_firmware TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 2022-02-04 10 CVE-2021-45742
MISC
totolink — a720r_firmware TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. 2022-02-04 7.8 CVE-2021-45737
MISC
totolink — a720r_firmware TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. 2022-02-04 7.5 CVE-2021-45740
MISC
totolink — a720r_firmware TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. 2022-02-04 7.8 CVE-2021-45739
MISC
totolink — x5000r_firmware TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. 2022-02-04 7.8 CVE-2021-45741
MISC
totolink — x5000r_firmware TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. 2022-02-04 7.8 CVE-2021-45736
MISC
totolink — x5000r_firmware TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. 2022-02-04 10 CVE-2021-45738
MISC
totolink — x5000r_firmware TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time. 2022-02-04 10 CVE-2021-45733
MISC
totolink — x5000r_firmware TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. 2022-02-04 7.8 CVE-2021-45734
MISC
victor_cms_project — victor_cms Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. 2022-01-31 7.5 CVE-2021-46458
MISC
MISC
vim — vim Use After Free in Conda vim prior to 8.2. 2022-02-02 7.5 CVE-2022-0443
MISC
CONFIRM
w-zip_project — w-zip Path Traversal in NPM w-zip prior to 1.0.12. 2022-02-01 7.5 CVE-2022-0401
CONFIRM
MISC
westerndigital — my_cloud_os A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP. 2022-01-28 7.5 CVE-2022-22994
MISC
westerndigital — my_cloud_os A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input. 2022-01-28 10 CVE-2022-22992
MISC
wpdeveloper — essential_addons_for_elementor The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques. 2022-02-01 7.5 CVE-2022-0320
MISC
zfaka_project — zfaka A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account. 2022-01-28 7.5 CVE-2022-22294
MISC
MISC
zip-local_project — zip-local The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory. 2022-01-28 7.5 CVE-2021-23484
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adenza — axiomsl_controllerview Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs. 2022-01-30 5.8 CVE-2022-22919
MISC
adenza — axiomsl_controllerview Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid. 2022-01-30 5 CVE-2022-24032
MISC
apache — superset Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher. 2022-02-01 4 CVE-2021-44451
MISC
asset_cleanup — _page_speed_booster_project The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-02-01 4.3 CVE-2021-24937
MISC
asset_cleanup — _page_speed_booster_project The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue 2022-02-01 4.3 CVE-2021-24983
MISC
bestwebsoft — error_log_viewer The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. 2022-02-01 4.3 CVE-2021-24761
MISC
bosch — video_security HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. 2022-01-28 4.3 CVE-2021-23863
CONFIRM
MISC
bplugins — document_embedder The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. 2022-02-01 4 CVE-2021-24868
MISC
bplugins — document_embedder The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. 2022-02-01 5 CVE-2021-24775
MISC
calibre-web_project — calibre-web Improper Access Control in Pypi calibreweb prior to 0.6.16. 2022-01-30 4 CVE-2022-0273
MISC
CONFIRM
calibre-web_project — calibre-web Cross-site Scripting (XSS) – Reflected in Pypi calibreweb prior to 0.6.16. 2022-01-28 4.3 CVE-2022-0352
MISC
CONFIRM
casbin — casdoor The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. 2022-01-29 5 CVE-2022-24124
MISC
MISC
MISC
cf7skins — contact_form_7_skins The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-02-01 4.3 CVE-2021-25063
MISC
classapps — selectsurvey.net A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. 2022-01-28 5 CVE-2021-41608
MISC
MISC
codesys — profinet Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. 2022-02-02 5 CVE-2022-22510
CONFIRM
creativityjuice — labtools The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication 2022-02-01 4 CVE-2021-25097
MISC
docker — docker_desktop Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. 2022-02-01 5 CVE-2022-23774
MISC
dolibarr — dolibarr Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. 2022-01-31 4 CVE-2022-0414
MISC
CONFIRM
domaincheckplugin — domain_check The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue 2022-02-01 4.3 CVE-2021-24926
MISC
eclipse — wakaama In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. 2022-02-01 5 CVE-2021-41040
CONFIRM
CONFIRM
element — desktop Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim’s computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution. 2022-02-01 5.1 CVE-2022-23597
CONFIRM
MISC
elitecms — elite_cms An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. 2022-02-01 6.4 CVE-2022-24218
MISC
emerson — deltav_workstation A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. 2022-01-28 4.9 CVE-2021-26264
MISC
ethercreative — logs The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. 2022-01-31 4 CVE-2022-23409
MISC
MISC
MISC
getlaminas — laminas-form laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory. 2022-01-28 4.3 CVE-2022-23598
MISC
MISC
CONFIRM
getperfectsurvey — perfect_survey The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue 2022-02-01 4.3 CVE-2021-24765
MISC
getperfectsurvey — perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey 2022-02-01 6.8 CVE-2021-24763
MISC
getperfectsurvey — perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues 2022-02-01 4.3 CVE-2021-24764
MISC
gitforwindows — git In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. 2022-01-31 5 CVE-2021-46101
MISC
github — gh-ost gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack’s malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads. 2022-02-01 4.3 CVE-2022-21687
MISC
CONFIRM
glpi-project — glpi GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. 2022-01-28 4 CVE-2022-21720
CONFIRM
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds. 2022-01-28 4.3 CVE-2022-21719
CONFIRM
MISC
MISC
hitachi — linkone Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-28 5 CVE-2021-40340
CONFIRM
hitachi — linkone Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-28 5 CVE-2021-40339
CONFIRM
hitachi — linkone Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-28 5 CVE-2021-40338
CONFIRM
huawei — cloudengine_12800_firmware There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. 2022-01-31 4 CVE-2021-40042
MISC
ibm — financial_transaction_manager IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. 2022-02-02 6.5 CVE-2021-39066
CONFIRM
XF
ibm — financial_transaction_manager IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. 2022-02-02 6.8 CVE-2021-39044
XF
CONFIRM
ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856. 2022-02-02 5 CVE-2021-39021
CONFIRM
XF
ibm — security_verify_access IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. 2022-02-02 6.8 CVE-2021-39070
CONFIRM
XF
intel — connman An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. 2022-01-28 5 CVE-2022-23098
MISC
MISC
intel — connman An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. 2022-01-28 6.4 CVE-2022-23097
MISC
MISC
intel — connman An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. 2022-01-28 6.4 CVE-2022-23096
MISC
MISC
itextpdf — itext iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-02-01 4.3 CVE-2022-24198
MISC
itextpdf — itext iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-02-01 4.3 CVE-2022-24196
MISC
itextpdf — itext iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-02-01 4.3 CVE-2022-24197
MISC
ivanti — service_manager Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. 2022-02-01 4.3 CVE-2021-38560
MISC
MISC
joinmastodon — mastodon Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. 2022-02-02 4.3 CVE-2022-0432
CONFIRM
MISC
junrar_project — junrar Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible. 2022-02-01 5 CVE-2022-23596
MISC
CONFIRM
MISC
lg — webos There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege 2022-01-28 4.6 CVE-2022-23727
MISC
link_library_project — link_library The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request 2022-02-01 5 CVE-2021-25093
MISC
link_library_project — link_library The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack 2022-02-01 4.3 CVE-2021-25092
MISC
link_library_project — link_library The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-02-01 4.3 CVE-2021-25091
MISC
linux — linux_kernel kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. 2022-01-29 6.9 CVE-2022-24122
MISC
MISC
MISC
FEDORA
FEDORA
mariadb — mariadb MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. 2022-02-01 5 CVE-2021-46665
MISC
mariadb — mariadb MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. 2022-02-01 5 CVE-2021-46668
MISC
mariadb — mariadb MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. 2022-02-01 5 CVE-2021-46666
MISC
mariadb — mariadb MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. 2022-02-01 5 CVE-2021-46669
MISC
mariadb — mariadb MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). 2022-02-01 5 CVE-2021-46661
MISC
mariadb — mariadb MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. 2022-02-01 5 CVE-2021-46662
MISC
mariadb — mariadb MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. 2022-02-01 5 CVE-2021-46663
MISC
mariadb — mariadb MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. 2022-02-01 5 CVE-2021-46664
MISC
mariadb — mariadb MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. 2022-02-01 5 CVE-2021-46667
MISC
marktext — marktext MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload. 2022-01-29 6.8 CVE-2022-24123
MISC
MISC
metagauss — registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting 2022-02-01 4.3 CVE-2021-24648
MISC
CONFIRM
minetest — minetest In Minetest before 5.4.0, players can add or subtract items from a different player’s inventory. 2022-02-02 6.4 CVE-2022-24301
MISC
MISC
motioneye_project — motioneye Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. 2022-01-31 6.5 CVE-2021-44255
MISC
MISC
navercorp — whale A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. 2022-01-28 4.3 CVE-2022-24071
CONFIRM
nextscripts — social_networks_auto_poster The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack 2022-02-01 4.3 CVE-2021-25072
MISC
nextscripts — social_networks_auto_poster The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue 2022-02-01 4.3 CVE-2021-24975
CONFIRM
MISC
nim-lang — docutils Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum’s post “preview” endpoint. Even if NimForum is running as a non-critical user, the forum.json secrets can be stolen. Version 2.2.0 of NimForum includes patches for this vulnerability. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue. 2022-02-01 5.5 CVE-2022-23602
CONFIRM
MISC
online_course_registration_project — online_course_registration Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. 2022-01-31 5 CVE-2020-36064
MISC
MISC
MISC
MISC
pega — infinity Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. 2022-01-28 4.6 CVE-2021-27654
MISC
piwigo — piwigo Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. 2022-01-28 6.8 CVE-2016-3735
MISC
MISC
MISC
pluginus — woocommerce_products_filter The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting 2022-02-01 4.3 CVE-2021-25085
CONFIRM
MISC
radare — radare2 NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 6.0.0. 2022-02-01 4.3 CVE-2022-0419
CONFIRM
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44389
MISC
reolink — rlc-410w_firmware An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.5 CVE-2021-40413
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44413
MISC
reolink — rlc-410w_firmware A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.4 CVE-2022-21796
MISC
reolink — rlc-410w_firmware An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. 2022-01-28 6.5 CVE-2021-40414
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44415
MISC
reolink — rlc-410w_firmware An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. 2022-01-28 6.5 CVE-2021-40412
MISC
reolink — rlc-410w_firmware An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. 2022-01-28 6.5 CVE-2021-40411
MISC
reolink — rlc-410w_firmware An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. 2022-01-28 6.5 CVE-2021-40410
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44395
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44396
MISC
reolink — rlc-410w_firmware A firmware update vulnerability exists in the ‘factory’ binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. 2022-01-28 5 CVE-2021-40419
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44385
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44412
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44418
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44387
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44388
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44410
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44411
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44401
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44390
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44391
MISC
reolink — rlc-410w_firmware An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-01-28 4.3 CVE-2022-21199
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44392
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44393
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44400
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44414
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44404
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44416
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44364
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44417
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44409
MISC
reolink — rlc-410w_firmware A firmware update vulnerability exists in the &quot;update&quot; firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. 2022-01-28 5 CVE-2022-21134
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44406
MISC
reolink — rlc-410w_firmware An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 5 CVE-2022-21236
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44360
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44402
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44403
MISC
reolink — rlc-410w_firmware An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. 2022-01-28 6.8 CVE-2021-40415
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44359
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44361
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44358
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44362
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44386
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44398
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44399
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44363
MISC
reolink — rlc-410w_firmware An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.5 CVE-2021-40416
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44383
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44419
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44365
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44408
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44407
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44382
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44405
MISC
reolink — rlc-410w_firmware A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 6.8 CVE-2021-44397
MISC
rosariosis — rosariosis Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. 2022-02-01 4.3 CVE-2021-45416
MISC
MISC
schneider-electric — ecostruxure_power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions 2022-01-28 6.8 CVE-2021-22827
MISC
schneider-electric — ecostruxure_power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions 2022-01-28 6.8 CVE-2021-22826
MISC
schneider-electric — evlink_city_evc1s22p4_firmware A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 5 CVE-2021-22818
MISC
schneider-electric — evlink_city_evc1s22p4_firmware A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 4.3 CVE-2021-22822
MISC
schneider-electric — evlink_city_evc1s22p4_firmware A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 4.3 CVE-2021-22819
MISC
schneider-electric — evlink_city_evc1s22p4_firmware A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 5 CVE-2021-22821
MISC
schneider-electric — guicon A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior 2022-01-28 6.8 CVE-2021-22808
MISC
schneider-electric — guicon A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior 2022-01-28 4.3 CVE-2021-22809
MISC
schneider-electric — guicon A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior 2022-01-28 6.8 CVE-2021-22807
MISC
schneider-electric — network_management_card_2_firmware A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) 2022-01-28 5 CVE-2021-22815
MISC
schneider-electric — network_management_card_2_firmware A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) 2022-01-28 4.3 CVE-2021-22810
MISC
schneider-electric — network_management_card_2_firmware A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) 2022-01-28 4.3 CVE-2021-22814
MISC
schneider-electric — network_management_card_2_firmware A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) 2022-01-28 4.3 CVE-2021-22813
MISC
schneider-electric — network_management_card_2_firmware A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) 2022-01-28 4.3 CVE-2021-22811
MISC
schneider-electric — network_management_card_2_firmware A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) 2022-01-28 4.3 CVE-2021-22812
MISC
schneider-electric — rack_power_distribution_unit_with_network_management_card_2_firmware A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier) 2022-01-28 6 CVE-2021-22825
MISC
se — evc1s22p4_firmware A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 6.8 CVE-2021-22724
MISC
se — evc1s22p4_firmware A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) 2022-01-28 6.8 CVE-2021-22725
MISC
sensiolabs — symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. 2022-02-01 6.8 CVE-2022-23601
CONFIRM
MISC
stormshield — network_security Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. 2022-01-31 6.5 CVE-2021-28962
MISC
MISC
MISC
synel — eharmony SYNEL – eharmony Directory Traversal. Directory Traversal – is an attack against a server or a Web application aimed at unauthorized access to the file system. on the “Name” parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload 2022-01-28 5 CVE-2022-22790
MISC
totolink — x5000r_firmware TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. 2022-02-04 5 CVE-2021-45735
MISC
updraftplus — updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting 2022-02-01 4.3 CVE-2021-25089
MISC
vercel — next.js Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. A patch has been released, `next@12.0.9`, that mitigates this issue. As a workaround, one may ensure `/${locale}/_next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade. 2022-01-28 4.3 CVE-2022-21721
MISC
CONFIRM
MISC
veridiumid — veridiumad An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user’s login certificate. 2022-01-28 4.9 CVE-2021-42791
MISC
MISC
MISC
victor_cms_project — victor_cms Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. 2022-01-31 5 CVE-2021-46459
MISC
MISC
vim — vim Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-01-28 5.8 CVE-2022-0393
CONFIRM
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 8.2. 2022-01-30 6.8 CVE-2022-0413
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-01-28 6.8 CVE-2022-0392
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in Conda vim prior to 8.2. 2022-01-30 6.8 CVE-2022-0407
MISC
CONFIRM
vim — vim Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-01-30 6.8 CVE-2022-0408
CONFIRM
MISC
vim — vim Heap-based Buffer Overflow in Conda vim prior to 8.2. 2022-02-01 6.8 CVE-2022-0417
CONFIRM
MISC
welaunch — wordpress_gdpr amp;ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an “application/json” content-type. Since an HTML payload isn’t properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim’s browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce) 2022-02-01 4.3 CVE-2022-0220
MISC
westerndigital — my_cloud_os A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters. 2022-01-28 5 CVE-2022-22993
MISC
wickedplugins — wicked_folders The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection 2022-02-01 6.5 CVE-2021-24919
MISC
CONFIRM
wpchill — download_monitor Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It’s also possible to escape from the web server home directory and download any file within the OS. 2022-01-28 6.8 CVE-2021-31567
CONFIRM
CONFIRM
CONFIRM
xstream_project — xstream XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible. 2022-02-01 5 CVE-2021-43859
CONFIRM
MISC
MISC
yellowpencil — visual_css_style_editor The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-02-01 4.3 CVE-2021-24934
MISC
CONFIRM
yzmcms — yzmcms YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. 2022-01-28 6.8 CVE-2022-23888
MISC
yzmcms — yzmcms YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. 2022-01-28 4.3 CVE-2022-23887
MISC
yzmcms — yzmcms The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. 2022-01-28 5 CVE-2022-23889
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user’s login password. 2022-01-28 4 CVE-2022-23863
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
anchorcms — anchor_cms A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. 2022-02-01 3.5 CVE-2021-46253
MISC
MISC
beetel — 777vr1-dl_firmware Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. 2022-01-31 3.5 CVE-2020-36056
MISC
MISC
cusmin — absolutely_glamorous_custom_admin The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-01 3.5 CVE-2021-24944
MISC
emlog — emlog_pro Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. 2022-01-31 3.5 CVE-2022-23872
MISC
MISC
etoilewebdesign — ultimate_reviews Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). 2022-01-28 3.5 CVE-2022-23979
CONFIRM
CONFIRM
gadget_works_online_ordering_system_project — gadget_works_online_ordering_system A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. 2022-01-28 3.5 CVE-2021-34073
MISC
gibbonedu — gibbon Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. 2022-01-28 3.5 CVE-2022-22868
MISC
MISC
MISC
hhg-multistore — multistore A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. 2022-01-28 3.5 CVE-2021-46447
MISC
MISC
hp — support_assistant Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. 2022-01-28 2.1 CVE-2022-23456
MISC
huawei — cloudengine_12800_firmware There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. 2022-01-31 2.1 CVE-2021-40033
MISC
invisible-island — xterm xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. 2022-01-31 2.6 CVE-2022-24130
MISC
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. 2022-01-31 2.1 CVE-2022-0286
MISC
MISC
livehelperchat — live_helper_chat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-28 3.5 CVE-2022-0395
MISC
CONFIRM
livehelperchat — live_helper_chat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-28 3.5 CVE-2022-0394
MISC
CONFIRM
mariadb — mariadb MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. 2022-01-29 2.1 CVE-2021-46659
MISC
mariadb — mariadb save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. 2022-01-29 2.1 CVE-2021-46658
MISC
mariadb — mariadb get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. 2022-01-29 2.1 CVE-2021-46657
MISC
nd-learning_project — nd-learning The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-01 3.5 CVE-2021-24707
MISC
plone — plone Products.ATContentTypes are the core content types for Plone 2.1 – 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user’s cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. 2022-01-28 2.6 CVE-2022-23599
MISC
CONFIRM
schneider-electric — software_update A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1 2022-01-28 2.1 CVE-2021-22799
MISC
stock_management_system_project — stock_management_system Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. 2022-01-31 3.5 CVE-2021-44114
MISC
MISC
svg_support_project — svg_support The SVG Support WordPress plugin before 2.3.20 does not escape the “CSS Class to target” setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-01 3.5 CVE-2021-24686
MISC
CONFIRM
synel — eharmony SYNEL – eharmony Authenticated Blind & Stored XSS. Inject JS code into the “comments” field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system. 2022-01-28 3.5 CVE-2022-22791
MISC
vmware — workstation VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. 2022-01-28 2.1 CVE-2022-22938
MISC
wpchill — download_monitor Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. 2022-01-28 3.5 CVE-2021-23174
CONFIRM
CONFIRM
CONFIRM
wpmanageninja — ninja_tables The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-01 3.5 CVE-2021-24900
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — ac800m_opc_server
 
