Vulnerability Summary for the Week of April 25, 2022

05/02/2022 06:16 AM EDT

Original release date: May 2, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jfinalcms_project — jfinalcms JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. 2022-04-22 7.5 CVE-2022-27341
MISC
link-admin_project — link-admin Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). 2022-04-22 7.5 CVE-2022-27342
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. 2022-04-22 6.8 CVE-2021-38886
XF
CONFIRM
pimcore — pimcore SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 2022-04-22 5 CVE-2022-1429
MISC
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. 2022-04-22 4.3 CVE-2021-38904
XF
CONFIRM
microweber — microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. 2022-04-22 4.3 CVE-2022-1439
CONFIRM
MISC
crypt-server_project — crypt-server Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. 2022-04-22 4.3 CVE-2022-29589
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 4 CVE-2021-20464
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 4 CVE-2021-29824
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. 2022-04-22 4 CVE-2021-38905
XF
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. 2022-04-22 3.5 CVE-2021-38903
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. 2022-04-22 3.5 CVE-2021-38946
CONFIRM
XF

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
artifex — ghostscript
 
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC
wordpress — tatsu_wordpress_plugin
 
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC
wordpress– english_wordpress_admin_wordpress_plugin
 
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC
sophos — authenticator_for_android
 
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM
maxboard — maxboard
 
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC
tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’. 2022-04-26 not yet calculated CVE-2021-26629
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF
nomachine — nomachine_for_windows
 
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM
bender/ebee — cc612
 
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM
3scale — apicast
 
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC
solarwinds — serv-u
 
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC
metasys — ads/adx/oas
 
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM
veryfixpro — veryfixpro
 
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC
wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM
tripetto — tripetto_plugin
 
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM
motorola — multiple_products
 
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC
ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF
lenovo — lenovovariable_smi_handler
 
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC
red_hat — gnome-shell
 
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC
artica — proxy
 
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC
eclipse — openj9
 
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM
novelplus — novel-plus
 
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC
magic_cms_msvod — magic_cms_msvod
 
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC
encode– oss_httpx
 
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms — subrion_cms
 
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC
pingidentity — pingid_windows_login
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid_adnroid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid_ios
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
pingidentity — pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC
lenovo — nvme_driver
 
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC
lenovo — smbios_event_log_driver
 
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC
lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC
wordpress — sp_project_&_document_manager_wordpress_plugin
 
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC
elcomplus — smartptt
 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 2022-04-28 not yet calculated CVE-2021-43932
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. 2022-04-28 not yet calculated CVE-2021-43934
CONFIRM
elcomplus — smartptt_scada_server
 
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. 2022-04-29 not yet calculated CVE-2021-43937
CONFIRM
elcomplus — smartptt_scada_server

 

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. 2022-04-29 not yet calculated CVE-2021-43938
CONFIRM
elcomplus — smartptt_scada
 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 2022-04-28 not yet calculated CVE-2021-43939
CONFIRM
wondershare — dr._fone
 
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 2022-04-29 not yet calculated CVE-2021-44595
MISC
MISC
MISC
wondershare — dr._fone Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 2022-04-29 not yet calculated CVE-2021-44596
MISC
MISC
MISC
terramaster — terramaster
 
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 2022-04-25 not yet calculated CVE-2021-45836
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. 2022-04-25 not yet calculated CVE-2021-45837
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45839
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. 2022-04-25 not yet calculated CVE-2021-45840
MISC
terramaster — terramaster
 
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 2022-04-25 not yet calculated CVE-2021-45841
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45842
MISC
franklin_fueling_systems — ts-550_evo
 
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46420
MISC
franklin_fueling_systems — t5_series
 
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46421
MISC
telesquare — sdt-cw3b1 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. 2022-04-27 not yet calculated CVE-2021-46422
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 2022-04-27 not yet calculated CVE-2021-46423
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. 2022-04-27 not yet calculated CVE-2021-46424
MISC
d-link — dir-825_g1
 
In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 2022-04-27 not yet calculated CVE-2021-46441
MISC
MISC
D-Link DIR-825 G1
 
In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. 2022-04-27 not yet calculated CVE-2021-46442
MISC
MISC
wordpress — easy_google_maps_wordpress_plugin
 
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46780
MISC
wordpress — supsystic_wordpress_plugin
 
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46781
MISC
wordpress — supsystic_wordpress_plugin
 
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46782
MISC
lenovo — pcmanager
 
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 2022-04-22 not yet calculated CVE-2022-0192
MISC
wordpress — mycred_wordpress_plugin
 
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog 2022-04-25 not yet calculated CVE-2022-0287
MISC
lenovo — system_update
 
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 2022-04-22 not yet calculated CVE-2022-0354
MISC
MISC
wordpress — mycred_wordpress_lugin
 
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. 2022-04-25 not yet calculated CVE-2022-0363
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 2022-04-25 not yet calculated CVE-2022-0398
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 2022-04-25 not yet calculated CVE-2022-0477
MISC
CONFIRM
wordpress — flo-launch_wordpress_plugin
 
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. 2022-04-25 not yet calculated CVE-2022-0541
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. 2022-04-25 not yet calculated CVE-2022-0634
MISC
lenovo — thin_installer
 
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 2022-04-22 not yet calculated CVE-2022-0636
MISC
wordpress — web_to_print_shop_udraw_wordpress_plugin
 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) 2022-04-25 not yet calculated CVE-2022-0656
MISC
wordpress — 5_stars_rating_funnel_wordpress_plugin
 
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. 2022-04-25 not yet calculated CVE-2022-0657
MISC
wordpress — master_elements_wordpress_plugin
 
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0693
MISC
wordpress — users_ultra_wordpress_plugin
 
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. 2022-04-25 not yet calculated CVE-2022-0769
MISC
wordpress — donations_wordpress_plugin
 
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0782
MISC
wordpress — wpdevart_wordpress_plugin
 
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-0876
MISC
wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters 2022-04-25 not yet calculated CVE-2022-0953
MISC
linux — linux
 
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 2022-04-29 not yet calculated CVE-2022-0984
MISC
linux — linux
 
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. 2022-04-29 not yet calculated CVE-2022-0985
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 2022-04-29 not yet calculated CVE-2022-1015
MISC
MISC
MISC
wordpress — page_restriction_wordpress_plugin
 
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. 2022-04-25 not yet calculated CVE-2022-1027
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
wordpress — mycred_plugin
 
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog 2022-04-25 not yet calculated CVE-2022-1092
MISC
wordpress — wordpress
 
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1094
MISC
lenovo — thinkpad
 
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 2022-04-22 not yet calculated CVE-2022-1107
MISC
lenovo — thinkpad
 
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2022-1108
MISC
imagemagicks — relinquishdcminfo
 
A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. 2022-04-29 not yet calculated CVE-2022-1114
MISC
wordpress — menubar_plugin
 
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2022-1152
MISC
wordpress — layerslider_plugin
 
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-1153
MISC
wordpress — books_and_papers_plugin
 
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1156
MISC
getgrav — grav
 
stored xss in GitHub repository getgrav/grav prior to 1.7.33. 2022-04-26 not yet calculated CVE-2022-1173
MISC
CONFIRM
linux — linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
podman — podman
 
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. 2022-04-29 not yet calculated CVE-2022-1227
MISC
MISC
wordpress — opensea_plugin
 
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-25 not yet calculated CVE-2022-1228
MISC
linux — linux
 
A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. 2022-04-29 not yet calculated CVE-2022-1249
MISC
linux — linux_kernel
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
wordpress — admin_word_count_column
 
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique 2022-04-25 not yet calculated CVE-2022-1390
MISC
MISC
wordpress — cab_fare_calculator_plugin
 
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. 2022-04-25 not yet calculated CVE-2022-1391
MISC
MISC
wordpress — videos_sync_pdf_plugin
 
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 2022-04-25 not yet calculated CVE-2022-1392
MISC
MISC
wordpress — donorbox_plugin
 
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1396
MISC
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-04-29 not yet calculated CVE-2022-1402
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 2022-04-29 not yet calculated CVE-2022-1403
MISC
mruby — mruby
 
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 2022-04-23 not yet calculated CVE-2022-1427
CONFIRM
MISC
yarkeev — yarkeev
 
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. 2022-04-22 not yet calculated CVE-2022-1440
MISC
CONFIRM
gpac — gpac
 
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 2022-04-25 not yet calculated CVE-2022-1441
MISC
MISC
radareorg — radare2
 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 2022-04-23 not yet calculated CVE-2022-1444
CONFIRM
MISC
snipe — snipe-it
 
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-24 not yet calculated CVE-2022-1445
MISC
CONFIRM
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1451
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1452
CONFIRM
MISC
facturascripts — facturascripts
 
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-25 not yet calculated CVE-2022-1457
CONFIRM
MISC
openemr — openemr
 
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1458
MISC
CONFIRM
openemr — openemr
 
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1459
MISC
CONFIRM
openemr — openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1461
MISC
CONFIRM
getsimple — content_management_system
 
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 2022-04-26 not yet calculated CVE-2022-1466
MISC
MISC
MISC
getsimple — content_management_system A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. 2022-04-27 not yet calculated CVE-2022-1503
MISC
MISC
microweber — microweber
 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 2022-04-27 not yet calculated CVE-2022-1504
CONFIRM
MISC
chafa — chafa
 
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 2022-04-27 not yet calculated CVE-2022-1507
MISC
CONFIRM
hestiacp — hestiacp
 
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. 2022-04-28 not yet calculated CVE-2022-1509
CONFIRM
MISC
snipe — snipe-it
 
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. 2022-04-28 not yet calculated CVE-2022-1511
CONFIRM
MISC
facturascripts — facturascripts
 
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-28 not yet calculated CVE-2022-1514
MISC
CONFIRM
emlog — emlog_pro
 
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1526
MISC
MISC
livehelperchat — livehelperchat
 
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 2022-04-29 not yet calculated CVE-2022-1530
MISC
CONFIRM
rtx — rtx
 
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. 2022-04-29 not yet calculated CVE-2022-1531
MISC
CONFIRM
libmobi — libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. 2022-04-29 not yet calculated CVE-2022-1533
CONFIRM
MISC
libmobi — libmobi
 
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. 2022-04-29 not yet calculated CVE-2022-1534
MISC
CONFIRM
automad — automad
 
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(“home”)</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1536
N/A
N/A
scoold — scoold
 
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. 2022-04-29 not yet calculated CVE-2022-1543
CONFIRM
MISC
sonicwall — sonicos
 
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. 2022-04-27 not yet calculated CVE-2022-22275
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. 2022-04-27 not yet calculated CVE-2022-22276
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. 2022-04-27 not yet calculated CVE-2022-22277
CONFIRM
sonicwall — sonicos_cfs
 
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack 2022-04-27 not yet calculated CVE-2022-22278
CONFIRM
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. 2022-04-27 not yet calculated CVE-2022-22312
CONFIRM
XF
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. 2022-04-27 not yet calculated CVE-2022-22315
CONFIRM
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. 2022-04-28 not yet calculated CVE-2022-22322
CONFIRM
XF
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. 2022-04-27 not yet calculated CVE-2022-22323
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. 2022-04-27 not yet calculated CVE-2022-22345
XF
CONFIRM
ibm — planning_analytics_local
 
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. 2022-04-25 not yet calculated CVE-2022-22392
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. 2022-04-28 not yet calculated CVE-2022-22427
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. 2022-04-28 not yet calculated CVE-2022-22441
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. 2022-04-28 not yet calculated CVE-2022-22443
XF
CONFIRM
miele — benchmark_programming_tool
 
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. 2022-04-27 not yet calculated CVE-2022-22521
MISC
FULLDISC
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. 2022-04-28 not yet calculated CVE-2022-22781
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. 2022-04-28 not yet calculated CVE-2022-22782
MISC
zoom — on-premise_meeting_connector_controller
 
