Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE26134

06/03/2022 01:42 PM EDT

Original release date: June 3, 2022

Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of tmhis vulnerability..

CISA strongly urges organizations to review Confluence Security Advisory 2022-06-02 and upgrade Confluence Server and Confluence Data Center.

Note: per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products AND either apply the software update to all affected instances OR remove the affected products by 5 pm ET on Monday, June 6, 2022.

This product is provided subject to this Notification and this Privacy & Use policy.

Atlassian Releases Security Updates for Confluence Server and Data Center, CVE26134

06/02/2022 07:00 PM EDT

Original release date: June 2, 2022

Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.

There are currently no updates available. Atlassian is working to issue an update. CISA strongly recommends that organizations review Confluence Security Advisory 2022-06-02 for more information. CISA urges organizations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of May 16, 2022

05/24/2022 06:37 AM EDT

Original release date: May 24, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
htc — one/sense
 
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used. 2022-05-17 not yet calculated CVE-2013-10001
MISC
MISC
ruby — ruby
 
The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction. 2022-05-18 not yet calculated CVE-2019-25061
MISC
MISC
MISC
MISC
mitsubishi — electric_factory_automation_engineering_software_products
 
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed. 2022-05-19 not yet calculated CVE-2020-14496
MISC
fieldcomm_group — hart-ip
 
A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device. 2022-05-19 not yet calculated CVE-2020-16209
MISC
bachmann_eletronic — m-base_controllers
 
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks. 2022-05-19 not yet calculated CVE-2020-16231
MISC
emerson — openenterprise
 
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. 2022-05-19 not yet calculated CVE-2020-16235
MISC
hcl_software — domino
 
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. 2022-05-19 not yet calculated CVE-2020-4107
MISC
ibm — security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. 2022-05-17 not yet calculated CVE-2020-4957
XF
CONFIRM
ibm — security_identity_governance_and_intelligence
 
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429. 2022-05-19 not yet calculated CVE-2020-4970
XF
CONFIRM
ibm — datapower_gateway
 
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906. 2022-05-17 not yet calculated CVE-2020-4994
CONFIRM
XF
craftercms– craftercms
 
A logged-in and authenticated user with a Reviewer Role may lock a content item. 2022-05-16 not yet calculated CVE-2021-23265
CONFIRM
craftercms– craftercms
 
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. 2022-05-16 not yet calculated CVE-2021-23266
CONFIRM
craftercms — crafter_studio
 
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. 2022-05-16 not yet calculated CVE-2021-23267
CONFIRM
wordpress — agil_wordpress_plugin
 
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE 2022-05-16 not yet calculated CVE-2021-25119
MISC
handysoft  — handy_groupware
 
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function. 2022-05-19 not yet calculated CVE-2021-26630
MISC
hometory — mangboard_commerce_package Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order. 2022-05-19 not yet calculated CVE-2021-26631
MISC
weintek — cmt The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. 2022-05-16 not yet calculated CVE-2021-27442
MISC
CONFIRM
weintek — cmt
 
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator. 2022-05-16 not yet calculated CVE-2021-27444
MISC
CONFIRM
weintek — cmt
 
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. 2022-05-16 not yet calculated CVE-2021-27446
MISC
CONFIRM
xpdfreader — xpdf
 
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. 2022-05-18 not yet calculated CVE-2021-27548
MISC
ibm — multiple_products
 
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104. 2022-05-17 not yet calculated CVE-2021-29726
CONFIRM
XF
CONFIRM
amazon — sooteway_wi-fi_range_extender
 
SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely. 2022-05-20 not yet calculated CVE-2021-30028
MISC
MISC
throughtek — p2p_sdk
 
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds. 2022-05-19 not yet calculated CVE-2021-32934
MISC
xarrow — xarrow_scada
 
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. 2022-05-16 not yet calculated CVE-2021-33001
CONFIRM
xarrow — xarrow_scada
 
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. 2022-05-16 not yet calculated CVE-2021-33021
CONFIRM
xarrow — xarrow_scada
 
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. 2022-05-16 not yet calculated CVE-2021-33025
CONFIRM
ipmatcher — ipmatcher
 
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets. 2022-05-16 not yet calculated CVE-2021-33318
MISC
MISC
MISC
MISC
thecus — 4800eco
 
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. 2022-05-20 not yet calculated CVE-2021-34111
MISC
solarwinds — serv-u
 