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. 2022-02-04 not yet calculated CVE-2021-22284
MISC
abb — spiet800_and_pni800_modules Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 not yet calculated CVE-2021-22288
MISC
abb — spiet800_and_pni800_modules
 
Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 not yet calculated CVE-2021-22285
MISC
abb — spiet800_and_pni800_modules
 
Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 2022-02-04 not yet calculated CVE-2021-22286
MISC
acronis — cyber_protect_home_office Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 not yet calculated CVE-2022-24113
MISC
acronis — cyber_protect_home_office Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 2022-02-04 not yet calculated CVE-2022-24114
MISC
acronis — cyber_protect_home_office
 
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 2022-02-04 not yet calculated CVE-2022-24115
MISC
acronis — multiple_products Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 not yet calculated CVE-2021-44206
MISC
acronis — multiple_products
 
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 not yet calculated CVE-2021-44204
MISC
acronis — multiple_products
 
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 2022-02-04 not yet calculated CVE-2021-44205
MISC
advantech — adam-3600
 
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. 2022-02-04 not yet calculated CVE-2022-22987
CONFIRM
amd — cpus
 
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. 2022-02-04 not yet calculated CVE-2020-12965
MISC
amd — epyc_processors
 
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. 2022-02-04 not yet calculated CVE-2020-12966
MISC
amd — graphics_driver_for_windows_10
 
AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. 2022-02-04 not yet calculated CVE-2020-12891
MISC
apache — activemq_artemis
 
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. 2022-02-04 not yet calculated CVE-2022-23913
MISC
apache — gobblin
 
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 2022-02-04 not yet calculated CVE-2021-36152
MISC
apache — gobblin
 
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 2022-02-04 not yet calculated CVE-2021-36151
MISC
apache — pulsar
 
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions. 2022-02-01 not yet calculated CVE-2021-41571
MISC
MISC
MISC
argoproj — argo-cd
 
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. 2022-02-04 not yet calculated CVE-2022-24348
MISC
CONFIRM
arista — eos_software The impact of this vulnerability is that Arista’s EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. 2022-02-04 not yet calculated CVE-2021-28503
MISC
atftp — atftp
 
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. 2022-02-04 not yet calculated CVE-2021-46671
MISC
MISC
backdrop_cms — backdrop_cms
 
** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons. 2022-02-03 not yet calculated CVE-2021-45268
MISC
MISC
broadcom — ca_harvest_software_change_manager
 