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. 2022-04-28 not yet calculated CVE-2022-22783
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one’s own implementation of the Validator interface. However, maintainers do not recommend this. 2022-04-25 not yet calculated CVE-2022-23457
MISC
MISC
CONFIRM
xilinx — xilinx
 
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. 2022-04-27 not yet calculated CVE-2022-23822
MISC
MISC
apache — doris
 
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. 2022-04-26 not yet calculated CVE-2022-23942
CONFIRM
MLIST
MLIST
linysys — linksys
 
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. 2022-04-27 not yet calculated CVE-2022-24372
MISC
MISC
MISC
solar — appscreener
 
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. 2022-04-28 not yet calculated CVE-2022-24449
MISC
MISC
apache — couchdb
 
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. 2022-04-26 not yet calculated CVE-2022-24706
MISC
MISC
MLIST
redis — redis
 
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24735
MISC
CONFIRM
MISC
MISC
redis — redis
 
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24736
MISC
CONFIRM
MISC
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 2022-04-25 not yet calculated CVE-2022-24792
MISC
CONFIRM
discourse — discourse-assign
 
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24866
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24873
MISC
MISC
CONFIRM
shopware — shopware Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24879
CONFIRM
MISC
MISC
tethik — tethik
 
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. 2022-04-25 not yet calculated CVE-2022-24880
MISC
MISC
MISC
CONFIRM
ballcat — ballcat
 
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. 2022-04-26 not yet calculated CVE-2022-24881
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24882
MISC
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 2022-04-26 not yet calculated CVE-2022-24883
MISC
CONFIRM
MISC
MISC
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24885
MISC
MISC
CONFIRM
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24886
MISC
MISC
CONFIRM
nextcloud — talk
 
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24887
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing n, r, t, and v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24888
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 2022-04-27 not yet calculated CVE-2022-24889
CONFIRM
MISC
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for “onsiteURL” in the **antisamy-esapi.xml** configuration file that can cause “javascript:” URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the “onsiteURL” regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers’ release notes and security bulletin. 2022-04-27 not yet calculated CVE-2022-24891
MISC
CONFIRM
MISC
shopware — shopware
 
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. 2022-04-28 not yet calculated CVE-2022-24892
MISC
MISC
CONFIRM
xwiki — xwiki
 
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-04-28 not yet calculated CVE-2022-24898
MISC
MISC
CONFIRM
piano_led — piano_led
 
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. 2022-04-29 not yet calculated CVE-2022-24900
MISC
CONFIRM
MISC
MISC
MISC
lexmark — multiple_products
 
Lexmark products through 2022-02-10 have Incorrect Access Control. 2022-04-28 not yet calculated CVE-2022-24935
MISC
MISC
tagify — tagify
 
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. 2022-04-29 not yet calculated CVE-2022-25854
CONFIRM
CONFIRM
CONFIRM
CONFIRM
czproject — czproject
 
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-25 not yet calculated CVE-2022-25866
CONFIRM
CONFIRM
CONFIRM
nextcloud — android
 
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. 2022-04-25 not yet calculated CVE-2022-26111
MISC
MISC
hoteldruid — hotel_management_software
 
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. 2022-04-26 not yet calculated CVE-2022-26564
MISC
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. 2022-04-25 not yet calculated CVE-2022-26596
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. 2022-04-25 not yet calculated CVE-2022-26597
MISC
element-plus — element-plus
 
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. 2022-04-25 not yet calculated CVE-2022-27103
MISC
MISC
MISC
adobe — xpdf
 
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. 2022-04-25 not yet calculated CVE-2022-27135
MISC
MISC
MISC
cifa-utils — cifa-utils
 
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. 2022-04-27 not yet calculated CVE-2022-27239
MISC
MISC
MISC
MISC
MISC
hms — hms
 
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. 2022-04-26 not yet calculated CVE-2022-27299
MISC
amro — amro
 
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. 2022-04-25 not yet calculated CVE-2022-27311
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. 2022-04-27 not yet calculated CVE-2022-27331
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-27332
MISC
seacms — seacms
 
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. 2022-04-27 not yet calculated CVE-2022-27336
MISC
mcms — mcms
 
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. 2022-04-22 not yet calculated CVE-2022-27340
MISC
MISC
tenda — tenda
 
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. 2022-04-25 not yet calculated CVE-2022-27374
MISC
tenda — tenda Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. 2022-04-25 not yet calculated CVE-2022-27375
MISC
gallerycms — gallerycms
 
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. 2022-04-25 not yet calculated CVE-2022-27428
MISC
jizhicms — jizhicms
 
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. 2022-04-25 not yet calculated CVE-2022-27429
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. 2022-04-26 not yet calculated CVE-2022-27468
MISC
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). 2022-04-26 not yet calculated CVE-2022-27469
MISC
MISC
wordpress — wordpress
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 2022-04-26 not yet calculated CVE-2022-27854
CONFIRM
CONFIRM
wordpress — shea_bunge_footer_text 
 
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. 2022-04-28 not yet calculated CVE-2022-27860
CONFIRM
CONFIRM
palantir — palantir
 
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. 2022-04-26 not yet calculated CVE-2022-27888
MISC
controlup — real-time_agent
 
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:) to exploit this. 2022-04-27 not yet calculated CVE-2022-27905
MISC
cuppacms — cuppacms
 
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. 2022-04-26 not yet calculated CVE-2022-27984
MISC
MISC
cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. 2022-04-26 not yet calculated CVE-2022-27985
MISC
MISC
typemill — typemill
 
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28053
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backendfile_controller.php. 2022-04-26 not yet calculated CVE-2022-28058
MISC
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backenddatabase_controller.php. 2022-04-26 not yet calculated CVE-2022-28059
MISC
MISC
victor_cms — victor_cms
 
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. 2022-04-28 not yet calculated CVE-2022-28060
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-28085
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28093
MISC
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. 2022-04-25 not yet calculated CVE-2022-28094
MISC
MISC
MISC
turtlapp — turtle_note
 
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. 2022-04-28 not yet calculated CVE-2022-28101
MISC
MISC
php — mysql_admin_panel_generator
 
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. 2022-04-28 not yet calculated CVE-2022-28102
MISC
MISC
dscms — dscms
 
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. 2022-04-28 not yet calculated CVE-2022-28114
MISC
navigate_cms — navigate_cms
 
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. 2022-04-28 not yet calculated CVE-2022-28117
MISC
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28193
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28194
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28195
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. 2022-04-27 not yet calculated CVE-2022-28196
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28197
MISC
nvidia — omniverse_nucleus_and_cache
 
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. 2022-04-29 not yet calculated CVE-2022-28198
MISC
ciphermail — webmail_messenger
 
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). 2022-04-26 not yet calculated CVE-2022-28218
MISC
MISC
MISC
wordpress — country_selector_plugin
 
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request 2022-04-25 not yet calculated CVE-2022-28290
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC
nopsolutions — nopcommerce nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. 2022-04-26 not yet calculated CVE-2022-28448
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. 2022-04-26 not yet calculated CVE-2022-28449
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. 2022-04-26 not yet calculated CVE-2022-28450
MISC
lms_red_planet_laundry_management_system — lms_red_planet_laundry_management_system
 
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. 2022-04-29 not yet calculated CVE-2022-28452
MISC
MISC
MISC
MISC
limbas — limbas
 
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28454
MISC
MISC
MISC
apifox — apifox
 
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. 2022-04-27 not yet calculated CVE-2022-28464
MISC
wbce — wbce
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28477
MISC
MISC
allmediaserver — allmediaserver
 
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. 2022-04-29 not yet calculated CVE-2022-28480
MISC
giflib — giflb
 
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. 2022-04-25 not yet calculated CVE-2022-28506
MISC
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. 2022-04-26 not yet calculated CVE-2022-28521
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. 2022-04-26 not yet calculated CVE-2022-28522
MISC
MISC
hongcms — hongcms
 
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. 2022-04-26 not yet calculated CVE-2022-28523
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. 2022-04-26 not yet calculated CVE-2022-28524
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. 2022-04-26 not yet calculated CVE-2022-28525
MISC
dhcms — dhcms
 
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. 2022-04-26 not yet calculated CVE-2022-28527
MISC
bloofox — bloofoxcms
 
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. 2022-04-26 not yet calculated CVE-2022-28528
MISC
hoosk — hoosk
 
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. 2022-04-25 not yet calculated CVE-2022-28586
MISC
qualys — assetview
 
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. 2022-04-28 not yet calculated CVE-2022-28719
MISC
MISC
f-secure — atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-04-25 not yet calculated CVE-2022-28871
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. 2022-04-28 not yet calculated CVE-2022-28892
MISC
greencms — greencms
 
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. 2022-04-26 not yet calculated CVE-2022-28918
MISC
smallsrv — smallsrv
 
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. 2022-04-29 not yet calculated CVE-2022-28994
MISC
rippled — rippled A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. 2022-04-25 not yet calculated CVE-2022-29077
MISC
MISC
MISC
ejs — ejs_for_node.js
 
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). 2022-04-25 not yet calculated CVE-2022-29078
MISC
MISC
zoho — manageengine_access_manager_plus
 
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. 2022-04-28 not yet calculated CVE-2022-29081
MISC
MISC
ericom — powerterm_webconnect
 
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. 2022-04-28 not yet calculated CVE-2022-29152
MISC
MISC
coreboot — coreboot
 
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. 2022-04-25 not yet calculated CVE-2022-29264
MISC
MISC
apache — nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC
wordpress — hermit_plugin
 
Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 2022-04-28 not yet calculated CVE-2022-29410
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). 2022-04-28 not yet calculated CVE-2022-29411
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 2022-04-28 not yet calculated CVE-2022-29412
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. 2022-04-28 not yet calculated CVE-2022-29413
CONFIRM
CONFIRM
wpkube — subscribe_to_comments_reloaded_plugin
 
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. 2022-04-29 not yet calculated CVE-2022-29414
CONFIRM
CONFIRM
wordpress — ravpage_plugin
 
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. 2022-04-28 not yet calculated CVE-2022-29415
CONFIRM
CONFIRM
wordpress — shortpixel_adaptive_images_plugin
 
Plugin Settings Update vulnerability in ShortPixel’s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. 2022-04-25 not yet calculated CVE-2022-29417
CONFIRM
CONFIRM
wordpress — night_mode_plugin
 
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 2022-04-25 not yet calculated CVE-2022-29418
CONFIRM
CONFIRM
wordpress — 3xsocializer_plugin
 
SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 2022-04-25 not yet calculated CVE-2022-29419
CONFIRM
CONFIRM
wordpress — rara_one_click_demo_import_plugin
 
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. 2022-04-29 not yet calculated CVE-2022-29451
CONFIRM
CONFIRM
mitel — mivoice_connect
 
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. 2022-04-26 not yet calculated CVE-2022-29499
CONFIRM
line_corporation — line_for_windows
 
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. 2022-04-27 not yet calculated CVE-2022-29505
MISC
htmlunit — nekohtml_parser HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. 2022-04-25 not yet calculated CVE-2022-29546
CONFIRM
northern.tech –mender_enterprise The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. 2022-04-28 not yet calculated CVE-2022-29555
MISC
MISC
northern.tech — mender_enterprise The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. 2022-04-28 not yet calculated CVE-2022-29556
MISC
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. 2022-04-28 not yet calculated CVE-2022-29584
MISC
MISC
mahara — mahara
 
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). 2022-04-28 not yet calculated CVE-2022-29585
MISC
MISC
universis — universis-api
 
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. 2022-04-25 not yet calculated CVE-2022-29603
MISC
MISC
zammad — zammad
 
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. 2022-04-27 not yet calculated CVE-2022-29700
MISC
zammad — zammad
 
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. 2022-04-27 not yet calculated CVE-2022-29701
MISC
zoneminder — zoneminder
 
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. 2022-04-26 not yet calculated CVE-2022-29806
MISC
MISC
MISC
MISC
hashicorp — go-getter
 