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. 2022-05-17 not yet calculated CVE-2021-35249
MISC
MISC
wordpress — mc4wp_plugin Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode’s MC4WP plugin <= 4.8.6 at WordPress. 2022-05-20 not yet calculated CVE-2021-36833
CONFIRM
CONFIRM
grandcom — dynweb
 
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. 2022-05-19 not yet calculated CVE-2021-37413
MISC
MISC
ibm — datapower_gateway
 
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. 2022-05-17 not yet calculated CVE-2021-38872
CONFIRM
XF
ibm — datapower_gateway
 
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236. 2022-05-18 not yet calculated CVE-2021-38944
CONFIRM
XF
ibm — jazz_team_server
 
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032. 2022-05-20 not yet calculated CVE-2021-39043
XF
CONFIRM
lenovo — lenovo_system_interface_foundation
 
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process’ named pipe. 2022-05-18 not yet calculated CVE-2021-3922
CONFIRM
lenovo — xclarity_controller_firmware
 
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected. 2022-05-18 not yet calculated CVE-2021-3956
CONFIRM
lenovo — lenovo_system_interface_foundation A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges. 2022-05-18 not yet calculated CVE-2021-3969
CONFIRM
shopxo — cms
 
An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. 2022-05-19 not yet calculated CVE-2021-41938
MISC
fiberhome — vdsl2_modem_hg150-ub In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control –> Access Time Restriction –> Username field, a user cannot delete the rule due to the XSS. 2022-05-18 not yet calculated CVE-2021-41946
MISC
MISC
churchcrm — churchcrm
 
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. 2022-05-15 not yet calculated CVE-2021-41965
MISC
MISC
cmseasy — cmseasy cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability. 2022-05-17 not yet calculated CVE-2021-42643
MISC
cmseasy — cmseasy
 
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. 2022-05-17 not yet calculated CVE-2021-42644
MISC
inkscape — inkscape
 
Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. 2022-05-18 not yet calculated CVE-2021-42700
CONFIRM
inkscape — inkscape
 
Inkscape version 0.19 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. 2022-05-18 not yet calculated CVE-2021-42702
CONFIRM
inkscape — inkscape
 
Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code. 2022-05-18 not yet calculated CVE-2021-42704
CONFIRM
lenovo — personal_cloud_storage
 
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. 2022-05-18 not yet calculated CVE-2021-42848
CONFIRM
lenovo — personal_cloud_storage
 
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. 2022-05-18 not yet calculated CVE-2021-42849
CONFIRM
lenovo — personal_cloud_storage
 
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. 2022-05-18 not yet calculated CVE-2021-42850
CONFIRM
lenovo — personal_cloud_storage
 
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. 2022-05-18 not yet calculated CVE-2021-42851
CONFIRM
lenovo — personal_cloud_storage
 
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. 2022-05-18 not yet calculated CVE-2021-42852
CONFIRM
linux — accel-ppp
 
ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request. 2022-05-16 not yet calculated CVE-2021-42870
MISC
feminer — wms
 
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. 2022-05-16 not yet calculated CVE-2021-42897
MISC
ipplan — ipplan
 
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter. 2022-05-17 not yet calculated CVE-2021-42943
MISC
pix-link — mini_router_28k.minirouter.20190211
 
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. 2022-05-20 not yet calculated CVE-2021-43728
MISC
MISC
pix-link — mini_router_28k.minirouter.20190211
 
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. 2022-05-20 not yet calculated CVE-2021-43729
MISC
MISC
jfrog — artifactory
 
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. 2022-05-19 not yet calculated CVE-2021-45730
CONFIRM
fidelis_cybersecurity — network_and-deception
 
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-0486
CONFIRM
jfrog — artifactory
 
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. 2022-05-16 not yet calculated CVE-2022-0573
MISC
MISC
publify — publify
 
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. 2022-05-16 not yet calculated CVE-2022-0574
MISC
CONFIRM
publify — publify
 
Code Injection in GitHub repository publify/publify prior to 9.2.8. 2022-05-16 not yet calculated CVE-2022-0578
CONFIRM
MISC
wordpress — pricing_table_wordpress_plugin
 
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users 2022-05-16 not yet calculated CVE-2022-0867
MISC
wordpress — gmedia_photo_gallery_wordpress_plugin The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album’s name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed 2022-05-16 not yet calculated CVE-2022-0873
MISC
snow_software — slm
 