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. 2022-02-04 not yet calculated CVE-2022-22689
MISC
d-link — d-link_devices D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. 2022-02-04 not yet calculated CVE-2021-46454
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. 2022-02-04 not yet calculated CVE-2021-46230
MISC
MISC
d-link — d-link_devices D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. 2022-02-04 not yet calculated CVE-2021-46457
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. 2022-02-04 not yet calculated CVE-2021-46227
MISC
MISC
d-link — d-link_devices D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. 2022-02-04 not yet calculated CVE-2021-46456
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. 2022-02-04 not yet calculated CVE-2021-46229
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. 2022-02-04 not yet calculated CVE-2021-46228
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. 2022-02-04 not yet calculated CVE-2021-46231
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. 2022-02-04 not yet calculated CVE-2021-46232
MISC
MISC
d-link — d-link_devices D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. 2022-02-04 not yet calculated CVE-2021-46455
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. 2022-02-04 not yet calculated CVE-2021-46233
MISC
MISC
d-link — d-link_devices D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. 2022-02-04 not yet calculated CVE-2021-46226
MISC
MISC
d-link — d-link_devices D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. 2022-02-04 not yet calculated CVE-2021-46453
MISC
MISC
d-link — d-link_devices
 
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. 2022-02-04 not yet calculated CVE-2021-46452
MISC
MISC
d-link — d-link_devices
 
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 not yet calculated CVE-2021-45998
MISC
MISC
d-link — multiple_devices D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 not yet calculated CVE-2021-44881
MISC
MISC
d-link — multiple_devices D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 not yet calculated CVE-2021-44882
MISC
MISC
d-link — multiple_devices
 
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. 2022-02-04 not yet calculated CVE-2021-44880
MISC
MISC
debian — perm
 
perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) 2022-02-05 not yet calculated CVE-2021-38172
MISC
MISC
MISC
CONFIRM
MISC
django — django
 
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. 2022-02-03 not yet calculated CVE-2022-23833
MISC
CONFIRM
MISC
django — django
 
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. 2022-02-03 not yet calculated CVE-2022-22818
MISC
CONFIRM
MISC
ecostruxure — power_monitoring_expert A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 not yet calculated CVE-2022-22726
MISC
ecostruxure — power_monitoring_expert A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 not yet calculated CVE-2022-22804
MISC
ecostruxure — power_monitoring_expert
 
A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 2022-02-04 not yet calculated CVE-2022-22727
MISC
embed_swagger — embed_swagger
 
The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. 2022-02-04 not yet calculated CVE-2022-0381
MISC
MISC
MISC
emlog — emlog
 
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). 2022-02-04 not yet calculated CVE-2022-23379
MISC
filebrowser — filebrowser
 
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. 2022-02-04 not yet calculated CVE-2021-46398
MISC
MISC
MISC
MISC
flask-appbuilder — flask-appbuilder
 
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue. 2022-01-31 not yet calculated CVE-2022-21659
MISC
CONFIRM
fleetdm — fleet
 
fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider (SP) could reuse the SAML response to log into Fleet as a user — only if the user has an account with the same email in Fleet, _and_ the user signs into the malicious SP via SAML SSO from the same Identity Provider (IdP) configured with Fleet. 2. A user with an account in Fleet could reuse a SAML response intended for another SP to log into Fleet. This is only a concern if the user is blocked from Fleet in the IdP, but continues to have an account in Fleet. If the user is blocked from the IdP entirely, this cannot be exploited. Fleet 4.9.1 resolves this issue. Users unable to upgrade should: Reduce the length of sessions on your IdP to reduce the window for malicious re-use, Limit the amount of SAML Service Providers/Applications used by user accounts with access to Fleet, and When removing access to Fleet in the IdP, delete the Fleet user from Fleet as well. 2022-02-04 not yet calculated CVE-2022-23600
MISC
CONFIRM
fortiguard — fortiauthenticator_ha_service
 
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC’s database. 2022-02-02 not yet calculated CVE-2021-36177
CONFIRM
fortiguard — fortiextender A improper neutralization of special elements used in a command (‘command injection’) in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters 2022-02-02 not yet calculated CVE-2021-41016
CONFIRM
fortiguard — fortinet_fortimail
 
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. 2022-02-02 not yet calculated CVE-2021-43062
CONFIRM
fortiguard — fortinet_fortiweb
 
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. 2022-02-02 not yet calculated CVE-2021-43073
CONFIRM
fortiguard — fortiweb
 
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. 2022-02-02 not yet calculated CVE-2021-36193
CONFIRM
fortiguard — fortiweb_management_interface
 
An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. 2022-02-02 not yet calculated CVE-2021-42753
CONFIRM
fotobook — fotobook
 
The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER[‘PHP_SELF’] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. 2022-02-04 not yet calculated CVE-2022-0380
MISC
MISC
foxit_software — pdf_reader
 
A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-02-04 not yet calculated CVE-2022-22150
MISC
foxit_software — pdf_reader
 
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-02-04 not yet calculated CVE-2021-40420
MISC
gerber_viewer — gerber_viewer A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2022-23946
MISC
gerber_viewer — gerber_viewer
 
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2022-23947
MISC
gerbv — gerbv An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-40403
MISC
gerbv — gerbv
 
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-40401
MISC
gibbons_cms — gibbons_cms
 
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. 2022-02-03 not yet calculated CVE-2022-23871
MISC
MISC
google — go-attestation
 
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above. 2022-02-04 not yet calculated CVE-2022-0317
MISC
gpac — gpac
 
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. 2022-02-04 not yet calculated CVE-2021-4043
CONFIRM
MISC
gpac — gpac
 
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. 2022-02-04 not yet calculated CVE-2022-24249
MISC
gwa_autoresponder — gwa_autoresponder
 
Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. 2022-02-04 not yet calculated CVE-2021-44779
CONFIRM
CONFIRM
h20 — h20
 
h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately. 2022-02-01 not yet calculated CVE-2021-43848
MISC
CONFIRM
hpe — agentless_management_service_for_windows
 
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. 2022-02-04 not yet calculated CVE-2021-29218
MISC
hpe — flexnetwork_5130_switch_series
 
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. 2022-02-04 not yet calculated CVE-2021-29219
MISC
ibm — openbmc
 
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. 2022-02-04 not yet calculated CVE-2021-38960
XF
CONFIRM
icms — icms
 
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. 2022-02-04 not yet calculated CVE-2021-44977
MISC
icms — icms
 
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. 2022-02-04 not yet calculated CVE-2021-44978
MISC
MISC
insyde — insyde_software
 
SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2022-24030
MISC
insyde — insydeh20 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code. 2022-02-03 not yet calculated CVE-2021-41840
MISC
insyde — insydeh20 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2021-42113
MISC
insyde — insydeh20 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2021-42060
MISC
insyde — insydeh20 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be used by an attacker to overwrite address location of the function (LocateHandleBuffer) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. 2022-02-03 not yet calculated CVE-2021-41841
MISC
insyde — insydeh20 An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2021-43522
MISC
insyde — insydeh20 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be used by an attacker to overwrite address location of any of the functions (FreePool,LocateHandleBuffer,HandleProtocol) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. 2022-02-03 not yet calculated CVE-2021-41839
MISC
insyde — insydeh20 An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer “ptr” to read or write or manipulate data in the SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. 2022-02-03 not yet calculated CVE-2021-41838
MISC
insyde — insydeh20 An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2022-24031
MISC
insyde — insydeh20 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2021-43615
MISC
insyde — insydeh20
 
An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer “current_ptr” to read or write or manipulate data into SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. 2022-02-03 not yet calculated CVE-2021-41837
MISC
insyde — insydeh20
 
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2021-43323
MISC
insyde — insydeh20
 
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2022-24069
MISC
insyde — insydeh20
 
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. 2022-02-03 not yet calculated CVE-2021-33627
MISC
insyde — insydeh20
 
An issue was discovered in Kernel 5.x (starting from 5.1) in Insyde InsydeH2O, has a SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 2022-02-03 not yet calculated CVE-2021-33625
MISC
insyde — insydeh20
 
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). 2022-02-03 not yet calculated CVE-2020-5953
MISC
MISC
itunesrpc-remastered — itunesrpc-remastered iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible. 2022-02-04 not yet calculated CVE-2022-23609
CONFIRM
MISC
itunesrpc-remastered — itunesrpc-remastered
 
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue. 2022-02-01 not yet calculated CVE-2022-23603
CONFIRM
MISC
MISC
itunesrpc-remastered — itunesrpc-remastered
 
iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade. 2022-02-04 not yet calculated CVE-2022-23611
CONFIRM
MISC
jcv8000 — codex
 
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. 2022-02-04 not yet calculated CVE-2021-43635
MISC
MISC
MISC
jhead — jhead
 
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue. 2022-02-02 not yet calculated CVE-2020-26208
MISC
MISC
MISC
CONFIRM
jira — mongodb_server
 
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. 2022-02-04 not yet calculated CVE-2021-32036
MISC
jpressprojects — jpress
 
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. 2022-02-04 not yet calculated CVE-2022-23330
MISC
jsdecena — laracom
 
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. 2022-02-04 not yet calculated CVE-2022-0472
CONFIRM
MISC
jspxcms — jspxcms
 
A vulnerability in ${“freemarker.template.utility.Execute”?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. 2022-02-04 not yet calculated CVE-2022-23329
MISC
juce-framework — juce
 
This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object. 2022-01-31 not yet calculated CVE-2021-23521
MISC
MISC
karma-runner — karma
 
Cross-site Scripting (XSS) – DOM in NPM karma prior to 6.3.14. 2022-02-05 not yet calculated CVE-2022-0437
CONFIRM
MISC
kubernetes — kubernetes
 
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane. 2022-02-01 not yet calculated CVE-2020-8562
MISC
MISC
linux — linux_kernel
 
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. 2022-02-04 not yet calculated CVE-2021-4154
MISC
MISC
linux — linux_kernel
 
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. 2022-02-04 not yet calculated CVE-2022-24448
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A vulnerability was found in the Linux kernel’s eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 2022-02-04 not yet calculated CVE-2022-0264
MISC
linux — linux_kernel
 
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. 2022-02-04 not yet calculated CVE-2022-0487
MISC
MISC
mastodon — mastodon
 
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.) 2022-02-03 not yet calculated CVE-2022-24307
CONFIRM
CONFIRM
micro-star_international — app player
 
Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 not yet calculated CVE-2021-44900
MISC
MISC
micro-star_international — center_pro
 
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 not yet calculated CVE-2021-44903
MISC
MISC
micro-star_international — cetner Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 not yet calculated CVE-2021-44899
MISC
MISC
micro-star_international — dragon_center
 
Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. 2022-02-04 not yet calculated CVE-2021-44901
MISC
MISC
micro_focus — voltage_securemail_mail_relay
 
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. 2022-02-04 not yet calculated CVE-2021-38130
MISC
mirantis — container_cloud_lens_extension
 
Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. 2022-02-04 not yet calculated CVE-2022-0484
MISC
mozilo2.0 — mozilo2.0
 
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. 2022-02-03 not yet calculated CVE-2022-23357
MISC
MISC
mruby — mruby
 
NULL Pointer Dereference in Homebrew mruby prior to 3.2. 2022-02-04 not yet calculated CVE-2022-0481
CONFIRM
MISC
nec — communication_products
 
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained. 2022-02-01 not yet calculated CVE-2021-44746
MISC
northstar_technologies_inc — northstar_club_management Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. 2022-02-04 not yet calculated CVE-2021-29397
MISC
MISC
northstar_technologies_inc — northstar_club_management Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. 2022-02-04 not yet calculated CVE-2021-29395
MISC
MISC
northstar_technologies_inc — northstar_club_management
 
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. 2022-02-04 not yet calculated CVE-2021-29396
MISC
MISC
northstar_technologies_inc — northstar_club_management
 