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. 2022-04-27 not yet calculated CVE-2022-29810
MISC
MISC
MISC
jetbrains — hub
 
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. 2022-04-28 not yet calculated CVE-2022-29811
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient 2022-04-28 not yet calculated CVE-2022-29812
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible 2022-04-28 not yet calculated CVE-2022-29813
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 2022-04-28 not yet calculated CVE-2022-29814
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible 2022-04-28 not yet calculated CVE-2022-29815
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible 2022-04-28 not yet calculated CVE-2022-29816
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible 2022-04-28 not yet calculated CVE-2022-29817
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed 2022-04-28 not yet calculated CVE-2022-29818
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29819
MISC
jetbrains — pycharm
 
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible 2022-04-28 not yet calculated CVE-2022-29820
MISC
jetbrains — rider
 
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29821
MISC
automation_anywhere — automation360_22
 
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. 2022-04-29 not yet calculated CVE-2022-29856
MISC
MISC
ambiot — amb1_sdk
 
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. 2022-04-27 not yet calculated CVE-2022-29859
MISC
cif-utils — cifs_utils
 
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. 2022-04-28 not yet calculated CVE-2022-29869
MISC
MISC
mdeiawiki — private_domains The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. 2022-04-29 not yet calculated CVE-2022-29903
MISC
MISC
mediawiki — semanticdrilldown
 
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain ‘-‘ and ‘_’ constraints. 2022-04-29 not yet calculated CVE-2022-29904
MISC
MISC
mediawiki — fanboxes
 
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. 2022-04-29 not yet calculated CVE-2022-29905
MISC
MISC
mediawiki — quizgame
 
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. 2022-04-29 not yet calculated CVE-2022-29906
MISC
MISC
mediawiki_nimbus_skin
 
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 2022-04-29 not yet calculated CVE-2022-29907
MISC
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29934
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29935
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29936
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29937
MISC
dji — aeroscope
 
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol. 2022-04-29 not yet calculated CVE-2022-29945
MISC
MISC
MISC
woodpecker — woodpecker
 
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. 2022-04-29 not yet calculated CVE-2022-29947
MISC
MISC
glewlwyd — glewlwyd
 
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. 2022-04-29 not yet calculated CVE-2022-29967
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of February 28, 2022

03/07/2022 07:14 AM EST

Original release date: March 7, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. 2022-02-25 7.5 CVE-2022-24340
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. 2022-02-25 7.5 CVE-2022-24442
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — airflow It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. 2022-02-25 4.3 CVE-2021-45229
MISC
apache — airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. 2022-02-25 6.5 CVE-2022-24288
MISC
apache — jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 6.8 CVE-2022-24947
MISC
MLIST
apache — jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 4.3 CVE-2022-24948
MISC
MLIST
dolibarr — dolibarr Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. 2022-02-25 4 CVE-2022-0746
CONFIRM
MISC
hashicorp — terraform_enterprise HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. 2022-02-25 5 CVE-2022-25374
MISC
MISC
jetbrains — hub In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. 2022-02-25 5 CVE-2022-24327
MISC
MISC
jetbrains — hub In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. 2022-02-25 4 CVE-2022-24328
MISC
MISC
jetbrains — hub JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. 2022-02-25 4.3 CVE-2022-25259
MISC
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. 2022-02-25 4.6 CVE-2022-24345
MISC
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. 2022-02-25 4.6 CVE-2022-24346
MISC
MISC
jetbrains — kotlin In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. 2022-02-25 5 CVE-2022-24329
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. 2022-02-25 4 CVE-2022-24337
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. 2022-02-25 4 CVE-2022-24333
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. 2022-02-25 6.8 CVE-2022-24335
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. 2022-02-25 4.3 CVE-2022-24338
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. 2022-02-25 6.8 CVE-2022-24342
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn’t terminate sessions of the edited user. 2022-02-25 5 CVE-2022-24341
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. 2022-02-25 5 CVE-2022-24336
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. 2022-02-25 5 CVE-2022-24334
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, a logout action didn’t remove a Remember Me cookie. 2022-02-25 5 CVE-2022-24332
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. 2022-02-25 5.8 CVE-2022-24330
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. 2022-02-25 4 CVE-2022-24343
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
eyesofnetwork — eyesofnetwork An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. 2022-02-25 3.5 CVE-2022-24612
MISC
google — fscrypt fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. 2022-02-25 2.1 CVE-2022-25326
CONFIRM
ibm — vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. 2022-02-25 2.1 CVE-2021-38993
XF
CONFIRM
jetbrains — teamcity JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. 2022-02-25 3.5 CVE-2022-24339
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. 2022-02-25 3.5 CVE-2022-24344
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. 2022-02-25 3.5 CVE-2022-24347
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info

15zine — 15zine

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2020-36510
MISC
academy_software_foundation — openexr A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. 2022-03-04 not yet calculated CVE-2021-20303
MISC
MISC
MISC
academy_software_foundation — openexr A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-20302
MISC
MISC
MISC
academy_software_foundation — openexr
 
A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-20300
MISC
MISC
MISC
air_cargo_management_system — air_cargo_management_system
 
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. 2022-03-02 not yet calculated CVE-2022-26169
MISC
alfresco — alfresco_community_edition
 
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 2022-03-04 not yet calculated CVE-2020-18327
MISC
MISC
algorithmia — msol
 
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. 2022-03-01 not yet calculated CVE-2021-42951
MISC
MISC
ametys — cms
 
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. 2022-02-28 not yet calculated CVE-2022-26159
MISC
MISC
MISC
ansible — ansible_engine A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. 2022-03-03 not yet calculated CVE-2021-3620
MISC
MISC
MISC
any23 — any23
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. 2022-03-05 not yet calculated CVE-2022-25312
MISC
MLIST
apache — poi
 
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. 2022-03-04 not yet calculated CVE-2022-26336
CONFIRM
archeevo — archeevo
 
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. 2022-03-01 not yet calculated CVE-2022-23377
MISC
argus — surveillance_dvr
 
Argus Surveillance DVR v4.0 employs weak password encryption. 2022-03-01 not yet calculated CVE-2022-25012
MISC
MISC
arm — arm
 
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function. 2022-03-03 not yet calculated CVE-2022-22706
MISC
MISC
arm — astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). 2022-02-28 not yet calculated CVE-2021-44331
MISC
arm — astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in “/Source/astcenc_compress_symbolic.cpp”. 2022-02-28 not yet calculated CVE-2021-43086
MISC
aruba — aos-cx
 
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41000
MISC
aruba — aos-cx
 
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. 2022-03-02 not yet calculated CVE-2021-41001
MISC
aruba — aos-cx
 
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41003
MISC
aruba — aos-cx
 
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41002
MISC
asgaros_forum — asgaros_forum
 
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection 2022-02-28 not yet calculated CVE-2022-0411
MISC
CONFIRM
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. 2022-02-28 not yet calculated CVE-2021-43945
MISC
audio_file — audio_file
 
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. 2022-02-28 not yet calculated CVE-2022-25023
MISC
auto_spare_parts_management — auto_spare_parts_management
 
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. 2022-03-02 not yet calculated CVE-2022-25398
MISC
axelor — open_suite Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. 2022-03-03 not yet calculated CVE-2022-25138
MISC
MISC
aya — ayacms
 
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, 2022-03-01 not yet calculated CVE-2021-44238
MISC
bank_management_system — bank_management_system
 
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. 2022-03-02 not yet calculated CVE-2022-26171
MISC
basebmpsupportlib — basebmpsupportlib Heap Overflow in BaseBmpSupportLib. 2022-03-03 not yet calculated CVE-2021-38577
MISC
batflat– cms
 
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. 2022-03-01 not yet calculated CVE-2021-41652
MISC
MISC
big_fix_compliance — big_fix_compliance
 
“TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” 2022-03-04 not yet calculated CVE-2021-27756
MISC
big_fix_insights — big_fix_insights
 
“Insecure password storage issue. The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” 2022-03-04 not yet calculated CVE-2021-27757
MISC
bluez — bluetoothd
 
bluetoothd from bluez incorrectly saves adapters’ Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. 2022-03-02 not yet calculated CVE-2021-3658
MISC
MISC
MISC
MISC
buildah — buildah
 
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). 2022-03-03 not yet calculated CVE-2021-3602
MISC
MISC
MISC
MISC
cacti — cacti
 
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. 2022-03-03 not yet calculated CVE-2022-0730
MISC
car_driving_school_management_system — car_driving_school_management_system

 

Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. 2022-02-28 not yet calculated CVE-2022-24572
MISC
car_driving_school_management_system — car_driving_school_management_system
 
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. 2022-02-28 not yet calculated CVE-2022-24571
MISC
MISC
MISC
cedar_gate — ez-net
 
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. 2022-03-04 not yet calculated CVE-2022-23397
MISC
cherwell — cherwell service_management An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. 2022-02-28 not yet calculated CVE-2022-26155
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. 2022-02-28 not yet calculated CVE-2022-26157
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 2022-02-28 not yet calculated CVE-2022-26158
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker’s server. 2022-02-28 not yet calculated CVE-2022-26156
MISC
MISC
cipi — cipi
 
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. 2022-03-01 not yet calculated CVE-2022-26332
MISC
MISC
clair — claircore
 
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. 2022-03-03 not yet calculated CVE-2021-3762
MISC
MISC
MISC
MISC
MISC
MISC
cmark-grm — cmark-gfm
 
cmark-gfm is GitHub’s extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm’s table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who’s marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. 2022-03-03 not yet calculated CVE-2022-24724
CONFIRM
cms_made_simple — cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. 2022-02-28 not yet calculated CVE-2022-23906
MISC
cms_made_simple — cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. 2022-02-28 not yet calculated CVE-2022-23907
MISC
codeigniter4 — codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. 2022-02-28 not yet calculated CVE-2022-24711
MISC
CONFIRM
codeigniter4 — codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. 2022-02-28 not yet calculated CVE-2022-24712
MISC
CONFIRM
contact_forms-drag_and_drop_contact_form_builder — contact_forms-drag_and_drop_contact_form_builder
 
The Contact Forms – Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack 2022-02-28 not yet calculated CVE-2021-24689
MISC
contaierd — containerd
 
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. 2022-03-03 not yet calculated CVE-2022-23648
CONFIRM
MISC
MISC
MISC
MISC
core_tweaks_wp_setup — core_tweaks_wp_setup
 
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks 2022-02-28 not yet calculated CVE-2021-24803
MISC
coreos-installer — coreos-installer
 
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. 2022-03-04 not yet calculated CVE-2021-20319
MISC
MISC
MISC
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. 2022-03-02 not yet calculated CVE-2022-25395
MISC
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. 2022-03-02 not yet calculated CVE-2022-25396
MISC
cost _calculator — cost_calculator
 
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout 2022-02-28 not yet calculated CVE-2021-24820
MISC
crazy_bone — crazy_bone
 
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting 2022-02-28 not yet calculated CVE-2022-0385
MISC
customize — customize
 
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). 2022-02-28 not yet calculated CVE-2022-0345
MISC
cyberark — identity
 
CyberArk Identity versions up to and including 22.1 in the ‘StartAuthentication’ resource, exposes the response header ‘X-CFY-TX-TM’. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. 2022-03-03 not yet calculated CVE-2022-22700
MISC
MISC
d-link — dap-1620
 
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. 2022-03-04 not yet calculated CVE-2021-46381
MISC
MISC
d-link — dir-859
 
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2022-03-04 not yet calculated CVE-2022-25106
MISC
MISC
MISC
datarobot — datarobot
 
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. 2022-02-28 not yet calculated CVE-2021-45414
MISC
dell — emc_enterprise_storage_analytics_for_vrealize_operations
 
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-03-04 not yet calculated CVE-2021-43590
MISC
devolutions — password_hub_for_ios
 
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. 2022-03-03 not yet calculated CVE-2022-23849
MISC
MISC
dlink — dir-x1860
 