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. 2022-05-18 not yet calculated CVE-2022-0883
MISC
fidelis_cybersecurity — network_and-deception
 
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-0997
CONFIRM
wordpress — wpqa_builder_plugin_wordpress_plugin
 
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks. 2022-05-16 not yet calculated CVE-2022-1051
MISC
wordpress — th23_social_wordpress_plugin
 
The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-16 not yet calculated CVE-2022-1062
MISC
wordpress — bulk_edit_and_create_use_profiles_wordpress_plugin
 
The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-16 not yet calculated CVE-2022-1089
MISC
wordpress — advanced_uploader-wordpress_plugin
 
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE 2022-05-16 not yet calculated CVE-2022-1103
MISC
lenovo — smart_standby_driver A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. 2022-05-18 not yet calculated CVE-2022-1110
CONFIRM
linux — linux_kernel
 
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. 2022-05-17 not yet calculated CVE-2022-1116
MISC
MISC
rockwell_automation– multiple_products
 
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited 2022-05-17 not yet calculated CVE-2022-1118
MISC
wordpress — visual_slide_box_builder_wordpress_plugin
 
The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections 2022-05-16 not yet calculated CVE-2022-1182
MISC
bind — bind
 
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. 2022-05-19 not yet calculated CVE-2022-1183
CONFIRM
wordpress — advanced_image_sitemap_wordpress_plugin
 
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. 2022-05-16 not yet calculated CVE-2022-1216
MISC
wordpress — custom_tinymce_shortcode_button_wordpress_plugin
 
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. 2022-05-16 not yet calculated CVE-2022-1217
MISC
wordpress — bulletproof_security_wordpress_plugin
 
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-16 not yet calculated CVE-2022-1265
MISC
wordpress — bmi_bmr_calculator_wordpress_plugin
 
The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting 2022-05-16 not yet calculated CVE-2022-1267
MISC
wordpress — wp_youtube_live_wordpress_plugin
 
The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-16 not yet calculated CVE-2022-1334
MISC
wordpress — wpqa_builder_plugin_wordpress_plugin The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. 2022-05-16 not yet calculated CVE-2022-1349
MISC
cambium_networks — cnmaestro
 
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. 2022-05-17 not yet calculated CVE-2022-1356
CONFIRM
cambium_networks — on-premise_cnmaestro
 
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. 2022-05-17 not yet calculated CVE-2022-1357
CONFIRM
cambium_networks — on-premise_cnmaestro
 
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. 2022-05-17 not yet calculated CVE-2022-1358
CONFIRM
cambium_networks — on-premise_cnmaestro
 
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. 2022-05-17 not yet calculated CVE-2022-1359
CONFIRM
cambium_networks — on-premise_cnmaestro
 
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. 2022-05-17 not yet calculated CVE-2022-1360
CONFIRM
cambium_networks — on-premise_cnmaestro
 
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. 2022-05-17 not yet calculated CVE-2022-1361
CONFIRM
cambium_networks — on-premise_cnmaestro
 
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. 2022-05-17 not yet calculated CVE-2022-1362
CONFIRM
plantuml — plantuml
 
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. 2022-05-14 not yet calculated CVE-2022-1379
MISC
CONFIRM
wordpress — fusion_builder_wordpress_plugin
 
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application’s response. This could be used to interact with hosts on the server’s local network bypassing firewalls and access control measures. 2022-05-16 not yet calculated CVE-2022-1386
MISC
MISC
MISC
wordpress — wp_subtitle_wordpress_plugin
 
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: “wps_subtitle”, which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button (via AJAX) – and this makes the XSS exploitable by authenticated users with a role as low as contributor. 2022-05-16 not yet calculated CVE-2022-1393
MISC
wordpress — external_media_wordpress_plugin
 
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks 2022-05-16 not yet calculated CVE-2022-1398
MISC
wordpress — vikbooking_hotel_booking_engine_&_pms_wordpress_plugin
 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack 2022-05-16 not yet calculated CVE-2022-1407
MISC
wordpress — vikbooking_hotel_booking_engine_&_pms_wordpress_plugin
 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-16 not yet calculated CVE-2022-1408
MISC
wordpress — vikbooking_hotel_booking_engine_&_pms_wordpress_plugin
 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code 2022-05-16 not yet calculated CVE-2022-1409
MISC
gitlab — gitlab
 