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled “command” and “commandvalues” parameters. 2022-02-04 not yet calculated CVE-2021-29393
MISC
MISC
northstar_technologies_inc — northstar_club_management
 
Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. 2022-02-04 not yet calculated CVE-2021-29398
MISC
MISC
northstar_technologies_inc — northstar_club_management
 
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled “userID” parameter of the HTTP POST request. 2022-02-04 not yet calculated CVE-2021-29394
MISC
MISC
nvidia — omniverse_launcher
 
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity. 2022-02-02 not yet calculated CVE-2022-21817
MISC
online-movie-ticket-booking-system — online-movie-ticket-booking-system
 
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the ‘id’ paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. 2022-02-03 not yet calculated CVE-2021-44866
MISC
openzeppelin — openzeppelin
 
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution. 2022-02-04 not yet calculated CVE-2021-46320
MISC
pgjdbc — pgjdbc
 
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to remote code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. 2022-02-02 not yet calculated CVE-2022-21724
CONFIRM
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. 2022-02-02 not yet calculated CVE-2021-42640
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. 2022-02-02 not yet calculated CVE-2021-42637
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. 2022-02-02 not yet calculated CVE-2021-42639
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. 2022-02-02 not yet calculated CVE-2021-42642
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. 2022-02-02 not yet calculated CVE-2021-42641
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
printerlogic — web_stack
 
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. 2022-02-02 not yet calculated CVE-2021-42633
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
ptrofimo — beanstalk_console
 
Cross-site Scripting (XSS) – Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. 2022-02-05 not yet calculated CVE-2022-0501
MISC
CONFIRM
putil-merge_project — putil-merge
 
This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 2022-02-04 not yet calculated CVE-2021-23470
CONFIRM
CONFIRM
ricon_mobile — industrial_cellular_router
 
The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. 2022-02-04 not yet calculated CVE-2022-0365
CONFIRM
schneider_electric — easergy_p3
 
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205) 2022-02-04 not yet calculated CVE-2022-22725
MISC
schneider_electric — easergy_p5 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 2022-02-04 not yet calculated CVE-2022-22722
MISC
schneider_electric — easergy_p5 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 2022-02-04 not yet calculated CVE-2022-22723
MISC
schneider_electric — modicon_m340_cpus
 
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions) 2022-02-04 not yet calculated CVE-2022-22724
MISC
schneider_electric — multiple_modicon_products
 
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) 2022-02-04 not yet calculated CVE-2020-7534
MISC
sealevel — seaconnect_370w A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21968
MISC
sealevel — seaconnect_370w A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21964
MISC
sealevel — seaconnect_370w An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 2022-02-04 not yet calculated CVE-2021-21970
MISC
sealevel — seaconnect_370w An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 2022-02-04 not yet calculated CVE-2021-21969
MISC
sealevel — seaconnect_370w A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21960
MISC
sealevel — seaconnect_370w An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21963
MISC
sealevel — seaconnect_370w An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21971
MISC
sealevel — seaconnect_370w A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21962
MISC
sealevel — seaconnect_370w A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21961
MISC
sealevel — seaconnect_370w A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2022-02-04 not yet calculated CVE-2021-21965
MISC
sealevel — seaconnect_370w
 
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. 2022-02-04 not yet calculated CVE-2021-21959
MISC
seeddms — seeddms
 
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the “referuri” parameter. 2022-02-04 not yet calculated CVE-2021-45408
MISC
shibboleth — identity_provider
 
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. 2022-02-04 not yet calculated CVE-2022-24129
MISC
MISC
CONFIRM
silverstripe– silverstripe-framework
 
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1. 2022-02-04 not yet calculated CVE-2022-0227
CONFIRM
MISC
skratchdot — object-path-set
 
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 2022-02-04 not yet calculated CVE-2021-23507
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sophos — capsule8_console
 
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. 2022-02-02 not yet calculated CVE-2022-0366
CONFIRM
stormshield — stormshield_network_security
 
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. 2022-01-31 not yet calculated CVE-2021-31617
MISC
MISC
strikeentco — set
 
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 2022-02-04 not yet calculated CVE-2021-23497
CONFIRM
CONFIRM
CONFIRM
strongswan — strongswan
 
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. 2022-01-31 not yet calculated CVE-2021-45079
MISC
taocms — taocms
 
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. 2022-02-04 not yet calculated CVE-2021-44983
MISC
taocms — taocms
 
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. 2022-02-04 not yet calculated CVE-2022-23316
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter. 2022-02-04 not yet calculated CVE-2022-24161
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. 2022-02-04 not yet calculated CVE-2022-24148
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter. 2022-02-04 not yet calculated CVE-2022-24154
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. 2022-02-04 not yet calculated CVE-2022-24155
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 not yet calculated CVE-2022-24156
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 not yet calculated CVE-2022-24146
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 not yet calculated CVE-2022-24158
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters. 2022-02-04 not yet calculated CVE-2022-24159
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. 2022-02-04 not yet calculated CVE-2022-24160
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 2022-02-04 not yet calculated CVE-2022-24143
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-02-04 not yet calculated CVE-2022-24162
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. 2022-02-04 not yet calculated CVE-2022-24151
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters. 2022-02-04 not yet calculated CVE-2022-24144
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. 2022-02-04 not yet calculated CVE-2022-24149
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. 2022-02-04 not yet calculated CVE-2022-24142
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. 2022-02-04 not yet calculated CVE-2022-24147
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. 2022-02-04 not yet calculated CVE-2022-24153
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-02-04 not yet calculated CVE-2022-24152
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. 2022-02-04 not yet calculated CVE-2022-24157
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter. 2022-02-04 not yet calculated CVE-2022-24150
MISC
tenda — ax3_router Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. 2022-02-04 not yet calculated CVE-2022-24145
MISC
tenda — ax3_router
 
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 2022-02-04 not yet calculated CVE-2022-24163
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter. 2022-02-04 not yet calculated CVE-2022-24165
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter. 2022-02-04 not yet calculated CVE-2022-24166
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. 2022-02-04 not yet calculated CVE-2021-45987
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. 2022-02-04 not yet calculated CVE-2022-24167
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. 2022-02-04 not yet calculated CVE-2022-24168
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter. 2022-02-04 not yet calculated CVE-2022-24169
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. 2022-02-04 not yet calculated CVE-2022-24170
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. 2022-02-04 not yet calculated CVE-2022-24171
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-02-04 not yet calculated CVE-2021-45997
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-02-04 not yet calculated CVE-2021-45996
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. 2022-02-04 not yet calculated CVE-2021-45990
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter. 2022-02-04 not yet calculated CVE-2022-24164
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. 2022-02-04 not yet calculated CVE-2021-45988
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters. 2022-02-04 not yet calculated CVE-2021-45995
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. 2022-02-04 not yet calculated CVE-2021-45989
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter. 2022-02-04 not yet calculated CVE-2021-45991
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter. 2022-02-04 not yet calculated CVE-2021-45994
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters. 2022-02-04 not yet calculated CVE-2021-45993
MISC
tenda — multiple_routers Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter. 2022-02-04 not yet calculated CVE-2021-45992
MISC
tenda — multiple_routers
 
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. 2022-02-04 not yet calculated CVE-2021-45986
MISC
tenda — multiple_routers
 
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter. 2022-02-04 not yet calculated CVE-2022-24172
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-23568
MISC
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don’t match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23583
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23575
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23582
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21726
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. 2022-02-04 not yet calculated CVE-2022-23559
MISC
CONFIRM
MISC
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21725
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21727
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python’s negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21728
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23577
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21729
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23579
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23584
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23578
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow’s `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23574
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23573
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21731
CONFIRM
MISC
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23572
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23571
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23570
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23580
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23581
CONFIRM
MISC
MISC
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-23569
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23576
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21730
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23565
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21732
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23586
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21733
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23591
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23589
CONFIRM
MISC
MISC
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. 2022-02-04 not yet calculated CVE-2022-23590
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23587
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. TensorFlow’s type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 2022-02-04 not yet calculated CVE-2022-23592
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 2022-02-04 not yet calculated CVE-2022-23593
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. 2022-02-04 not yet calculated CVE-2022-23594
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23595
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23588
MISC
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-23567
CONFIRM
MISC
MISC
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21737
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23564
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. 2022-02-04 not yet calculated CVE-2022-23563
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23562
MISC
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23561
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. 2022-02-04 not yet calculated CVE-2022-23560
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(…, &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23585
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23558
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21740
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21739
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21738
MISC
CONFIRM
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21736
CONFIRM
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23566
CONFIRM
MISC
MISC
MISC
tensorflow — tensorflow Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21734
CONFIRM
MISC
MISC
tensorflow — tensorflow
 
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21735
MISC
CONFIRM
MISC
tensorflow — tensorflow
 
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-04 not yet calculated CVE-2022-23557
MISC
MISC
CONFIRM
tensorflow — tensorflow
 
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 2022-02-03 not yet calculated CVE-2022-21741
MISC
CONFIRM
MISC
totolink — multiple_devices Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. 2022-02-04 not yet calculated CVE-2021-44247
MISC
totolink — multiple_devices
 
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. 2022-02-04 not yet calculated CVE-2021-44246
MISC
trend_micro — worry-free_business_security_server
 
A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-02-04 not yet calculated CVE-2022-23805
MISC
MISC
twig — twig
 
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. 2022-02-04 not yet calculated CVE-2022-23614
MISC
MISC
CONFIRM
twisted — treq
 
treq is an HTTP library inspired by requests but written on top of Twisted’s Agents. Treq’s request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain (“supercookies”). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it. 2022-02-01 not yet calculated CVE-2022-23607
CONFIRM
unified_office — total_connect_now
 
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. 2022-02-03 not yet calculated CVE-2022-24121
MISC
MISC
victor_cms — victor_cms
 
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via ‘user_firstname’ parameter. 2022-02-03 not yet calculated CVE-2022-23873
MISC
MISC
virustotal — yara
 
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. 2022-02-04 not yet calculated CVE-2021-45429
MISC
vmware — cloud_foundation
 
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. 2022-02-04 not yet calculated CVE-2022-22939
MISC
voipmonitor — gui An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. 2022-02-04 not yet calculated CVE-2022-24259
MISC
voipmonitor — gui
 
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. 2022-02-04 not yet calculated CVE-2022-24262
MISC
voipmonitor — gui
 
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. 2022-02-04 not yet calculated CVE-2022-24260
MISC
whatsapp — whatsapp_business_for_android
 
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call. 2022-02-02 not yet calculated CVE-2021-24043
CONFIRM
wireapp — wire_webapp
 
Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue. 2022-02-04 not yet calculated CVE-2022-23605
MISC
CONFIRM
wordpress_gdpr — wordpress_gdpr
 
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an “application/json” content-type. Since an HTML payload isn’t properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim’s browser. If the victim is an administrator with a valid session cookie, full control of the WordPress instance may be taken (AJAX calls and iframe manipulation are possible because the vulnerable endpoint is on the same domain as the admin panel – there is no same-origin restriction). 2022-02-01 not yet calculated CVE-2021-24814
MISC
wp_html_mail — wp_html_mail
 
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. 2022-02-04 not yet calculated CVE-2022-0218
MISC
MISC
xwiki — xwiki-platform
 
XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it’s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn’t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files. 2022-02-04 not yet calculated CVE-2021-43841
MISC
MISC
CONFIRM
MISC
xwiki — xwiki-platform
 
### Impact It’s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it’s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: – a first one to fix the CSRF problem – a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It’s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsern… In version after 13.x it’s also possible to edit manually the forgotusername.vm file, but it’s really encouraged to upgrade the version here. ### References * jira.xwiki.org/browse/XWIKI-18384 * jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org) 2022-02-04 not yet calculated CVE-2021-32732
MISC
MISC
CONFIRM
MISC
MISC
yet_another_stars_rating — yet_another_stars_rating
 
Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter ‘source’. 2022-02-04 not yet calculated CVE-2022-23980
CONFIRM
CONFIRM
z-wave –multiple_devices The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. 2022-02-04 not yet calculated CVE-2018-25029
CONFIRM
MISC
z-wave –multiple_devices
 
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. 2022-02-04 not yet calculated CVE-2013-20003
MISC
MISC
MISC
zammad — zammad
 
In Zammad 5.0.2, agents can configure “out of office” periods and substitute persons. If the substitute persons didn’t have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. 2022-02-04 not yet calculated CVE-2021-44886
MISC
zammad — zammad
 
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. 2022-02-04 not yet calculated CVE-2021-43145
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of January 24, 2022