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. 2022-03-04 not yet calculated CVE-2021-46353
MISC
MISC
dlink — dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. 2022-03-04 not yet calculated CVE-2021-46379
MISC
MISC
dlink — dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. 2022-03-04 not yet calculated CVE-2021-46378
MISC
MISC
dolibarr — dolibarr
 
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. 2022-03-02 not yet calculated CVE-2022-0819
MISC
CONFIRM
dropbox — lepton
 
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. 2022-02-28 not yet calculated CVE-2022-26181
MISC
MISC
MISC
dynamic_widgets — dynamic_widgets
 
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2021-24933
MISC
easy_drag_and_drop_all_import — easy_drag_and_drop_all_import
 
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2022-0360
MISC
CONFIRM
editabletable — editabletable
 
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-28 not yet calculated CVE-2021-24898
MISC
elasticsearch — elasticsearch
 
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. 2022-03-03 not yet calculated CVE-2022-23710
MISC
elastisearch — elastisearch
 
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. 2022-03-03 not yet calculated CVE-2022-23708
MISC
element-it — http_commander
 
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. 2022-03-03 not yet calculated CVE-2022-24573
MISC
MISC
espruino — espruino
 
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. 2022-03-05 not yet calculated CVE-2022-25044
MISC
MISC
espruno — espruno
 
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. 2022-03-05 not yet calculated CVE-2022-25465
MISC
event_managemnt — event_management Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. 2022-03-02 not yet calculated CVE-2022-25114
MISC
excel_streaming_reader — excel_streaming_reader
 
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround. 2022-03-02 not yet calculated CVE-2022-23640
CONFIRM
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. 2022-03-01 not yet calculated CVE-2022-24253
MISC
MISC
MISC
extensis — portfolio
 
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. 2022-03-01 not yet calculated CVE-2022-24254
MISC
MISC
MISC
MISC
extensis — portfolio
 
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. 2022-03-01 not yet calculated CVE-2022-24252
MISC
MISC
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. 2022-03-01 not yet calculated CVE-2022-24255
MISC
MISC
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. 2022-03-01 not yet calculated CVE-2022-24251
MISC
MISC
MISC
f-secure — f-secure
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. 2022-03-01 not yet calculated CVE-2021-44747
MISC
finastra — ssr-pages ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4. 2022-03-01 not yet calculated CVE-2022-24718
MISC
MISC
CONFIRM
finastra — ssr-pages
 
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5. 2022-03-01 not yet calculated CVE-2022-24717
MISC
MISC
MISC
CONFIRM
fluture-js — fluture-node
 
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2. 2022-03-01 not yet calculated CVE-2022-24719
MISC
MISC
MISC
CONFIRM
fortinet — fortianalyzer A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. 2022-03-01 not yet calculated CVE-2022-22300
CONFIRM
fortinet — fortiap-c
 
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. 2022-03-02 not yet calculated CVE-2022-22301
CONFIRM
fortinet — fortigate
 
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. 2022-03-01 not yet calculated CVE-2020-15936
CONFIRM
fortinet — fortimail
 
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. 2022-03-01 not yet calculated CVE-2021-32586
CONFIRM
fortinet — fortimail
 
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account’s authentication token by means of the observation of certain system’s properties. 2022-03-01 not yet calculated CVE-2021-36166
CONFIRM
fortinet — fortimanager
 
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. 2022-03-02 not yet calculated CVE-2022-22303
CONFIRM
fortinet — fortiportal
 
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. 2022-03-01 not yet calculated CVE-2021-36171
CONFIRM
fortinet — fortitoken_mobile
 
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user’s password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. 2022-03-02 not yet calculated CVE-2021-44166
CONFIRM
fortinet — fortiwlm
 
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. 2022-03-02 not yet calculated CVE-2021-43070
CONFIRM
fortinet — fortiwlm
 
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. 2022-03-01 not yet calculated CVE-2021-43075
CONFIRM
fortinet — fortiwlm
 
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. 2022-03-01 not yet calculated CVE-2021-43077
CONFIRM
frrouting — frrouting Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. 2022-03-03 not yet calculated CVE-2022-26125
MISC
frrouting — frrouting A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26127
MISC
frrouting — frrouting A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26128
MISC
frrouting — frrouting Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. 2022-03-03 not yet calculated CVE-2022-26126
MISC
frrouting — frrouting
 
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26129
MISC
fulifilm — docucenter-vi
 
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. 2022-03-03 not yet calculated CVE-2021-43774
MISC
MISC
genixcms — genixcms
 
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options” via the intro_title and intro_image parameters. 2022-03-03 not yet calculated CVE-2022-24563
MISC
MISC
MISC
getgrav — grav
 
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. 2022-02-28 not yet calculated CVE-2022-0743
MISC
CONFIRM
go-ethereum — go-ethereum
 
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node’s memory pool, causing a denial of service (DoS). 2022-03-04 not yet calculated CVE-2022-23327
MISC
MISC
MISC
MISC
go-ethereum — go-ethereum
 
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node’s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). 2022-03-04 not yet calculated CVE-2022-23328
MISC
MISC
MISC
MISC
golang — go
 
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 2022-03-05 not yet calculated CVE-2022-24921
CONFIRM
grand_flagallery — grand_flagallery
 
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2021-24903
MISC
grcp — grcp
 
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. 2022-02-28 not yet calculated CVE-2022-26315
MISC
hakimel — revealjs
 
Cross-site Scripting (XSS) – DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. 2022-03-01 not yet calculated CVE-2022-0776
MISC
CONFIRM
haproxy — haproxy
 
A flaw was found in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. 2022-03-02 not yet calculated CVE-2022-0711
MISC
MISC
MISC
hashicorp — nomad
 
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. 2022-02-28 not yet calculated CVE-2022-24685
MISC
MISC
hazelcast — hazelcast
 
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1. 2022-03-03 not yet calculated CVE-2022-0265
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-04 not yet calculated CVE-2022-0752
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. 2022-03-04 not yet calculated CVE-2022-0838
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-03 not yet calculated CVE-2022-0753
MISC
CONFIRM
hicos — hicos
 
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. 2022-03-01 not yet calculated CVE-2020-12775
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. 2022-02-28 not yet calculated CVE-2022-25028
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. 2022-03-02 not yet calculated CVE-2022-25045
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2. 2022-02-28 not yet calculated CVE-2022-25029
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. 2022-03-02 not yet calculated CVE-2022-25115
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. 2022-02-26 not yet calculated CVE-2022-25096
MISC
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-03-02 not yet calculated CVE-2022-25016
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25409
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25408
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25407
MISC
hoteldruid — hoteldruid
 
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. 2022-03-03 not yet calculated CVE-2022-22909
MISC
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23953
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23958
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23957
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23956
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23955
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23954
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. 2022-03-03 not yet calculated CVE-2021-26259
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. 2022-03-02 not yet calculated CVE-2021-23180
MISC
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. 2022-03-02 not yet calculated CVE-2021-23206
MISC
MISC
MISC
MISC
htmldoc — htmldoc
 
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. 2022-03-03 not yet calculated CVE-2021-26948
MISC
htmldoc — htmldoc
 
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. 2022-03-02 not yet calculated CVE-2021-23191
MISC
MISC
MISC
MISC
htmly — htmly
 
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. 2022-03-01 not yet calculated CVE-2022-25022
MISC
MISC
MISC
MISC
MISC
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. 2022-03-01 not yet calculated CVE-2021-38955
CONFIRM
XF
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. 2022-03-02 not yet calculated CVE-2022-22350
XF
CONFIRM
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076. 2022-03-02 not yet calculated CVE-2021-38996
CONFIRM
XF
ibm — mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942. 2022-03-01 not yet calculated CVE-2021-38986
XF
CONFIRM
ibm — mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. 2022-03-01 not yet calculated CVE-2022-22321
XF
CONFIRM
ice — hrm Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “m” parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link. 2022-02-28 not yet calculated CVE-2022-25014
MISC
ice — hrm A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. 2022-02-28 not yet calculated CVE-2022-25015
MISC
ice — hrm
 
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the “key” and “fm” parameters in the component login.php. 2022-02-28 not yet calculated CVE-2022-25013
MISC
icl — scadaflex_ii_scada_controller
 
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. 2022-02-26 not yet calculated CVE-2022-25359
MISC
MISC
imagemagick_graphicsMagick — imagemagick_graphicsMagick
 
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. 2022-03-01 not yet calculated CVE-2022-24720
MISC
CONFIRM
incapptic — connect
 
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. 2022-03-04 not yet calculated CVE-2022-21828
MISC
jfrog — artifactory
 
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. 2022-03-02 not yet calculated CVE-2021-45074
MISC
MISC
jfrog — artifactory
 
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. 2022-03-02 not yet calculated CVE-2021-46270
MISC
MISC
jquery_cookie — jquery_cookie
 
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). 2022-03-02 not yet calculated CVE-2022-23395
MISC
kde — kcron
 
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. 2022-02-26 not yet calculated CVE-2022-24986
MISC
MISC
kibana — kibana
 
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. 2022-03-03 not yet calculated CVE-2022-23709
MISC
learnpress — learnpress
 
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a “POST” request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site. 2022-02-28 not yet calculated CVE-2022-0377
MISC
MISC
MISC
lg — devices
 
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. 2022-03-04 not yet calculated CVE-2022-23729
MISC
librenms — librenms
 
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.2.2. 2022-02-27 not yet calculated CVE-2022-0772
CONFIRM
MISC
libslic — libslic
 
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. 2022-03-01 not yet calculated CVE-2021-44961
MISC
MISC
MISC
libslic — libslic
 
An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2022-03-01 not yet calculated CVE-2021-44962
MISC
MISC
MISC
libtpms — libtpms
 
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. 2022-03-02 not yet calculated CVE-2021-3623
MISC
MISC
MISC
MISC
MISC
libvirt — libvirt
 
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. 2022-03-02 not yet calculated CVE-2021-3631
MISC
MISC
MISC
MISC
libvirt — libvirt
 
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. 2022-03-02 not yet calculated CVE-2021-3667
MISC
MISC
MISC
libxml2 — libxml2
 
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. 2022-02-26 not yet calculated CVE-2022-23308
MISC
CONFIRM
liferay — portal
 
Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. 2022-03-03 not yet calculated CVE-2021-38265
MISC
MISC
liferay — portal
 
Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module. 2022-03-03 not yet calculated CVE-2021-38267
MISC
MISC
liferay — portal
 
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. 2022-03-03 not yet calculated CVE-2022-25146
MISC
MISC
MISC
liferay — portal
 
Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module. 2022-03-03 not yet calculated CVE-2021-38263
MISC
MISC
liferay — portal
 
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP. 2022-03-02 not yet calculated CVE-2021-38266
MISC
MISC
liferay — portal
 
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API. 2022-03-02 not yet calculated CVE-2021-38268
MISC
MISC
liferay– portal
 
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the keywords parameter under the Frontend Taglib module. 2022-03-03 not yet calculated CVE-2021-38264
MISC
MISC
liferay– portal
 
Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module. 2022-03-03 not yet calculated CVE-2021-38269
MISC
MISC
linux — linux_kernal
 
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. 2022-03-03 not yet calculated CVE-2022-0492
MISC
MISC
linux — linux_kernel .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. 2022-03-03 not yet calculated CVE-2021-3609
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. 2022-03-04 not yet calculated CVE-2021-3428
MISC
MISC
MISC
linux — linux_kernel
 
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. 2022-03-03 not yet calculated CVE-2021-4002
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. 2022-02-26 not yet calculated CVE-2020-36516
MISC
linux — linux_kernel
 
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. 2022-03-03 not yet calculated CVE-2021-3640
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. 2022-03-04 not yet calculated CVE-2021-3744
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the “Routing decision” classifier in the Linux kernel’s Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2022-03-02 not yet calculated CVE-2021-3715
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-3743
MISC
MISC
MISC
MISC
MISC
MISC
linux — sctp_stack
 