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface 2022-05-19 not yet calculated CVE-2022-1413
CONFIRM
MISC
gitlab — gitlab
 
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling 2022-05-19 not yet calculated CVE-2022-1416
MISC
MISC
CONFIRM
wordpress — social_stickers_wordpress_plugin The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues. 2022-05-16 not yet calculated CVE-2022-1418
MISC
gitlab — gitlab
 
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches 2022-05-19 not yet calculated CVE-2022-1423
CONFIRM
MISC
MISC
wordpress — wpqa_builder_plugin_wordpress_plugin
 
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability. 2022-05-16 not yet calculated CVE-2022-1425
MISC
octoprint — octoprint
 
Cross-site Scripting (XSS) – DOM in GitHub repository octoprint/octoprint prior to 1.8.0. 2022-05-18 not yet calculated CVE-2022-1430
MISC
CONFIRM
octoprint — octoprint
 
Cross-site Scripting (XSS) – Generic in GitHub repository octoprint/octoprint prior to 1.8.0. 2022-05-18 not yet calculated CVE-2022-1432
CONFIRM
MISC
wordpress — wpcargo_track_&_trace_wordpress_plugin
 
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 2022-05-16 not yet calculated CVE-2022-1435
MISC
wordpress — wpcargo_track_&_trace_wordpress_plugin
 
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks. 2022-05-16 not yet calculated CVE-2022-1436
MISC
wordpress — call_now_button_wordpress_plugin
 
The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled 2022-05-16 not yet calculated CVE-2022-1455
MISC
wordpress — wpc_smart_wishlist_for_woocommerce_wordpress_plugin
 
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue. 2022-05-16 not yet calculated CVE-2022-1465
MISC
wordpress — scrollreveal.js_effects_wordpress_plugin
 
The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-16 not yet calculated CVE-2022-1512
MISC
MISC
publify — publify
 
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. 2022-05-16 not yet calculated CVE-2022-1553
CONFIRM
MISC
wordpress — uleak_security_&_monitoring_wordpress_plugin
 
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings 2022-05-16 not yet calculated CVE-2022-1557
MISC
MISC
wordpress — clipr_wordpress_plugin
 
The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-05-16 not yet calculated CVE-2022-1559
MISC
MISC
wordpress — amministrazione_aperta_wordpress_plugin
 
The Amministrazione Aperta WordPress plugin through 3.7.3 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link 2022-05-16 not yet calculated CVE-2022-1560
MISC
fedora — fedora
 
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. 2022-05-16 not yet calculated CVE-2022-1586
FEDORA
MISC
MISC
MISC
pcre2 — pcre2
 
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. 2022-05-16 not yet calculated CVE-2022-1587
MISC
FEDORA
MISC
octopus — octopus_server
 
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. 2022-05-19 not yet calculated CVE-2022-1670
MISC
linux — linux_kernel_atheros_wireless_adapter_driver
 
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-05-16 not yet calculated CVE-2022-1679
MISC
coreos — ignition
 
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. 2022-05-17 not yet calculated CVE-2022-1706
MISC
MISC
MISC
MISC
MISC
jgraph — drawio
 
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. 2022-05-17 not yet calculated CVE-2022-1711
CONFIRM
MISC
jgraph — drawio
 
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. 2022-05-16 not yet calculated CVE-2022-1713
MISC
CONFIRM
jgraph — drawio
 
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. 2022-05-16 not yet calculated CVE-2022-1721
CONFIRM
MISC
jgraph — drawio
 
SSRF in editor’s proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses 2022-05-16 not yet calculated CVE-2022-1722
MISC
CONFIRM
jgraph — drawio
 
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. 2022-05-17 not yet calculated CVE-2022-1723
MISC
CONFIRM
bootstrap — bootstrap_tables Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. 2022-05-16 not yet calculated CVE-2022-1726
CONFIRM
MISC
jgraph — drawio
 
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. 2022-05-18 not yet calculated CVE-2022-1727
MISC
CONFIRM
polonel — trudesk Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. 2022-05-16 not yet calculated CVE-2022-1728
CONFIRM
MISC
jgraph — drawio
 
Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 18.0.4. 2022-05-19 not yet calculated CVE-2022-1730
CONFIRM
MISC
metasonic —  doc_webclient Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. 2022-05-16 not yet calculated CVE-2022-1731
MISC
fedora — vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. 2022-05-17 not yet calculated CVE-2022-1733
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
linux — linux_kernel
 