01/31/2022 10:21 AM EST

Original release date: January 31, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — shenyu Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. 2022-01-25 7.5 CVE-2021-45029
CONFIRM
MLIST
MLIST
asus — vc65-c1_firmware ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. 2022-01-21 7.2 CVE-2022-21933
CONFIRM
budget_and_expense_tracker_system_project — budget_and_expense_tracker_system SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. 2022-01-21 7.5 CVE-2021-40247
MISC
MISC
cached-path-relative_project — cached-path-relative The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 2022-01-21 7.5 CVE-2021-23518
CONFIRM
CONFIRM
CONFIRM
courier_management_system_project — courier_management_system An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. 2022-01-21 10 CVE-2021-46198
MISC
MISC
dell — emc_appsync Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. 2022-01-21 7.5 CVE-2022-22553
MISC
dell — emc_unity_operating_environment Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. 2022-01-24 7.2 CVE-2021-43589
CONFIRM
employee_and_visitor_gate_pass_logging_system_project — employee_and_visitor_gate_pass_logging_system An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. 2022-01-21 10 CVE-2021-46309
MISC
europa — technical_specifications_for_digital_covid_certificates The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production. 2022-01-21 7.5 CVE-2021-40855
MISC
MISC
exiftool_project — exiftool lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /|$/ check. 2022-01-25 7.5 CVE-2022-23935
MISC
forestblog_project — forestblog In ForestBlog, as of 2021-12-28, File upload can bypass verification. 2022-01-25 7.5 CVE-2021-46033
MISC
freecadweb — freecad Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. 2022-01-25 7.6 CVE-2021-45844
MISC
MISC
fresenius-kabi — agilia_connect_firmware The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. 2022-01-21 7.5 CVE-2021-23196
MISC
fresenius-kabi — agilia_partner_maintenance_software Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system. 2022-01-21 7.8 CVE-2021-23236
MISC
fresenius-kabi — agilia_partner_maintenance_software Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges. 2022-01-21 7.5 CVE-2021-43355
MISC
fresenius-kabi — agilia_partner_maintenance_software Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters. 2022-01-21 7.5 CVE-2021-23233
MISC
hms_project — hms HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. 2022-01-21 7.5 CVE-2022-23366
MISC
hms_project — hms HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. 2022-01-21 7.5 CVE-2022-23364
MISC
hms_project — hms HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. 2022-01-21 7.5 CVE-2022-23365
MISC
ibm — cognos_controller IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. 2022-01-21 7.5 CVE-2020-4879
CONFIRM
XF
ibm — cognos_controller IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. 2022-01-21 7.5 CVE-2020-4877
XF
CONFIRM
iconics — analytix Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. 2022-01-21 7.5 CVE-2022-23128
MISC
MISC
MISC
iresturant_project — iresturant MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. 2022-01-25 7.5 CVE-2021-45802
MISC
MISC
jeecg — jeecg_boot In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. 2022-01-25 10 CVE-2021-46089
MISC
libexpat_project — libexpat Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. 2022-01-24 7.5 CVE-2022-23852
MISC
librecad — librecad A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. 2022-01-25 9.3 CVE-2021-45341
MISC
loguru_project — loguru Code Injection in PyPi loguru prior to and including 0.5.3. 2022-01-21 7.5 CVE-2022-0329
MISC
CONFIRM
MISC
MISC
mediatek — linkit_software_development_kit In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. 2022-01-24 7.5 CVE-2021-30636
MISC
mingsoft — mcms MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. 2022-01-21 7.5 CVE-2022-22929
MISC
mingsoft — mcms MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. 2022-01-21 7.5 CVE-2022-22928
MISC
mingsoft — mcms MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. 2022-01-21 7.5 CVE-2022-23314
MISC
mingsoft — mcms A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. 2022-01-21 7.5 CVE-2022-22930
MISC
mingsoft — mcms MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. 2022-01-21 7.5 CVE-2022-23315
MISC
online_banking_system_project — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. 2022-01-21 7.5 CVE-2022-23363
MISC
online_learning_system_project — online_learning_system SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. 2022-01-24 7.5 CVE-2021-40596
MISC
online_leave_management_system_project — online_leave_management_system SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. 2022-01-21 7.5 CVE-2021-40595
MISC
MISC
online_payment_hub_project — online_payment_hub SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. 2022-01-24 7.5 CVE-2021-43420
MISC
online_project_time_management_system_project — online_project_time_management_system An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. 2022-01-24 7.5 CVE-2021-46451
MISC
online_railway_reservation_system_project — online_railway_reservation_system An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. 2022-01-21 10 CVE-2021-46308
MISC
online_resort_management_system_project — online_resort_management_system An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. 2022-01-21 10 CVE-2021-46201
MISC
projectworlds — online-shopping-webvsite-in-php Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the “id” parameter in cart_add.php, No login is required. 2022-01-23 7.5 CVE-2021-46024
MISC
projectworlds — online_examination_system An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. 2022-01-21 10 CVE-2021-46307
MISC
purchase_order_management_system_project — purchase_order_management_system SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. 2022-01-24 7.5 CVE-2021-40908
MISC
quickbox — quickbox In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(”); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(”); function, which allows for privilege escalation by means of RCE. 2022-01-24 9 CVE-2021-44981
MISC
MISC
saviynt — enterprise_identity_cloud An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account. 2022-01-24 7.5 CVE-2022-23855
MISC
simple_membership_system_using_php_and_ajax_project — simple_membership_system_using_php_and_ajax SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. 2022-01-24 7.5 CVE-2021-41472
MISC
simple_music_cloud_community_system_project — simple_music_cloud_community_system An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php. 2022-01-21 10 CVE-2021-46200
MISC
south_gate_inn_online_reservation_system_project — south_gate_inn_online_reservation_system SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. 2022-01-24 7.5 CVE-2021-41471
MISC
starwindsoftware — command_center In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API. 2022-01-24 9 CVE-2022-23858
MISC
storage_unit_rental_management_system_project — storage_unit_rental_management_system SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. 2022-01-24 7.5 CVE-2021-40907
MISC
telosalliance — z/ip_one_firmware A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device’s file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI. 2022-01-24 10 CVE-2020-17383
MISC
MISC
MISC
teslamate_project — teslamate TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. 2022-01-24 7.5 CVE-2022-23126
MISC
MISC
CONFIRM
MISC
MISC
tp-link — archer_c90_firmware This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. 2022-01-21 10 CVE-2021-35003
MISC
tp-link — tl-wa1201_firmware This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. 2022-01-21 10 CVE-2021-35004
MISC
try_my_recipe_project — try_my_recipe SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website – CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. 2022-01-24 7.5 CVE-2021-41928
MISC
usbview_project — usbview USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the –gtk-module option. This affects Ubuntu, Debian, and Gentoo. 2022-01-21 7.2 CVE-2022-23220
MISC
MISC
DEBIAN
MLIST
vim — vim Heap-based Buffer Overflow in vim/vim prior to 8.2. 2022-01-21 7.5 CVE-2022-0318
MISC
CONFIRM
wedevs — wp_user_frontend The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting 2022-01-24 7.5 CVE-2021-25076
MISC
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accesspressthemes — wp_cookie_user_info The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection 2022-01-24 6.5 CVE-2021-24858
MISC
acf-extended — advanced_custom_fields The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue 2022-01-24 6.5 CVE-2021-24865
CONFIRM
MISC
adodb_project — adodb Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. 2022-01-25 6.4 CVE-2021-3850
MISC
CONFIRM
appcms — appcms AppCMS 2.0.101 has a XSS injection vulnerability in templatesminc_head.php 2022-01-23 4.3 CVE-2021-45380
MISC
asgaros — asgaros_forum The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue 2022-01-24 6.5 CVE-2021-25045
MISC
CONFIRM
bingrep_project — bingrep Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). 2022-01-21 5 CVE-2021-39480
MISC
camunda — min-dash The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types. 2022-01-21 5 CVE-2021-23460
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
codeigniter — codeigniter CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `APIResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `APIResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `APIResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only. 2022-01-24 4.3 CVE-2022-21715
MISC
CONFIRM
MISC
codesnippets — code_snippets The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue 2022-01-24 4.3 CVE-2021-25008
MISC
coins-global — construction_cloud An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites. 2022-01-24 4.3 CVE-2021-45226
MISC
MISC
MISC
coins-global — construction_cloud An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). 2022-01-24 4.3 CVE-2021-45225
MISC
MISC
MISC
coins-global — construction_cloud An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs. 2022-01-24 4.3 CVE-2021-45224
MISC
MISC
MISC
coins-global — construction_cloud An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. 2022-01-24 6.5 CVE-2021-45222
MISC
MISC
MISC
coins-global — construction_cloud An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes. 2022-01-24 4 CVE-2021-45223
MISC
MISC
MISC
conda_loguru_project — conda_loguru Improper Privilege Management in Conda loguru prior to 0.5.3. 2022-01-25 4 CVE-2022-0338
CONFIRM
MISC
contribsys — sidekiq In api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. 2022-01-21 5 CVE-2022-23837
MISC
MISC
convert-svg-core_project — convert-svg-core This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. 2022-01-21 5 CVE-2021-23631
CONFIRM
CONFIRM
CONFIRM
CONFIRM
crmperks — contact_form_entries The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page 2022-01-24 4.3 CVE-2021-25079
MISC
CONFIRM
crmperks — contact_form_entries The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry 2022-01-24 4.3 CVE-2021-25080
MISC
CONFIRM
dell — emc_appsync Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. 2022-01-21 5.8 CVE-2022-22552
MISC
dell — emc_appsync DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. 2022-01-21 5.8 CVE-2022-22551
MISC
dell — emc_data_protection_central Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2022-01-24 5 CVE-2021-43588
CONFIRM
dell — emc_data_protection_central Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. 2022-01-24 4 CVE-2021-36349
CONFIRM
dell — solutions_enabler The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. 2022-01-21 4.6 CVE-2021-36339
MISC
dell — solutions_enabler Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 2022-01-21 5.2 CVE-2021-36338
MISC
elfspirit_project — elfspirit elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue. 2022-01-24 5.8 CVE-2022-21711
MISC
MISC
CONFIRM
epub2txt_project — epub2txt xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document. 2022-01-23 6.8 CVE-2022-23850
MISC
forestblog_project — forestblog A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. 2022-01-25 4.3 CVE-2021-46034
MISC
fresenius-kabi — agilia_connect_firmware Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software. 2022-01-21 6.5 CVE-2021-44464
MISC
fresenius-kabi — agilia_connect_firmware The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information. 2022-01-21 6.4 CVE-2021-31562
MISC
fresenius-kabi — agilia_connect_firmware Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server. 2022-01-21 5 CVE-2021-23195
MISC
fresenius-kabi — agilia_connect_firmware Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions in context of an authenticated user. 2022-01-21 4.3 CVE-2021-33848
MISC
fresenius-kabi — agilia_connect_firmware Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings. 2022-01-21 5 CVE-2021-33843
MISC
fresenius-kabi — agilia_partner_maintenance_software Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service. 2022-01-21 5 CVE-2021-41835
MISC
fresenius-kabi — agilia_partner_maintenance_software Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users. 2022-01-21 6.5 CVE-2021-33846
MISC
golang — go In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. 2022-01-24 5 CVE-2021-39293
CONFIRM
gpac — gpac A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46240
MISC
gpac — gpac A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46234
MISC
gpac — gpac A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46236
MISC
gpac — gpac An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46237
MISC
gpac — gpac GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46238
MISC
gpac — gpac The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46239
MISC
gpac — gpac The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46313
MISC
gpac — gpac A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46311
MISC
hdfgroup — hdf5 A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46244
MISC
hdfgroup — hdf5 An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-21 4.3 CVE-2021-46243
MISC
hdfgroup — hdf5 HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. 2022-01-21 6.8 CVE-2021-46242
MISC
hospitals_patient_records_management_system_project — hospitals_patient_records_management_system Sourcecodester Hospital’s Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed. 2022-01-24 5 CVE-2022-22296
MISC
ibm — cognos_controller IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839. 2022-01-21 6.4 CVE-2020-4876
CONFIRM
XF
ibm — cognos_controller IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. 2022-01-21 6.4 CVE-2020-4875
CONFIRM
XF
ibm — websphere_application_server IBM WebSphere Application Server – Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. 2022-01-25 6.5 CVE-2021-39031
XF
CONFIRM
iconics — genesis64 Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. 2022-01-21 4.3 CVE-2022-23130
MISC
MISC
MISC
iconics — mobilehmi Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. 2022-01-21 4.3 CVE-2022-23127
MISC
MISC
MISC
iresturant_project — iresturant MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. 2022-01-25 6.5 CVE-2021-45803
MISC
MISC
isomorphic-git — cors-proxy The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. 2022-01-21 5 CVE-2021-23664
CONFIRM
CONFIRM
jerryscript — jerryscript Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. 2022-01-21 6.8 CVE-2022-22894
MISC
jerryscript — jerryscript Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c. 2022-01-21 4.3 CVE-2022-22891
MISC
jerryscript — jerryscript There is an Assertion ‘ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)’ failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0. 2022-01-21 4.3 CVE-2022-22892
MISC
jerryscript — jerryscript There is an Assertion ”ecma_object_is_typedarray (obj_p)” failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0. 2022-01-25 4.3 CVE-2021-44992
MISC
MISC
jerryscript — jerryscript Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. 2022-01-21 6.8 CVE-2022-22893
MISC
jerryscript — jerryscript Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. 2022-01-21 6.8 CVE-2022-22895
MISC
MISC
jerryscript — jerryscript Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. 2022-01-25 6.8 CVE-2021-44988
MISC
MISC
MISC
jerryscript — jerryscript There is an Assertion ”JERRY_CONTEXT (jmem_heap_allocated_size) == 0” failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. 2022-01-25 4.3 CVE-2021-44994
MISC
MISC
MISC
jerryscript — jerryscript There is an Assertion ”ecma_is_value_boolean (base_value)” failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. 2022-01-25 4.3 CVE-2021-44993
MISC
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. 2022-01-25 6.8 CVE-2021-46482
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-25 4.3 CVE-2021-46480
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c. 2022-01-25 4.3 CVE-2021-46481
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-25 4.3 CVE-2021-46477
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. 2022-01-25 6.8 CVE-2021-46483
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-25 4.3 CVE-2021-46474
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-25 4.3 CVE-2021-46478
MISC
jsish — jsish Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-25 4.3 CVE-2021-46475
MISC
kea-hotel-erp_project — kea-hotel-erp In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. 2022-01-25 6.5 CVE-2021-46113
MISC
MISC
MISC
librecad — librecad In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. 2022-01-25 4.3 CVE-2021-45343
MISC
librecad — librecad A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. 2022-01-25 6.8 CVE-2021-45342
MISC
libsixel_project — libsixel In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. 2022-01-25 4.3 CVE-2021-45340
MISC
linux — linux_kernel A race condition was found in the Linux kernel’s ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. 2022-01-21 4.7 CVE-2021-4001
MISC
MISC
linux — linux_kernel A vulnerability was found in the Linux kernel’s KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7. 2022-01-21 4.9 CVE-2021-4032
MISC
MISC
MISC
mcafee — data_loss_prevention SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. 2022-01-24 6.5 CVE-2021-4088
CONFIRM
mediawiki — shortdescription ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:&lt;img src=x onerror=alert()&gt;}}`. This issue has a patch in version 2.3.4. 2022-01-24 4.3 CVE-2022-21710
MISC
MISC
CONFIRM
mruby — mruby NULL Pointer Dereference in Homebrew mruby prior to 3.2. 2022-01-21 4.3 CVE-2022-0326
CONFIRM
MISC
mustache_project — mustache Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. 2022-01-21 6.5 CVE-2022-0323
MISC
CONFIRM
mycred — mycred The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue 2022-01-24 4.3 CVE-2021-25015
CONFIRM
MISC
navidrome — navidrome model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users’ encrypted passwords). 2022-01-24 4 CVE-2022-23857
MISC
MISC
nlnetlabs — ldns When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe – ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. 2022-01-21 5 CVE-2020-19861
MISC
nlnetlabs — ldns When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. 2022-01-21 4.3 CVE-2020-19860
MISC
MISC
online_covid_vaccination_scheduler_system_project — online_covid_vaccination_scheduler_system Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. 2022-01-24 4.3 CVE-2021-41930
MISC
oxilab — image_hover_effects_ultimate The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2022-01-24 4.3 CVE-2021-25031
MISC
CONFIRM
php_crud_without_refresh/reload_using_ajax_and_datatables_tutorial_project — php_crud_without_refresh/reload_using_ajax_and_datatables_tutorial Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. 2022-01-24 6.8 CVE-2021-40909
MISC
phpmyadmin — phpmyadmin An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. 2022-01-22 4.3 CVE-2022-23808
MISC
phpmyadmin — phpmyadmin An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. 2022-01-22 4 CVE-2022-23807
MISC
plutinosoft — platinum Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending ip:port/../privacy.avi URL to compromise a victim’s privacy. 2022-01-21 5 CVE-2020-19858
MISC
MISC
revmakx — backup_and_staging_by_wp_time_capsule The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-01-24 4.3 CVE-2021-25035
MISC
CONFIRM
roundupwp — registrations_for_the_events_calendar The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting 2022-01-24 4.3 CVE-2021-25083
CONFIRM
MISC
saviynt — enterprise_identity_cloud An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI. 2022-01-24 5 CVE-2022-23856
MISC
sendinblue — newsletter,_smtp,_email_marketing_and_subscribe The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue 2022-01-24 4.3 CVE-2021-24923
MISC
simple_college_website_project — simple_college_website Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. 2022-01-21 6.8 CVE-2021-44593
MISC
MISC
slic3r — slic3r A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a “type” attribute. 2022-01-25 4.3 CVE-2021-45846
MISC
slic3r — slic3r Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file. 2022-01-25 4.3 CVE-2021-45847
MISC
MISC
MISC
themeum — qubely The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts 2022-01-24 4 CVE-2021-25013
MISC
themeum — tutor_lms The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2022-01-24 4.3 CVE-2021-25017
MISC
CONFIRM
tipsandtricks-hq — simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads 2022-01-24 6.8 CVE-2021-24696
MISC
tri — event_tickets The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue 2022-01-24 5.8 CVE-2021-25028
MISC
try_my_recipe_project — try_my_recipe Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website – CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page. 2022-01-24 4.3 CVE-2021-42168
MISC
villatheme — orders_tracking_for_woocommerce The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-01-24 4.3 CVE-2021-25062
CONFIRM
MISC
vim — vim Out-of-bounds Read in vim/vim prior to 8.2. 2022-01-21 4.3 CVE-2022-0319
CONFIRM
MISC
wasmcloud — host_runtime wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, but with this vulnerability actor capability claims are not verified upon receiving invocations. This compromises the security model for actors as they can receive unauthorized invocations from linked capability providers. The problem has been patched in versions `0.52.2` and greater. There is no workaround and users are advised to upgrade to an unaffected version as soon as possible. 2022-01-21 5.5 CVE-2022-21707
CONFIRM
MISC
webmaster-source — wp125 The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack 2022-01-24 6.8 CVE-2021-25073
MISC
CONFIRM
webp_converter_for_media_project — webp_converter_for_media The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue 2022-01-24 5.8 CVE-2021-25074
MISC
wp-experts — protect_wp_admin The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request 2022-01-24 5 CVE-2021-24906
MISC
wp_extra_file_types_project — wp_extra_file_types The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks 2022-01-24 6 CVE-2021-24936
MISC
wp_post_page_clone_project — wp_post_page_clone The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users’ draft and password-protected posts which they cannot view normally. 2022-01-24 4 CVE-2021-24733
MISC
wpaffiliatemanager — affiliates_manager The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. 2022-01-24 4.3 CVE-2021-25078
CONFIRM
MISC
wpplugin — accept_donations_with_paypal The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog 2022-01-24 4.3 CVE-2021-24989
MISC
yetiforce — yetiforce_customer_relationship_management Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. 2022-01-24 6 CVE-2022-0269
CONFIRM
MISC
yikesinc — easy_forms_for_mailchimp The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-01-24 4.3 CVE-2021-24985
MISC
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adtribes — product_feed_pro_for_woocommerce The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping. 2022-01-24 3.5 CVE-2021-24974
MISC
b3log — vditor Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 1.0.34. 2022-01-23 3.5 CVE-2021-4103
MISC
CONFIRM
dell — emc_system_update Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. 2022-01-24 2.1 CVE-2022-22554
CONFIRM
etoilewebdesign — ultimate_faq The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions 2022-01-24 3.5 CVE-2021-24968
CONFIRM
MISC
fivestarplugins — five_star_restaurant_reservations The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins 2022-01-24 3.5 CVE-2021-24965
MISC
fresenius-kabi — agilia_connect An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users. 2022-01-21 2.1 CVE-2021-23207
MISC
getgrav — grav Cross-site Scripting (XSS) – Stored in Packagist getgrav/grav prior to 1.7.28. 2022-01-25 3.5 CVE-2022-0268
MISC
CONFIRM
graphql-go_project — graphql-go graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended. 2022-01-21 3.5 CVE-2022-21708
CONFIRM
MISC
iconics — genesis64 Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information. 2022-01-21 2.1 CVE-2022-23129
MISC
MISC
MISC
jflyfox — jfinal_cms In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code. 2022-01-25 3.5 CVE-2021-46087
MISC
mobile_events_manager_project — mobile_events_manager The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-01-24 3.5 CVE-2021-25049
MISC
CONFIRM
rapid7 — insight_agent Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. 2022-01-21 2.1 CVE-2021-4016
CONFIRM
showdoc — showdoc Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. 2022-01-22 3.5 CVE-2021-4172
CONFIRM
MISC
spotweb_project — spotweb Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. 2022-01-21 3.5 CVE-2021-33966
MISC
student_quarterly_grading_system_project — student_quarterly_grading_system Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page. 2022-01-24 3.5 CVE-2021-41658
MISC
tipsandtricks-hq — simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) “color” or “css_class” argument of sdm_download shortcode, 2) “class” or “placeholder” argument of sdm_search_form shortcode. 2022-01-24 3.5 CVE-2021-24694
MISC
updraftplus — updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue 2022-01-24 3.5 CVE-2021-24423
MISC
MISC
uscat_project — uscat uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code. 2022-01-25 3.5 CVE-2021-46083
MISC
uscat_project — uscat uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via “close registration information” input box. 2022-01-25 3.5 CVE-2021-46084
MISC
wbolt — smart_seo_tool The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting 2022-01-24 2.6 CVE-2021-24976
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acer — care_center
 