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. 2022-03-02 not yet calculated CVE-2021-3772
MISC
MISC
MISC
MISC
liquibase — liquibase
 
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. 2022-03-04 not yet calculated CVE-2022-0839
MISC
CONFIRM
ljharb — npm-lockfile
 
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. 2022-03-03 not yet calculated CVE-2022-0841
MISC
CONFIRM
logo_showcase_with_slick_slider — logo_showcase_with_slick_slider
 
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. 2022-02-28 not yet calculated CVE-2021-24730
MISC
logo_showcase_with_slick_slider — logo_showcase_with_slick_slider
 
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. 2022-02-28 not yet calculated CVE-2021-24913
MISC
CONFIRM
maps_plugin_using_google_maps — maps_plugin_using_google_maps
 
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin’s settings via a CSRF attack 2022-02-28 not yet calculated CVE-2021-25081
MISC
CONFIRM
maps_plugin_using_google_maps — maps_plugin_using_google_maps
 
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin’s settings. 2022-02-28 not yet calculated CVE-2021-25011
MISC
CONFIRM
mark_text — mark_text
 
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. 2022-03-05 not yet calculated CVE-2022-25069
MISC
MISC
maxsite_cms — maxsite_cms
 
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. 2022-02-28 not yet calculated CVE-2022-25411
MISC
maxsite_cms — maxsite_cms
 
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. 2022-02-28 not yet calculated CVE-2022-25410
MISC
maxsite_cms — maxsite_cms
 
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. 2022-02-28 not yet calculated CVE-2022-25412
MISC
maxsite_cms — maxsite_cms
 
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. 2022-02-28 not yet calculated CVE-2022-25413
MISC
mcms — mcms
 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. 2022-03-03 not yet calculated CVE-2022-23899
MISC
mcms — mcms
 
gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${“freemarker.template.utility.Execute”?new()(“calc”)}. MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. 2022-03-04 not yet calculated CVE-2021-46384
MISC
mcms — mcms
 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. 2022-03-03 not yet calculated CVE-2022-23898
MISC
mcms — mcms
 
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. 2022-03-03 not yet calculated CVE-2022-25125
MISC
medical_store_management_system — medical_store_management_system
 
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. 2022-03-02 not yet calculated CVE-2022-25394
MISC
microweber — microweber
 
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. 2022-03-01 not yet calculated CVE-2022-0777
CONFIRM
MISC
microweber — microweber
 
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. 2022-03-04 not yet calculated CVE-2022-0855
MISC
CONFIRM
microweber — microweber
 
Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.2.11. 2022-02-26 not yet calculated CVE-2022-0723
MISC
CONFIRM
microweber — microweber
 
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. 2022-02-26 not yet calculated CVE-2022-0762
MISC
CONFIRM
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3. 2022-02-26 not yet calculated CVE-2022-0763
CONFIRM
MISC
migration,_backup,_staging  — migration,_backup,_staging
 
The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2021-24994
MISC
mikrotik — routeros
 
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. 2022-02-28 not yet calculated CVE-2020-22845
MISC
MISC
mikrotik — routeros
 
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. 2022-02-28 not yet calculated CVE-2020-22844
MISC
MISC
mini-inventory-and-sales-management-system — mini-inventory-and-sales-management-system
 
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. 2022-03-04 not yet calculated CVE-2021-44321
MISC
MISC
modx — revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. 2022-02-26 not yet calculated CVE-2022-26149
MISC
nbdkit — nbdkit
 
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. 2022-03-02 not yet calculated CVE-2021-3716
MISC
MISC
MISC
MISC
MISC
neo4j_graph — neo4j_graph
 
A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files. 2022-03-01 not yet calculated CVE-2021-42767
MISC
MISC
netgear — wac120_ac
 
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. 2022-03-04 not yet calculated CVE-2021-46382
MISC
MISC
obyte_wallet — obyte_wallet
 
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. 2022-02-28 not yet calculated CVE-2022-25642
MISC
MISC
MISC
ohio_supercomputer_center_open — ondemand
 
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. 2022-02-26 not yet calculated CVE-2020-27958
MISC
CONFIRM
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in “/ok_png.c”. 2022-03-03 not yet calculated CVE-2021-44343
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in “/ok_jpg.c:513” . 2022-02-28 not yet calculated CVE-2021-44334
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in “/ok_png.c:533”. 2022-03-03 not yet calculated CVE-2021-44335
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in -fi”/ok_jpg.c:403″. 2022-02-28 not yet calculated CVE-2021-44340
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in “/ok_png.c:712”. 2022-02-28 not yet calculated CVE-2021-44339
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in “/ok_png.c:494”. 2022-02-28 not yet calculated CVE-2021-44342
MISC
openemr– openemr
 
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. 2022-03-03 not yet calculated CVE-2022-25471
MISC
MISC
MISC
openjpeg — openjpeg
 
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. 2022-03-04 not yet calculated CVE-2021-3575
MISC
MISC
MISC
openstack-nova — novnc
 
A vulnerability was found in openstack-nova’s console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. 2022-03-02 not yet calculated CVE-2021-3654
MISC
MISC
MISC
MISC
MISC
MISC
MISC
os4ed — opensis
 
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. 2022-03-03 not yet calculated CVE-2021-40635
MISC
os4ed — opensis
 
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. 2022-03-03 not yet calculated CVE-2021-40636
MISC
os4ed — opensis
 
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user’s cookie and take over the working session of user. 2022-03-03 not yet calculated CVE-2021-40637
MISC
part-db — part-db
 
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. 2022-03-04 not yet calculated CVE-2022-0848
CONFIRM
MISC
petereport — petereport
 
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. 2022-03-03 not yet calculated CVE-2022-25220
MISC
MISC
petereport — petereport
 
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an ‘Attack Tree’ by modifying the ‘svg_file’ parameter. 2022-03-03 not yet calculated CVE-2022-23051
MISC
MISC
petereport — petereport
 
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. 2022-03-03 not yet calculated CVE-2022-23052
MISC
MISC
pfsense — pfsense
 
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. 2022-03-01 not yet calculated CVE-2021-41282
MISC
MISC
MISC
MISC
php — php
 
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. 2022-02-27 not yet calculated CVE-2021-21708
CONFIRM
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 not yet calculated CVE-2022-0832
MISC
CONFIRM
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 not yet calculated CVE-2022-0831
CONFIRM
MISC
pluxml — pluxml Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. 2022-03-01 not yet calculated CVE-2022-25018
MISC
MISC
MISC
MISC
pluxml — pluxml
 
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. 2022-03-01 not yet calculated CVE-2022-25020
MISC
MISC
MISC
MISC
post_snippets — post_snippets
 
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2021-25010
MISC
postgres — postgres A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “virt_ext” field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. 2022-03-04 not yet calculated CVE-2021-3656
MISC
MISC
MISC
MISC
postgres — postgres
 
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption. 2022-03-02 not yet calculated CVE-2021-23222
MISC
MISC
MISC
MISC
postgres — postgres
 
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. 2022-03-04 not yet calculated CVE-2021-23214
MISC
MISC
MISC
MISC
postgresql — postgresql
 
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. 2022-03-02 not yet calculated CVE-2021-3677
MISC
MISC
printix — secure_cloud_print_management
 
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE. 2022-03-03 not yet calculated CVE-2022-25089
MISC
MISC
MISC
puppetlabs — firewall
 
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. 2022-03-02 not yet calculated CVE-2022-0675
MISC
python — cpython A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-3737
MISC
MISC
MISC
MISC
MISC
pytorchlightning — pytorch
 
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. 2022-03-05 not yet calculated CVE-2022-0845
CONFIRM
MISC
qemu — qemu
 
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. 2022-03-03 not yet calculated CVE-2021-3638
MISC
MISC
MISC
qt — qt
 
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. 2022-03-02 not yet calculated CVE-2022-25634
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
radareorg — radare2
 
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. 2022-03-05 not yet calculated CVE-2022-0849
MISC
CONFIRM
remote_desktop_commander_suite_agent — remote_desktop_commander_suite_agent
 
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-03-03 not yet calculated CVE-2022-25031
MISC
MISC
rhinode — trading_paints
 
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. 2022-03-04 not yet calculated CVE-2021-40846
MISC
MISC
rog — live_service
 
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. 2022-03-01 not yet calculated CVE-2022-22262
MISC
rtl_433 — rtl_433 An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. 2022-03-02 not yet calculated CVE-2022-25051
MISC
MISC
MISC
rtl_433 — rtl_433
 
rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. 2022-03-02 not yet calculated CVE-2022-25050
MISC
MISC
MISC
rudloff — alltube
 
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. 2022-02-28 not yet calculated CVE-2022-0768
MISC
CONFIRM
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds. 2022-02-28 not yet calculated CVE-2021-41112
CONFIRM
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds. 2022-02-28 not yet calculated CVE-2021-41111
CONFIRM
MISC
samba — samba
 
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called ‘association groups’. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid ‘struct session_info’. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. 2022-03-02 not yet calculated CVE-2021-3738
MISC
MISC
MISC
samba — samba
 
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. 2022-03-02 not yet calculated CVE-2021-23192
MISC
MISC
MISC
sangfor — vdi_client
 
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. 2022-02-26 not yet calculated CVE-2022-22908
MISC
scrapy — scrapy Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. 2022-03-02 not yet calculated CVE-2022-0577
MISC
CONFIRM
seacms — seacms
 
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. 2022-03-02 not yet calculated CVE-2022-23878
MISC
secomea — gatemanager This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. 2022-03-04 not yet calculated CVE-2021-32008
MISC
security_audit — security_audit
 
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2021-24901
MISC
shescape — shescape
 
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, “~”)`. 2022-03-03 not yet calculated CVE-2022-24725
MISC
MISC
CONFIRM
simple_bakery_shop_management — simpole_bakery_shop_management
 
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. 2022-03-02 not yet calculated CVE-2022-25393
MISC
simple_membership — simple_membership
 
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack 2022-02-28 not yet calculated CVE-2022-0328
MISC
CONFIRM
simple_mobile_comparison_website — simple_mobile_comparison_website
 
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. 2022-03-02 not yet calculated CVE-2022-26170
MISC
simple_real_estate_portal_system — simple_real_estate_portal_system
 
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. 2022-03-02 not yet calculated CVE-2022-25399
MISC
smmentrypoint — smmentrypoint
 
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. 2022-03-03 not yet calculated CVE-2021-38578
MISC
spectrum — scale
 
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. 2022-03-01 not yet calculated CVE-2020-4925
CONFIRM
XF
statcounter — statcounter
 
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-28 not yet calculated CVE-2021-24920
CONFIRM
MISC
stepmania — stepmania
 
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. 2022-03-01 not yet calculated CVE-2022-25010
MISC
stmicroelectronics — stsafej
 
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 not yet calculated CVE-2021-43393
MISC
MISC
stmicroelectronics — stsafej
 
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 not yet calculated CVE-2021-43392
MISC
MISC
storagegrid — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. 2022-03-04 not yet calculated CVE-2022-23233
MISC
storagegrid — storagegrid
 
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). 2022-03-04 not yet calculated CVE-2022-23232
MISC
strapi — strapi
 
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. 2022-02-26 not yet calculated CVE-2022-0764
CONFIRM
MISC
subrion — cms Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. 2022-03-04 not yet calculated CVE-2020-18326
MISC
MISC
MISC
subrion — cms Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. 2022-03-04 not yet calculated CVE-2020-18325
MISC
MISC
MISC
subrion — cms
 
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. 2022-03-04 not yet calculated CVE-2020-18324
MISC
MISC
MISC
support_board — support_board
 
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files 2022-02-28 not yet calculated CVE-2021-24823
MISC
MISC
symentec — management_agent
 
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. 2022-03-04 not yet calculated CVE-2022-25623
MISC
tang — tang
 
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. 2022-03-02 not yet calculated CVE-2021-4076
MISC
MISC
MISC
taocms — taocms
 
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. 2022-03-01 not yet calculated CVE-2022-23380
MISC
taocms — taocms
 
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. 2022-03-01 not yet calculated CVE-2022-23387
MISC
MISC
tenda — tenda_ax3
 
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 not yet calculated CVE-2021-46393
MISC
tenda — tenda_ax3
 
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 not yet calculated CVE-2021-46394
MISC
testimonial — testimonial
 
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection 2022-02-28 not yet calculated CVE-2022-23911
CONFIRM
MISC
testimonial — testimonial
 
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting 2022-02-28 not yet calculated CVE-2022-23912
MISC
CONFIRM
ti_woocommerce_wishlist — ti_woocommerce_wishlist The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks 2022-02-28 not yet calculated CVE-2022-0412
MISC
CONFIRM
tor — browser
 
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn’t properly free memory. 2022-02-26 not yet calculated CVE-2021-46702
MISC
tp-link — archer
 
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. 2022-03-04 not yet calculated CVE-2021-44827
MISC
MISC
MISC
transloadit — transloadit
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1. 2022-03-03 not yet calculated CVE-2022-0528
CONFIRM
MISC
tricentis — qtest
 
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. 2022-02-26 not yet calculated CVE-2022-26146
MISC
MISC
trusted_firmware — mA
 
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. 2022-03-01 not yet calculated CVE-2021-43619
CONFIRM
MISC
MISC
MISC
tsmuxer — tsmuxer
 
An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. 2022-03-02 not yet calculated CVE-2021-45860
MISC
MISC
tsmuxer — tsmuxer
 
There is an Assertion `num <= INT_BIT’ failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. 2022-03-02 not yet calculated CVE-2021-45861
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. 2022-03-02 not yet calculated CVE-2021-45863
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. 2022-03-02 not yet calculated CVE-2021-45864
MISC
MISC
twisted — twisted
 
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer’s SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. 2022-03-03 not yet calculated CVE-2022-21716
MISC
CONFIRM
MISC
MISC
uri.js — uri.js
 
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround. 2022-03-03 not yet calculated CVE-2022-24723
CONFIRM
MISC
MISC
MISC
use_any_font_custom_font_uploader — use_any_font_custom_font_uploader
 
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues 2022-02-28 not yet calculated CVE-2021-24977
MISC
veritas — infoscale_operations_manager
 
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. 2022-03-04 not yet calculated CVE-2022-26484
MISC
veritas — infoscale_operations_manager
 
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). 2022-03-04 not yet calculated CVE-2022-26483
MISC
victor — cms
 
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. 2022-03-04 not yet calculated CVE-2022-26201
MISC
MISC
viewcomponent — viewcomponent
 
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them. 2022-03-02 not yet calculated CVE-2022-24722
MISC
CONFIRM
MISC
MISC
vmware — spring_cloud_gateway In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. 2022-03-03 not yet calculated CVE-2022-22947
MISC
vmware — spring_cloud_gateway
 
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. 2022-03-04 not yet calculated CVE-2022-22946
MISC
vmware — tools_for_windows
 
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. 2022-03-03 not yet calculated CVE-2022-22943
MISC
vmware — workspace_one_boxer
 
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user’s window. 2022-03-02 not yet calculated CVE-2022-22944
MISC
wago — 750-8212_pfc200_g2_2eth_rs
 
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking. 2022-03-04 not yet calculated CVE-2021-46380
MISC
watchguard — firebox
 
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 2022-03-04 not yet calculated CVE-2022-26318
CONFIRM
weblate — weblate
 
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. 2022-03-04 not yet calculated CVE-2022-23915
CONFIRM
CONFIRM
CONFIRM
CONFIRM
weblate — weblate
 
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn’t properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. 2022-03-04 not yet calculated CVE-2022-24727
MISC
CONFIRM
MISC
webmin — webmin
 
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. 2022-03-02 not yet calculated CVE-2022-0829
CONFIRM
MISC
webmin — webmin
 
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. 2022-03-02 not yet calculated CVE-2022-0824
MISC
CONFIRM
whmc_bridge — whmc_bridge
 
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2021-25112
CONFIRM
MISC
wire — wire-avs wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds. 2022-03-01 not yet calculated CVE-2021-41193
CONFIRM
MISC
wordline — hidccemonitorsvc Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-03-03 not yet calculated CVE-2021-45819
MISC
wp_accessibility_helper — wp_accessibility_helper
 
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2022-0150
MISC
CONFIRM
wp_cloudy — wp_cloudy The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue 2022-02-28 not yet calculated CVE-2021-24864
MISC
CONFIRM
wp_paginate — wp_paginate The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-02-28 not yet calculated CVE-2021-4222
MISC
MISC
wp_responsive_menu — wp_responsive_menu
 
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin’s settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend 2022-02-28 not yet calculated CVE-2021-24971
MISC
wp_review_slider — wp_review_slider The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks 2022-02-28 not yet calculated CVE-2022-0383
CONFIRM
MISC
wp_rss_aggregator — wp_rss_aggregator
 
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2022-0189
CONFIRM
MISC
wp_user — wp_user
 
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2021-25034
MISC
wp_visitor_statistics — wp_visitor_statistics
 
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin 2022-02-28 not yet calculated CVE-2021-25042
MISC
wpscan — orange_form_wordpress_plugin
 
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) 2022-02-28 not yet calculated CVE-2021-24688
MISC
wpscan — orange_form_wordpress_plugin
 
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example 2022-02-28 not yet calculated CVE-2021-24704
MISC
ws_form — ws_form
 
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission 2022-02-28 not yet calculated CVE-2022-23988
MISC
ws_form — ws_form
 
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2022-23987
MISC
yoast_seo — yoast_seo
 
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. 2022-02-28 not yet calculated CVE-2021-25118
CONFIRM
MISC
zepl — notebooks Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. 2022-03-03 not yet calculated CVE-2021-42950
MISC
MISC
zoho — manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. 2022-03-02 not yet calculated CVE-2022-23779
MISC
zoho — manageengine_key_manager_plus
 
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. 2022-03-02 not yet calculated CVE-2022-24447
MISC
MISC
zoho — manageengine_key_manager_plus
 
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. 2022-03-01 not yet calculated CVE-2022-24446
MISC
MISC
zoho — manageengine_sharepoint_manager_plus
 
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. 2022-03-02 not yet calculated CVE-2022-24306
MISC
zoho — manageengine_sharepoint_manager_plus
 
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. 2022-03-02 not yet calculated CVE-2022-24305
MISC
zulip — zulip
 
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. 2022-02-26 not yet calculated CVE-2021-3967
CONFIRM
MISC
zulip — zulip_server Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix. 2022-03-02 not yet calculated CVE-2022-23656
CONFIRM
MISC
zyxel — zywall_2_plus_internet_security_appliance
 
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. 2022-03-01 not yet calculated CVE-2021-46387
MISC
MISC
MISC
MISC
zyxel_networks — zyxel
 
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. 2022-03-01 not yet calculated CVE-2021-4039
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of November 29, 2021