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges. 2022-01-26 not yet calculated CVE-2021-45975
MISC
MISC
MISC
advantech — deviceon/iedge_server
 
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-40389
MISC
advantech — deviceon/iedge_server
 
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-40396
MISC
advantech — sq_manager_server
 
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-40388
MISC
advantech — wise-paas/ota_server
 
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-40397
MISC
apache — karaf
 
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder). 2022-01-26 not yet calculated CVE-2021-41766
CONFIRM
apache — karaf
 
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: issues.apache.org/jira/browse/KARAF-7326 2022-01-26 not yet calculated CVE-2022-22932
CONFIRM
apache — shenyu
 
The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1. 2022-01-25 not yet calculated CVE-2022-23223
CONFIRM
MLIST
MLIST
apache — shenyu
 
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. 2022-01-25 not yet calculated CVE-2022-23945
CONFIRM
MLIST
MLIST
apache — shenyu
 
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. 2022-01-25 not yet calculated CVE-2022-23944
CONFIRM
MLIST
MLIST
MLIST
apache — tomcat
 
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. 2022-01-27 not yet calculated CVE-2022-23181
MISC
apache — xerces
 
There’s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. 2022-01-24 not yet calculated CVE-2022-23437
CONFIRM
MLIST
autodesk — design_review
 
A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and prior may lead to remote code execution through maliciously crafted DWF and TGA files. 2022-01-25 not yet calculated CVE-2021-40167
MISC
autodesk — inventor
 
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arbitrary code 2022-01-25 not yet calculated CVE-2021-40158
MISC
autodesk — inventor
 
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files. 2022-01-25 not yet calculated CVE-2021-40159
MISC
bmoor — bmoor
 
The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](security.snyk.io/vuln/SNYK-JS-BMOOR-598664) 2022-01-28 not yet calculated CVE-2021-23558
MISC
MISC
MISC
bosch — multiple_products
 
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. 2022-01-28 not yet calculated CVE-2021-23863
CONFIRM
bromite — bromite
 
In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren’t can identify the application version and defeat the User-Agent protection mechanism. 2022-01-26 not yet calculated CVE-2019-25056
MISC
buddyboss — platform
 
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses. 2022-01-26 not yet calculated CVE-2021-44692
MISC
MISC
buddyboss — platform
 
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field. 2022-01-26 not yet calculated CVE-2021-43334
MISC
MISC
casdoor — casdoor
 
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. 2022-01-29 not yet calculated CVE-2022-24124
MISC
MISC
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. 2022-01-27 not yet calculated CVE-2021-46509
MISC
cesanta — mjs There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len’ failed at src/mjs_gc.c in Cesanta MJS v2.20.0. 2022-01-27 not yet calculated CVE-2021-46510
MISC
cesanta — mjs There is an Assertion `m->len >= sizeof(v)’ failed at src/mjs_core.c in Cesanta MJS v2.20.0. 2022-01-27 not yet calculated CVE-2021-46511
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46512
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c. 2022-01-27 not yet calculated CVE-2021-46518
MISC
cesanta — mjs There is an Assertion ‘ppos != NULL && mjs_is_number(*ppos)’ failed at src/mjs_core.c in Cesanta MJS v2.20.0. 2022-01-27 not yet calculated CVE-2021-46514
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46516
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c. 2022-01-27 not yet calculated CVE-2021-46526
MISC
cesanta — mjs There is an Assertion `mjs_stack_size(&mjs->scopes) > 0′ failed at src/mjs_exec.c in Cesanta MJS v2.20.0. 2022-01-27 not yet calculated CVE-2021-46517
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c. 2022-01-27 not yet calculated CVE-2021-46513
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c. 2022-01-27 not yet calculated CVE-2021-46519
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c. 2022-01-27 not yet calculated CVE-2021-46520
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c. 2022-01-27 not yet calculated CVE-2021-46521
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53. 2022-01-27 not yet calculated CVE-2021-46522
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c. 2022-01-27 not yet calculated CVE-2021-46524
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c. 2022-01-27 not yet calculated CVE-2021-46525
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46550
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46546
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46556
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46553
MISC
cesanta — mjs There is an Assertion `i < parts_cnt’ failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. 2022-01-27 not yet calculated CVE-2021-46508
MISC
cesanta — mjs There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len’ failed at src/mjs_exec.c in Cesanta MJS v2.20.0. 2022-01-27 not yet calculated CVE-2021-46515
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c. 2022-01-27 not yet calculated CVE-2021-46527
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46540
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46539
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46530
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8d28e. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46531
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via exec_expr at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46532
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46534
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46535
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46537
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46538
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46528
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46541
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46542
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46543
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46544
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46545
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46547
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46548
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46549
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46529
MISC
cesanta — mjs Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46554
MISC
cesanta — mjs
 
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c. 2022-01-27 not yet calculated CVE-2021-46523
MISC
charactell — formstorm_enterprise_account
 
Charactell – FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file. 2022-01-25 not yet calculated CVE-2022-22789
MISC
classapps — selectsurvey.net A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. 2022-01-28 not yet calculated CVE-2021-41608
MISC
MISC
classapps — selectsurvey.net
 
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application’s backend database via boolean-based blind and UNION injection. 2022-01-28 not yet calculated CVE-2021-41609
MISC
MISC
connman — connman
 
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. 2022-01-28 not yet calculated CVE-2022-23098
MISC
MISC
connman — connman
 
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. 2022-01-28 not yet calculated CVE-2022-23097
MISC
MISC
connman — connman
 
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. 2022-01-28 not yet calculated CVE-2022-23096
MISC
MISC
crater — crater
 
Cross-site Scripting (XSS) – Stored in Packagist bytefury/crater prior to 6.0.2. 2022-01-27 not yet calculated CVE-2022-0372
CONFIRM
MISC
crater-invoice — crater
 
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. 2022-01-26 not yet calculated CVE-2022-0203
MISC
CONFIRM
cszcms — cszcms
 
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser 2022-01-27 not yet calculated CVE-2021-46377
MISC
cve_project — cve_services_api
 
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. 2022-01-26 not yet calculated CVE-2021-46561
CONFIRM
dell — bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-01-24 not yet calculated CVE-2021-36343
CONFIRM
dell — bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-01-24 not yet calculated CVE-2021-36342
CONFIRM
dell — idrac8
 
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. 2022-01-25 not yet calculated CVE-2021-36346
MISC
dell — idrac9 iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. 2022-01-25 not yet calculated CVE-2021-36348
MISC
dell — idrac9 iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. 2022-01-25 not yet calculated CVE-2021-36347
MISC
dell — vnx2_oe_for_file
 
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. 2022-01-25 not yet calculated CVE-2021-36295
MISC
dell — vnx2_oe_for_file
 
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user. 2022-01-25 not yet calculated CVE-2021-36294
MISC
dell — vnx2_oe_for_file
 
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. 2022-01-25 not yet calculated CVE-2021-36289
MISC
dell — vnx2_oe_for_file
 
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. 2022-01-25 not yet calculated CVE-2021-36296
MISC
dolphinphp — dolphinphp
 
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log 2022-01-27 not yet calculated CVE-2021-46097
MISC
download_monitor — download_monitor
 
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It’s also possible to escape from the web server home directory and download any file within the OS. 2022-01-28 not yet calculated CVE-2021-31567
CONFIRM
CONFIRM
CONFIRM
download_monitor — download_monitor
 
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. 2022-01-28 not yet calculated CVE-2021-23174
CONFIRM
CONFIRM
CONFIRM
embedthis — goahead
 
The code that performs password matching when using ‘Basic’ HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver’s response time until the unauthorized (401) response. 2022-01-25 not yet calculated CVE-2021-43298
MISC
emerson — deltaV_distributed_control_system_controllers_and_workstations
 
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. 2022-01-28 not yet calculated CVE-2021-26264
MISC
emerson — deltav_distributed_control_system_controllers_and_workstations
 
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. 2022-01-28 not yet calculated CVE-2021-44463
MISC
expat — expat
 
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. 2022-01-26 not yet calculated CVE-2022-23990
MISC
f5 — big-ip On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23026
MISC
f5 — big-ip On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23030
MISC
f5 — big-ip On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23009
MISC
f5 — big-ip On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23025
MISC
f5 — big-ip On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23029
MISC
f5 — big-ip On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23021
MISC
f5 — big-ip On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23010
MISC
f5 — big-ip On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23022
MISC
f5 — big-ip On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23027
MISC
f5 — big-ip On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23012
MISC
f5 — big-ip On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23011
MISC
f5 — big-ip On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23019
MISC
f5 — big-ip On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23018
MISC
f5 — big-ip On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23017
MISC
f5 — big-ip On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23023
MISC
f5 — big-ip On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23015
MISC
f5 — big-ip On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23013
MISC
f5 — big-ip On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23014
MISC
f5 — big-ip On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23024
MISC
f5 — big-ip
 
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23028
MISC
f5 — big-ip
 
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23032
MISC
f5 — big-ip
 
On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23016
MISC
f5 — big-ip
 
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23031
MISC
f5 — big-ip
 
On BIG-IP version 16.1.x before 16.1.2, when the ‘Respond on Error’ setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23020
MISC
freecad — freecad
 
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. 2022-01-25 not yet calculated CVE-2021-45845
MISC
MISC
gerapy — gerapy
 
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds. 2022-01-26 not yet calculated CVE-2021-32849
MISC
MISC
CONFIRM
MISC
MISC
gibbon — cms
 
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. 2022-01-28 not yet calculated CVE-2022-22868
MISC
MISC
MISC
github — enterprise_server
 
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App’s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. 2022-01-25 not yet calculated CVE-2021-41598
MISC
MISC
MISC
glpi — glpi
 
GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds. 2022-01-28 not yet calculated CVE-2022-21719
CONFIRM
MISC
MISC
glpi — glpi
 
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. 2022-01-28 not yet calculated CVE-2022-21720
CONFIRM
MISC
MISC
h.h.g_multistore — h.h.g_multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. 2022-01-28 not yet calculated CVE-2021-46446
MISC
MISC
h.h.g_multistore — h.h.g_multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. 2022-01-28 not yet calculated CVE-2021-46444
MISC
MISC
h.h.g_multistore — h.h.g_multistore H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. 2022-01-28 not yet calculated CVE-2021-46445
MISC
MISC
h.h.g_multistore — h.h.g_multistore
 
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. 2022-01-28 not yet calculated CVE-2021-46448
MISC
MISC
h.h.g_multistore — h.h.g_multistore
 
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. 2022-01-28 not yet calculated CVE-2021-46447
MISC
MISC
hitachi — energy_linkone
 
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-28 not yet calculated CVE-2021-40339
CONFIRM
hitachi — energy_linkone
 
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-28 not yet calculated CVE-2021-40338
CONFIRM
hitachi — energy_linkone
 
Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-25 not yet calculated CVE-2021-40337
CONFIRM
hitachi — energy_linkone
 
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. 2022-01-28 not yet calculated CVE-2021-40340
CONFIRM
hp — support_assistant
 
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. 2022-01-28 not yet calculated CVE-2022-23456
MISC
ibm — security_guardium_insights IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. 2022-01-26 not yet calculated CVE-2021-29846
CONFIRM
XF
ibm — security_guardium_insights
 
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. 2022-01-26 not yet calculated CVE-2021-29845
CONFIRM
XF
ibm — security_guardium_insights
 
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. 2022-01-26 not yet calculated CVE-2021-29838
CONFIRM
XF
jpress_projects — jpress
 
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. 2022-01-26 not yet calculated CVE-2021-46114
MISC
MISC
MISC
jpress_projects — jpress
 
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. 2022-01-26 not yet calculated CVE-2021-46118
MISC
MISC
MISC
jpress_projects — jpress
 
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. 2022-01-26 not yet calculated CVE-2021-46117
MISC
MISC
MISC
jpress_projects — jpress
 
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. 2022-01-26 not yet calculated CVE-2021-46115
MISC
MISC
MISC
jpress_projects — jpress
 
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. 2022-01-26 not yet calculated CVE-2021-46116
MISC
MISC
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46484
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46489
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46499
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46486
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46495
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46487
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46488
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. 2022-01-27 not yet calculated CVE-2021-46507
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46491
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46490
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46494
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46503
MISC
jsish — jsish
 
There is an Assertion ‘v->d.lval != v’ failed at src/jsiValue.c in Jsish v3.5.0. 2022-01-27 not yet calculated CVE-2021-46506
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46497
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46492
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46485
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46498
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. 2022-01-27 not yet calculated CVE-2021-46505
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46500
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46501
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46502
MISC
jsish — jsish
 
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). 2022-01-27 not yet calculated CVE-2021-46496
MISC
jsish — jsish
 
There is an Assertion ‘vp != resPtr’ failed at jsiEval.c in Jsish v3.5.0. 2022-01-27 not yet calculated CVE-2021-46504
MISC
jupyter_hub — server_proxy
 
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity. Users may upgrade to version 3.2.1 to receive a patch or, as a workaround, install the patch manually. 2022-01-25 not yet calculated CVE-2022-21697
MISC
CONFIRM
MISC
keycloak — keycloak
 
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. 2022-01-25 not yet calculated CVE-2021-4133
MISC
MISC
MISC
keyget — keyget
 
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](security.snyk.io/vuln/SNYK-JS-KEYGET-1048048) 2022-01-28 not yet calculated CVE-2021-23760
MISC
laminas — laminas-form
 
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory. 2022-01-28 not yet calculated CVE-2022-23598
MISC
MISC
CONFIRM
lg — webos_tvs
 
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege 2022-01-28 not yet calculated CVE-2022-23727
MISC
liferay — portal_server
 
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. 2022-01-28 not yet calculated CVE-2020-28885
MISC
liferay — portal_server
 
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. 2022-01-28 not yet calculated CVE-2020-28884
MISC
line_motorcycle_rental_system — online_motorcycle_rental_system Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. 2022-01-28 not yet calculated CVE-2021-44249
MISC
MISC
linux — kernel
 
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. 2022-01-29 not yet calculated CVE-2022-24122
MISC
MISC
MISC
linux — kernel
 
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. 2022-01-25 not yet calculated CVE-2021-34866
MISC
livehelperchat — livehelperchat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-27 not yet calculated CVE-2022-0387
CONFIRM
MISC
livehelperchat — livehelperchat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-28 not yet calculated CVE-2022-0395
MISC
CONFIRM
livehelperchat — livehelperchat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-28 not yet calculated CVE-2022-0394
MISC
CONFIRM
livehelperchat — livehelperchat
 
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-27 not yet calculated CVE-2022-0370
MISC
CONFIRM
livehelperchat — livehelperchat
 
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-26 not yet calculated CVE-2022-0374
CONFIRM
MISC
livehelperchat — livehelprchat Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 2022-01-26 not yet calculated CVE-2022-0375
MISC
CONFIRM
mariadb — mariadb save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. 2022-01-29 not yet calculated CVE-2021-46658
MISC
mariadb — mariadb
 
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. 2022-01-29 not yet calculated CVE-2021-46659
MISC
mariadb — mariadb
 
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. 2022-01-29 not yet calculated CVE-2021-46657
MISC
marktext — marktext
 
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload. 2022-01-29 not yet calculated CVE-2022-24123
MISC
MISC
micro_focus — operations_agent
 
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. 2022-01-25 not yet calculated CVE-2021-38129
MISC
microsoft — edge_for_android
 
Microsoft Edge for Android Spoofing Vulnerability. 2022-01-25 not yet calculated CVE-2022-23258
MISC
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. 2022-01-26 not yet calculated CVE-2022-0379
MISC
CONFIRM
microweber — microweber
 
Cross-site Scripting (XSS) – Reflected in Packagist microweber/microweber prior to 1.2.11. 2022-01-26 not yet calculated CVE-2022-0378
MISC
CONFIRM
mingsoft — mcms
 
gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack vector is: jspx webshell. ¶¶ MCMS has a file upload vulnerability through which attacker can upload a webshell. Successful attacks of this vulnerability can result in takeover of MCMS 2022-01-26 not yet calculated CVE-2021-46386
MISC
mingsoft — mcms
 
gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. 2022-01-26 not yet calculated CVE-2021-46385
MISC
mingsoft — mcms
 
gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. 2022-01-26 not yet calculated CVE-2021-46383
MISC
mirantis — mirantis
 
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. 2022-01-25 not yet calculated CVE-2022-0270
MISC
moodle — moodle
 
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. 2022-01-25 not yet calculated CVE-2022-0332
MISC
MISC
moodle — moodle
 
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The “delete badge alignment” functionality did not include the necessary token check to prevent a CSRF risk. 2022-01-25 not yet calculated CVE-2022-0335
MISC
MISC
moodle — moodle
 
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. 2022-01-25 not yet calculated CVE-2022-0333
MISC
MISC
moodle — moodle
 
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. 2022-01-25 not yet calculated CVE-2022-0334
MISC
MISC
moxa — tn-5900_devices
 
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. 2022-01-26 not yet calculated CVE-2021-46560
MISC
moxa — tn-5900_devices
 
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. 2022-01-26 not yet calculated CVE-2021-46559
MISC
naver — whaler
 
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. 2022-01-28 not yet calculated CVE-2022-24071
CONFIRM
net/packet/af_packet.c — net/packet/af_packet.c
 
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 2022-01-26 not yet calculated CVE-2021-22600
MISC
netgear — routers
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. 2022-01-25 not yet calculated CVE-2021-34865
MISC
MISC
netgear — routers
 
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325. 2022-01-25 not yet calculated CVE-2021-34870
MISC
MISC
netgear — routers
 
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818. 2022-01-24 not yet calculated CVE-2021-35005
N/A
N/A
nextcloud — android
 
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds. 2022-01-26 not yet calculated CVE-2021-41166
MISC
MISC
CONFIRM
MISC
nextcloud — android_app
 
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud’s data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading. 2022-01-25 not yet calculated CVE-2021-43863
CONFIRM
MISC
MISC
nginx — controller_api_management
 
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the “user” or “admin” role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-01-25 not yet calculated CVE-2022-23008
MISC
npm — simple-get
 
Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. 2022-01-26 not yet calculated CVE-2022-0355
MISC
CONFIRM
oneblog — oneblog
 
OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. 2022-01-25 not yet calculated CVE-2021-46085
MISC
openssl — openssl
 
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). 2022-01-28 not yet calculated CVE-2021-4160
CONFIRM
CONFIRM
CONFIRM
CONFIRM
opensuse — backports
 
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. 2022-01-26 not yet calculated CVE-2022-21944
CONFIRM
parallels — desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13797. 2022-01-25 not yet calculated CVE-2021-34869
MISC
MISC
parallels — desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712. 2022-01-25 not yet calculated CVE-2021-34868
MISC
MISC
parallels — desktop
 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13672. 2022-01-25 not yet calculated CVE-2021-34867
MISC
MISC
pega — pega
 
Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. 2022-01-28 not yet calculated CVE-2021-27654
MISC
pfsense — pfsense
 
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST[‘pkg_filter’] in a PHP echo call. 2022-01-26 not yet calculated CVE-2022-23993
MISC
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.2. 2022-01-27 not yet calculated CVE-2022-0348
CONFIRM
MISC
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.2.10. 2022-01-26 not yet calculated CVE-2022-0251
CONFIRM
MISC
piwigo — piwigo
 
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. 2022-01-28 not yet calculated CVE-2016-3735
MISC
MISC
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. 2022-01-27 not yet calculated CVE-2022-21722
CONFIRM
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. 2022-01-27 not yet calculated CVE-2022-21723
CONFIRM
MISC
plone — products.atcontenttypes
 
Products.ATContentTypes are the core content types for Plone 2.1 – 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user’s cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. 2022-01-28 not yet calculated CVE-2022-23599
MISC
CONFIRM
polkit — polkit
 
A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. 2022-01-28 not yet calculated CVE-2021-4034
MISC
MISC
MISC
MISC
prestashop — prestashop
 
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. 2022-01-26 not yet calculated CVE-2022-21686
MISC
CONFIRM
MISC
protocol_buffers — protocol_buffers
 
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file’s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. 2022-01-26 not yet calculated CVE-2021-22570
CONFIRM
pypi — calibreweb
 
Cross-site Scripting (XSS) – Reflected in Pypi calibreweb prior to 0.6.16. 2022-01-28 not yet calculated CVE-2022-0352
MISC
CONFIRM
qemu — qemu
 
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it’s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. 2022-01-25 not yet calculated CVE-2021-4145
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44387
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44376
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44405
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44373
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44393
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44365
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44367
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44368
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44369
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44370
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44390
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44391
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44392
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44372
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44386
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44398
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44399
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. 2022-01-28 not yet calculated CVE-2021-44400
MISC
reolink — rlc-410w A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.