12/06/2021 07:57 AM EST

Original release date: December 6, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — rtu500_firmware Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions). 2021-11-26 7.1 CVE-2021-35533
CONFIRM
amd — amd_uprof The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. 2021-12-01 9 CVE-2021-26334
MISC
attendance_management_system_project — attendance_management_system attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. 2021-12-01 7.5 CVE-2021-44280
MISC
barracuda — network_access_client Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation. 2021-12-01 7.2 CVE-2021-42711
MISC
basercms — basercms BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 9 CVE-2021-41279
CONFIRM
MISC
basercms — basercms There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 9 CVE-2021-41243
CONFIRM
MISC
businessdnasolutions — topease Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges. 2021-11-30 7.5 CVE-2021-42544
CONFIRM
contest_gallery — contest_gallery The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address 2021-11-29 7.5 CVE-2021-24915
MISC
MISC
dell — emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. 2021-11-30 7.5 CVE-2021-36330
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33266
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33267
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33274
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33271
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33268
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. 2021-12-01 7.2 CVE-2021-33265
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33269
MISC
MISC
dlink — dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33270
MISC
MISC
douzone — neors The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. 2021-11-30 9.3 CVE-2020-7880
MISC
elecom — wrc-1167gst2_firmware Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors. 2021-12-01 8.3 CVE-2021-20864
MISC
MISC
elecom — wrc-1167gst2_firmware ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors. 2021-12-01 7.7 CVE-2021-20859
MISC
MISC
elecom — wrc-1167gst2_firmware OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. 2021-12-01 7.7 CVE-2021-20863
MISC
MISC
employee_record_management_system_project — employee_record_management_system SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. 2021-12-01 7.5 CVE-2021-43451
MISC
govicture — wr1200_firmware An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). 2021-11-30 7.2 CVE-2021-43284
MISC
MISC
govicture — wr1200_firmware An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges. 2021-11-30 9 CVE-2021-43283
MISC
MISC
hej — hejhome_gkw-ic052_firmware HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) 2021-11-26 7.5 CVE-2021-26611
MISC
html2csv_project — html2csv This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. 2021-11-26 7.5 CVE-2021-23654
CONFIRM
CONFIRM
jetbrains — teamcity In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. 2021-11-30 7.5 CVE-2021-43202
MISC
libretime — libretime_hv libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. 2021-12-01 7.5 CVE-2021-43685
MISC
mitsubishi — melsec_iq-r_r00_cpu_firmware Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions “24” and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions “57” and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions “29” and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. “23071” and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. “23071” and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. 2021-12-01 7.8 CVE-2021-20611
MISC
MISC
MISC
mitsubishi — melsec_iq-r_r00_cpu_firmware Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions “24” and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions “57” and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions “29” and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. “23071” and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. “23071” and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. 2021-12-01 7.8 CVE-2021-20610
MISC
MISC
MISC
mitsubishi — melsec_iq-r_r00_cpu_firmware Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions “24” and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions “57” and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions “29” and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. “23071” and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. “23071” and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. 2021-12-01 7.8 CVE-2021-20609
MISC
MISC
MISC
planetargon — oh_my_zsh # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: – `title` function in `lib/termsupport.zsh`. – Custom user code using the `title` function. 2021-11-30 7.5 CVE-2021-3726
MISC
planetargon — oh_my_zsh # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they’re an external API, it’s not possible to know if the quotes are safe to use. **Fixed in**: [72928432](github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: – `rand-quote` plugin (`quote` function). – `hitokoto` plugin (`hitokoto` function). 2021-11-30 7.5 CVE-2021-3727
MISC
planetargon — oh_my_zsh # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: – `pygmalion` theme. – `pygmalion-virtualenv` theme. – `refined` theme. 2021-11-30 10 CVE-2021-3769
MISC
qnap — qvr A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 7.5 CVE-2021-38685
CONFIRM
rosariosis — rosariosis An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. 2021-11-29 7.5 CVE-2021-44427
MISC
shopex — ecshop ecshop v2.7.3 is affected by a SQL injection vulnerability in shopexecshopuploadapiclientapi.php. 2021-12-02 7.5 CVE-2021-43679
MISC
sun — ehrd Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. 2021-12-01 9 CVE-2021-43360
CONFIRM
sun — ehrd Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. 2021-12-01 7.8 CVE-2021-43358
CONFIRM
sun — ehrd Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. 2021-12-01 9 CVE-2021-43359
CONFIRM
tianocore — edk2 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. 2021-12-01 7.5 CVE-2021-38575
MISC
tobesoft — nexacro An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code. 2021-11-30 7.5 CVE-2021-26612
MISC
tripexpress_project — tripexpress tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER[“argv”] then there is a path manipulation vulnerability. 2021-11-29 7.5 CVE-2021-43691
MISC
vestacp — vesta_control_panel vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. 2021-11-29 7.5 CVE-2021-43693
MISC
zohocorp — manageengine_network_configuration_manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. 2021-11-30 7.5 CVE-2021-43319
MISC
CONFIRM
zohocorp — manageengine_servicedesk_plus Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. 2021-11-29 7.5 CVE-2021-44077
MISC
MISC
MISC
MISC
zrlog — zrlog A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell 2021-11-28 7.5 CVE-2021-44093
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acronis — agent Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147 2021-11-29 5 CVE-2021-34800
MISC
acronis — cyber_protect DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 2021-11-29 4.4 CVE-2021-44198
MISC
acronis — cyber_protect Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 4.3 CVE-2021-44201
MISC
actions-semi — ats2819p_firmware The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets. 2021-11-30 6.1 CVE-2021-31787
MISC
MISC
MISC
afreecatv — afreecatv The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by “FanTicket” field. It is because of stored data without validation of length. 2021-11-26 6.5 CVE-2020-7881
MISC
aomedia — aomedia AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. 2021-12-02 4.3 CVE-2020-36130
MISC
aomedia — aomedia AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. 2021-12-02 4.3 CVE-2020-36135
MISC
aomedia — aomedia AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. 2021-12-02 6.8 CVE-2020-36129
MISC
aomedia — aomedia AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. 2021-12-02 6.8 CVE-2020-36131
MISC
aomedia — aomedia AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. 2021-12-02 6.8 CVE-2020-36133
MISC
aomedia — aomedia AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. 2021-12-02 4.3 CVE-2020-36134
MISC
backstage — backstage @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates. 2021-11-29 5.5 CVE-2021-43783
CONFIRM
MISC
bandisoft — ark_library ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. 2021-11-26 6.8 CVE-2021-26615
MISC
bannersky — bsk_pdf_manager The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue 2021-11-29 6.5 CVE-2021-24860
MISC
bluez — bluez A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn’t any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. 2021-11-29 5.8 CVE-2019-8922
MISC
CONFIRM
bookstackapp — bookstack bookstack is vulnerable to Improper Access Control 2021-11-30 4 CVE-2021-4026
CONFIRM
MISC
bookstackapp — bookstack bookstack is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-02 4 CVE-2021-3944
MISC
CONFIRM
browser_and_operating_system_finder_project — browser_and_operating_system_finder Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors. 2021-12-01 6.8 CVE-2021-20851
MISC
MISC
bulk_datetime_change_project — bulk_datetime_change The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users’ posts. 2021-11-29 5.5 CVE-2021-24842
MISC
CONFIRM
businessdnasolutions — topease Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means. 2021-11-30 4 CVE-2021-42116
CONFIRM
businessdnasolutions — topease Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. 2021-11-30 6.4 CVE-2021-42115
CONFIRM
businessdnasolutions — topease Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. 2021-11-30 6.5 CVE-2021-42123
CONFIRM
businessdnasolutions — topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present. 2021-11-30 4 CVE-2021-42121
CONFIRM
businessdnasolutions — topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution. 2021-11-30 4 CVE-2021-42117
CONFIRM
businessdnasolutions — topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion of the underlying resource. 2021-11-30 4 CVE-2021-42120
CONFIRM
businessdnasolutions — topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable. 2021-11-30 4 CVE-2021-42122
CONFIRM
bytecodealliance — lucet Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading. 2021-11-30 6.8 CVE-2021-43790
CONFIRM
MISC
MISC
cbads — clickbank_affiliate_ads The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues 2021-12-02 6.8 CVE-2015-20105
MISC
MISC
MISC
chamilo — chamilo chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. 2021-12-01 4.3 CVE-2021-43687
MISC
MISC
MISC
cloverdx — cloverdx CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. 2021-12-01 6.8 CVE-2021-42776
CONFIRM
MISC
codesys — git Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack. 2021-12-01 5.8 CVE-2021-34599
CONFIRM
concretecms — concrete_cms An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user’s password to be changed without a prompt for the current password. 2021-11-30 6.5 CVE-2021-40101
CONFIRM
MISC
contact_form_with_captcha_project — contact_form_with_captcha The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. 2021-11-29 6.8 CVE-2021-42358
MISC
MISC
craftercms — crafter_cms Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). 2021-12-02 5 CVE-2021-23263
MISC
craftercms — crafter_cms Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. 2021-12-02 6.4 CVE-2021-23264
MISC
craftercms — crafter_cms Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. 2021-12-02 6.5 CVE-2021-23262
MISC
craftercms — crafter_cms Authenticated administrators may override the system configuration file and cause a denial of service. 2021-12-02 4 CVE-2021-23261
MISC
craftercms — crafter_cms Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE). 2021-12-02 6.5 CVE-2021-23259
MISC
craftercms — crafter_cms Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE). 2021-12-02 6.5 CVE-2021-23258
MISC
cryptshare — cryptshare_server An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the ‘<meta http-equiv=”refresh”‘ substring in the editor parameter. 2021-11-30 4.9 CVE-2021-42564
MISC
dell — emc_streaming_data_platform Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. 2021-11-30 4.3 CVE-2021-36326
MISC
dell — emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. 2021-11-30 4 CVE-2021-36329
MISC
dell — emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker’s choice. 2021-11-30 5 CVE-2021-36327
MISC
dell — emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. 2021-11-30 6.5 CVE-2021-36328
MISC
discourse — discourse Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. 2021-12-01 5 CVE-2021-43794
CONFIRM
MISC
discourse — discourse Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse 2021-12-01 4 CVE-2021-43793
CONFIRM
MISC
MISC
django-helpdesk_project — django-helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-01 6.8 CVE-2021-3994
MISC
CONFIRM
dzzoffice — dzzoffice dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)). 2021-12-03 4.3 CVE-2021-43673
MISC
eclipse — mosquitto In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. 2021-12-01 5 CVE-2021-41039
CONFIRM
elecom — wrc-1167gst2_firmware Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. 2021-12-01 5.8 CVE-2021-20861
MISC
MISC
elecom — wrc-1167gst2_firmware Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. 2021-12-01 6.8 CVE-2021-20860
MISC
MISC
elecom — wrh-733gbk_firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. 2021-12-01 5.2 CVE-2021-20854
MISC
MISC
elecom — wrh-733gbk_firmware Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. 2021-12-01 5.2 CVE-2021-20852
MISC
MISC
elecom — wrh-733gbk_firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. 2021-12-01 5.2 CVE-2021-20853
MISC
MISC
elgg — elgg elgg is vulnerable to Authorization Bypass Through User-Controlled Key 2021-12-01 4.3 CVE-2021-3964
MISC
CONFIRM
emoji_button_project — emoji_button @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. 2021-11-26 4.3 CVE-2021-43785
CONFIRM
MISC
MISC
f-secure — atlant A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2021-11-26 4.3 CVE-2021-40833
MISC
MISC
firefly-iii — firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-01 4.3 CVE-2021-4015
MISC
CONFIRM
fortinet — forticlient An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path. 2021-12-01 6.9 CVE-2021-32592
CONFIRM
gnu — mailman In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. 2021-12-02 6.8 CVE-2021-44227
MISC
haschek — pictshare pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST[‘hash’]. 2021-12-02 4.3 CVE-2021-43683
MISC
hashicorp — vault HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. 2021-11-30 6.4 CVE-2021-43998
MISC
huawei — ecns280_td_firmware Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. 2021-11-29 6.8 CVE-2021-39995
MISC
ibm — mq_appliance IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. 2021-11-30 4.6 CVE-2021-38967
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. 2021-12-01 4.3 CVE-2021-29849
CONFIRM
XF
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. 2021-12-01 4.3 CVE-2021-29779
CONFIRM
XF
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074. 2021-12-01 5 CVE-2021-20400
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. 2021-12-01 4 CVE-2021-29863
XF
CONFIRM
iptime — c200_firmware This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(‘[COOKIE]’) . The value is transferred to the –header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. 2021-11-30 6.8 CVE-2020-7879
MISC
ipuptime — pinkie Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1. 2021-11-29 5 CVE-2021-44428
MISC
issabel — pbx issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43695
MISC
jamf — jamf An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. 2021-12-01 6.5 CVE-2021-40809
MISC
CONFIRM
MISC
kazencoders — url_shortify The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. 2021-11-29 4.3 CVE-2021-24749
MISC
keepalived — keepalived In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property 2021-11-26 5.5 CVE-2021-44225
MISC
MISC
kimai — kimai2 kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-01 6 CVE-2021-3985
MISC
CONFIRM
kimai2_project — kimai2 kimai2 is vulnerable to Improper Access Control 2021-12-01 4 CVE-2021-3992
CONFIRM
MISC
kimai2_project — kimai2 kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-01 4.3 CVE-2021-3983
MISC
CONFIRM
librenms — librenms Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. 2021-12-01 4.3 CVE-2021-44279
MISC
librenms — librenms Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. 2021-12-01 4.3 CVE-2021-44277
MISC
linuxfoundation — auth_backend Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user’s browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. 2021-11-26 4.3 CVE-2021-43776
CONFIRM
MISC
mahadiscom — mahavitaran Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history. 2021-12-02 4.3 CVE-2020-27414
MISC
manage_project — manage manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. 2021-12-01 4.3 CVE-2021-43689
MISC
mandsconsulting — email_before_download The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues 2021-11-29 6.5 CVE-2021-24748
MISC
mycred — mycred The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting 2021-11-29 4.3 CVE-2017-20008
MISC
CONFIRM
mycred — mycred The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user 2021-11-29 6.5 CVE-2021-24755
MISC
nextcloud — news nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible. 2021-11-30 5.8 CVE-2021-41256
MISC
MISC
CONFIRM
ninjaforms — ninja_forms The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks 2021-11-29 6.5 CVE-2021-24889
MISC
nodebb — nodebb Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 2021-11-29 4.3 CVE-2021-43787
MISC
MISC
CONFIRM
nodebb — nodebb Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 2021-11-29 4 CVE-2021-43788
MISC
CONFIRM
MISC
nodebb — nodebb Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. 2021-11-29 5 CVE-2021-43786
CONFIRM
MISC
MISC
nttdocomo — wi-fi_station_sh-52a_firmware Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. 2021-12-01 4.3 CVE-2021-20847
MISC
MISC
nzedb_project — nzedb nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET[‘t’]. 2021-12-02 4.3 CVE-2021-43686
MISC
omnipod — insulin_management_system_firmware Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. 2021-12-01 4.8 CVE-2020-10627
MISC
MISC
os4ed — opensis A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. 2021-11-30 6.8 CVE-2021-41678
MISC
os4ed — opensis A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. 2021-11-30 6.8 CVE-2021-41677
MISC
os4ed — opensis A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. 2021-11-30 6.8 CVE-2021-41679
MISC
php — php In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. 2021-11-29 5 CVE-2021-21707
MISC
phpwhois_project — phpwhois phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET[‘query’] then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43698
MISC
planetargon — oh_my_zsh Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: – Functions pop_past and pop_future in dirhistory plugin. 2021-11-30 6.8 CVE-2021-3725
MISC
portswigger — burp_suite PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files. 2021-11-30 4 CVE-2021-44230
MISC
qnap — qvr An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 6.8 CVE-2021-38686
CONFIRM
roundupwp — registrations_for_the_events_calendar The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2021-11-29 4.3 CVE-2021-24876
MISC
s3scanner_project — s3scanner S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element. 2021-11-29 5 CVE-2021-32061
MISC
MISC
MISC
showdoc — showdoc showdoc is vulnerable to URL Redirection to Untrusted Site 2021-12-01 5.8 CVE-2021-3989
MISC
CONFIRM
showdoc — showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-01 4.3 CVE-2021-3993
CONFIRM
MISC
showdoc — showdoc showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2021-12-01 4.3 CVE-2021-3990
MISC
CONFIRM
showdoc — showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-01 6.8 CVE-2021-4017
CONFIRM
MISC
sophos — unified_threat_management_up2date An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. 2021-11-26 6.5 CVE-2021-36807
CONFIRM
stetic — stetic The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. 2021-11-29 6.8 CVE-2021-42364
MISC
MISC
taogogo — taocms Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. 2021-12-02 6.5 CVE-2021-25783
MISC
taogogo — taocms Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. 2021-12-02 6.5 CVE-2021-25784
MISC
thinkphp-bjyblog_project — thinkphp-bjyblog thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER[‘HTTP_HOST’]. 2021-12-02 4.3 CVE-2021-43682
MISC
trendmicro — antivirus Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-11-30 4.6 CVE-2021-43771
MISC
MISC
twmap_project — twmap twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43696
MISC
udisks_project — udisks A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. 2021-11-29 6.3 CVE-2021-3802
MISC
MISC
vercot — serva Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145. 2021-11-29 5 CVE-2021-44429
MISC
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2021-12-01 6.8 CVE-2021-4019
MISC
CONFIRM
FEDORA
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2021-12-01 6.8 CVE-2021-3984
MISC
CONFIRM
vmware — spring_advanced_message_queuing_protocol In Spring AMQP versions 2.2.0 – 2.2.19 and 2.3.0 – 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message 2021-11-30 4 CVE-2021-22095
MISC
wipro — holmes Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI. 2021-11-29 5 CVE-2021-38283
MISC
MISC
wipro — holmes Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel. 2021-11-29 5 CVE-2021-38147
MISC
MISC
workerman-thinkphp-redis_project — workerman-thinkphp-redis Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C(‘VAR_JSONP_HANDLER’)] then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43697
MISC
wp-events-plugin — events_manager The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues 2021-12-01 4.3 CVE-2020-35037
CONFIRM
MISC
wp-events-plugin — events_manager The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection 2021-12-01 6.5 CVE-2020-35012
CONFIRM
MISC
youtubephpmirroring_project — youtube-php-mirroring youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. 2021-11-29 4.3 CVE-2021-43692
MISC
yurunproxy_project — yurunproxy YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. 2021-12-01 4.3 CVE-2021-43690
MISC
zblogcn — z-blogphp Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via app_del.php. 2021-12-02 6.4 CVE-2020-29177
MISC
zerodream — sakurapanel SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data[‘proxy_name’]. 2021-12-02 4.3 CVE-2021-43681
MISC
zohocorp — manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. 2021-11-30 5 CVE-2021-43296
MISC
CONFIRM
zohocorp — manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. 2021-11-30 4.3 CVE-2021-43294
MISC
CONFIRM
zohocorp — manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. 2021-11-30 4.3 CVE-2021-43295
MISC
MISC
zrlog — zrlog ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file 2021-11-28 6.8 CVE-2021-44094
MISC
zulip — zulip Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ – meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible. 2021-12-02 5 CVE-2021-43791
CONFIRM
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acronis — agent DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 2021-11-29 1.9 CVE-2021-44199
MISC
acronis — cyber_protect Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 3.5 CVE-2021-44203
MISC
acronis — cyber_protect Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 3.5 CVE-2021-44202
MISC
acronis — cyber_protect Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 3.5 CVE-2021-44200
MISC
asgaros — asgaros_forum The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 2021-11-29 2.1 CVE-2021-42365
MISC
MISC
bluez — bluez An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. 2021-11-29 3.3 CVE-2019-8921
MISC
CONFIRM
businessdnasolutions — topease Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover. 2021-11-30 3.5 CVE-2021-42118
CONFIRM
businessdnasolutions — topease Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover. 2021-11-30 3.5 CVE-2021-42119
CONFIRM
cbads — clickbank_affiliate_ads The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. 2021-12-02 3.5 CVE-2015-20106
MISC
craftercms — crafter_cms Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. 2021-12-02 3.5 CVE-2021-23260
MISC
discourse — discourse Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the “Tags are visible only to the following groups” feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible. 2021-12-01 3.5 CVE-2021-43792
MISC
CONFIRM
MISC
elecom — wrc-1167gst2_firmware Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product’s settings via unspecified vectors. 2021-12-01 3.3 CVE-2021-20862
MISC
MISC
elecom — wrc-2533ghbk-i_firmware Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20857
MISC
MISC
elecom — wrc-2533ghbk-i_firmware Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20858
MISC
MISC
elecom — wrh-733gbk_firmware Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20855
MISC
MISC
elecom — wrh-733gbk_firmware Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20856
MISC
MISC
essentialplugin — popup_anything The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2021-11-29 3.5 CVE-2021-24883
MISC
CONFIRM
MISC
generateblocks — generateblocks The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block’s tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. 2021-11-29 3.5 CVE-2021-24751
MISC
getawesomesupport — awesome_support Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). 2021-11-26 3.5 CVE-2021-36919
MISC
CONFIRM
govicture — wr1200_firmware An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router’s MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key. 2021-11-30 3.3 CVE-2021-43282
MISC
MISC
hexo — hexo Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code. 2021-11-30 1.9 CVE-2021-25987
MISC
MISC
ibm — mq_appliance IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215. 2021-11-30 2.1 CVE-2021-39000
CONFIRM
XF
ibm — mq_appliance IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042 2021-11-30 2.1 CVE-2021-38958
CONFIRM
XF
ibm — mq_appliance IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. 2021-11-30 2.1 CVE-2021-38999
XF
CONFIRM
media-tags_project — media-tags The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed. 2021-11-29 3.5 CVE-2021-24899
MISC
meetecho — janus janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-27 3.5 CVE-2021-4020
CONFIRM
MISC
my_calendar_project — my_calendar The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue 2021-11-29 3.5 CVE-2021-24927
MISC
nxp — kinetis_k82_firmware NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. 2021-12-01 2.1 CVE-2021-44479
MISC
MISC
okfn — ckan In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture 2021-12-01 3.5 CVE-2021-25967
MISC
shoppagewp — shop_page_wp The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-11-29 3.5 CVE-2021-24811
MISC
smashballoon — smash_balloon_social_post_feed The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin’s setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages. 2021-11-29 3.5 CVE-2021-24918
MISC
MISC
snipeitapp — snipe-it snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-01 3.5 CVE-2021-4018
CONFIRM
MISC
sophos — exploit_prevention A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. 2021-11-26 2.1 CVE-2021-25269
CONFIRM
stylishcostcalculator — stylish_cost_calculator The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters 2021-11-29 3.5 CVE-2021-24822
MISC
taogogo — taocms Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. 2021-12-02 3.5 CVE-2021-25785
MISC
wpchill — check_ amp;_log_email The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2021-11-29 2.6 CVE-2021-24908
MISC
wpkube — about_author_box The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. 2021-11-29 3.5 CVE-2021-24745
MISC
wprssaggregator — wp_rss_aggregator The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues. 2021-11-29 3.5 CVE-2021-24768
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
armeria — armeria
 
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server’s local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria’s path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path. 2021-12-02 not yet calculated CVE-2021-43795
MISC
MISC
CONFIRM
broadcom — network_flow_analysis
 
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. 2021-12-02 not yet calculated CVE-2021-44050
MISC
FULLDISC
chamilo — lms

 

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. 2021-12-03 not yet calculated CVE-2021-35414
MISC
MISC
MISC
MISC
MISC
MISC
MISC
chamilo — lms
 
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. 2021-12-03 not yet calculated CVE-2021-35413
MISC
MISC
MISC
MISC
chamilo — lms
 
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course “Title” and “Content” fields. 2021-12-03 not yet calculated CVE-2021-35415
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
circutor — compact_dc-s_basic
 
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. 2021-12-02 not yet calculated CVE-2021-26777
MISC
egee_touch — 3rd_generation_travel_padlock
 
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock’s power button, and must be able to capture BLE network communication. 2021-12-02 not yet calculated CVE-2021-44518
MISC
elgg — elgg
 
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 2021-12-03 not yet calculated CVE-2021-3980
MISC
CONFIRM
firefly-iii — firefly-iii
 
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-04 not yet calculated CVE-2021-4005
CONFIRM
MISC
gmbh — topease_platform
 
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. 2021-11-30 not yet calculated CVE-2021-42545
CONFIRM
hashicorp — nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. 2021-12-03 not yet calculated CVE-2021-43415
MISC
MISC
hitachi — energy_fox61x
 
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. 2021-12-02 not yet calculated CVE-2021-40333
CONFIRM
CONFIRM
hitachi — energy_fox61x
 
Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. 2021-12-02 not yet calculated CVE-2021-40334
CONFIRM
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. 2021-12-03 not yet calculated CVE-2021-29756
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087. 2021-12-03 not yet calculated CVE-2021-29716
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. 2021-12-03 not yet calculated CVE-2021-20470
XF
CONFIRM
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. 2021-12-03 not yet calculated CVE-2021-29867
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. 2021-12-03 not yet calculated CVE-2021-38909
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 2021-12-03 not yet calculated CVE-2021-29719
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. 2021-12-03 not yet calculated CVE-2021-20493
XF
CONFIRM
kentico — xperience
 
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. 2021-12-03 not yet calculated CVE-2021-43991
MISC
libredwg — libredwg
 
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. 2021-12-02 not yet calculated CVE-2021-28236
MISC
libredwg — libredwg
 
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. 2021-12-02 not yet calculated CVE-2021-28237
MISC
librenms — librenms
 
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. 2021-12-03 not yet calculated CVE-2021-44278
MISC
matyhft — matyhtf
 
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. 2021-12-03 not yet calculated CVE-2021-43676
MISC
nxp — lpc55s69_devices
 
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. 2021-12-01 not yet calculated CVE-2021-40154
MISC
MISC
phpgrunkul — hostel_management_system
 
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. 2021-12-01 not yet calculated CVE-2021-43137
MISC
plupload — plupload
 
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. 2021-12-03 not yet calculated CVE-2021-23562
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
plupload — plupload
 
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. 2021-12-03 not yet calculated CVE-2021-23758
CONFIRM
CONFIRM
renesas — rx65_and_rx65n_devices An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted. 2021-12-02 not yet calculated CVE-2021-43327
MISC
showdoc — showdoc
 
showdoc is vulnerable to URL Redirection to Untrusted Site 2021-12-03 not yet calculated CVE-2021-4000
CONFIRM
MISC
tenda — ac15_devices
 
A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. 2021-12-03 not yet calculated CVE-2021-44352
MISC
thinkup — thinkup
 
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. 2021-12-03 not yet calculated CVE-2021-43674
MISC
trend_micro — apex_one
 
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-12-03 not yet calculated CVE-2021-44022
MISC
trend_micro — security_2021
 
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. 2021-12-03 not yet calculated CVE-2021-43772
MISC
trend_micro — worry-free_business_security An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. 2021-12-03 not yet calculated CVE-2021-44021
MISC
MISC
trend_micro — worry-free_business_security
 
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. 2021-12-03 not yet calculated CVE-2021-44019
MISC
MISC
trend_micro — worry-free_business_security
 
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. 2021-12-03 not yet calculated CVE-2021-44020
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. 2021-12-03 not yet calculated CVE-2021-35346
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. 2021-12-03 not yet calculated CVE-2021-35344
MISC
MISC
tuzicms — tuzicms
 
SQL Injection vulnerability exists in TuziCMS v2.0.6 in AppManageControllerGuestbookController.class.php. 2021-12-03 not yet calculated CVE-2021-44347
MISC
tuzicms — tuzicms
 
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in AppManageControllerAdvertController.class.php. 2021-12-03 not yet calculated CVE-2021-44348
MISC
tuzicms — tuzicms
 
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in AppManageControllerDownloadController.class.php. 2021-12-03 not yet calculated CVE-2021-44349
MISC
wokka_lokka — q50_devices
 
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device’s surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. 2021-12-01 not yet calculated CVE-2021-44480
MISC
z-blogphp — z-blogphp
 
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. 2021-12-02 not yet calculated CVE-2020-29176
MISC
zoho — manageengine_m365_manager_plus
 
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. 2021-11-30 not yet calculated CVE-2021-42099
CONFIRM
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.