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. 2022-05-18 not yet calculated CVE-2022-1734
MISC
fedora — vim
 
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. 2022-05-17 not yet calculated CVE-2022-1735
MISC
CONFIRM
polonel — trudesk
 
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-21 not yet calculated CVE-2022-1752
CONFIRM
MISC
wowonder — wowonder
 
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public. 2022-05-17 not yet calculated CVE-2022-1753
MISC
MISC
MISC
polonel — trudesk
 
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 not yet calculated CVE-2022-1754
MISC
CONFIRM
jgraph — drawio
 
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. 2022-05-18 not yet calculated CVE-2022-1767
MISC
CONFIRM
fedora — vim
 
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. 2022-05-17 not yet calculated CVE-2022-1769
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
polonel — trudesk
 
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 not yet calculated CVE-2022-1770
CONFIRM
MISC
fedora — vim
 
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. 2022-05-18 not yet calculated CVE-2022-1771
CONFIRM
MISC
jgraph — drawio
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. 2022-05-18 not yet calculated CVE-2022-1774
MISC
CONFIRM
polonel — trudesk
 
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 not yet calculated CVE-2022-1775
CONFIRM
MISC
erudika — para
 
Cross-site Scripting (XSS) – Generic in GitHub repository erudika/para prior to v1.45.11. 2022-05-18 not yet calculated CVE-2022-1782
MISC
CONFIRM
jgraph — drawio
 
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. 2022-05-20 not yet calculated CVE-2022-1784
MISC
CONFIRM
fedora — vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. 2022-05-19 not yet calculated CVE-2022-1785
CONFIRM
MISC
gpac — gpac
 
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. 2022-05-18 not yet calculated CVE-2022-1795
CONFIRM
MISC
fedora — vim
 
Use After Free in GitHub repository vim/vim prior to 8.2.4979. 2022-05-19 not yet calculated CVE-2022-1796
MISC
CONFIRM
polonel — trudesk
 
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 not yet calculated CVE-2022-1803
CONFIRM
MISC
rtxteam — rtx
 
Cross-site Scripting (XSS) – Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. 2022-05-20 not yet calculated CVE-2022-1806
CONFIRM
MISC
radareorg — radare2
 
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. 2022-05-21 not yet calculated CVE-2022-1809
CONFIRM
MISC
url-regex — url-regex
 
All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. 2022-05-20 not yet calculated CVE-2022-21195
CONFIRM
CONFIRM
oracle — e-business_suite
 
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 2022-05-20 not yet calculated CVE-2022-21500
MISC
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. 2022-05-20 not yet calculated CVE-2022-22365
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 and Open Liberty are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. 2022-05-17 not yet calculated CVE-2022-22475
CONFIRM
XF
ibm — sterling_b2b_integrator
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977. 2022-05-17 not yet calculated CVE-2022-22482
XF
CONFIRM
ibm — spectrum_protect_operations_center
 
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser’s application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts’ passwords. IBM X-Force ID: 226322. 2022-05-17 not yet calculated CVE-2022-22484
XF
CONFIRM
tibco — jasperreports_server
 
The REST API component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server – Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server – Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below. 2022-05-17 not yet calculated CVE-2022-22773
CONFIRM
CONFIRM
tibco — tibco_bpm
 
The Workspace client component of TIBCO Software Inc.’s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below. 2022-05-17 not yet calculated CVE-2022-22775
CONFIRM
CONFIRM
tibco — tibco_businessconnect_trading_community_management
 
The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. 2022-05-18 not yet calculated CVE-2022-22776
CONFIRM
CONFIRM
tibco — tibco_businessconnect_trading_community_management
 
The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. 2022-05-18 not yet calculated CVE-2022-22777
CONFIRM
CONFIRM
tibco — tibco_businessconnect_trading_community_management
 
The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. 2022-05-18 not yet calculated CVE-2022-22778
CONFIRM
CONFIRM
zoom — client_for_meetings
 
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server. 2022-05-18 not yet calculated CVE-2022-22784
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user. 2022-05-18 not yet calculated CVE-2022-22785
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version. 2022-05-18 not yet calculated CVE-2022-22786
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services. 2022-05-18 not yet calculated CVE-2022-22787
CONFIRM
vmware — workspace_one
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. 2022-05-20 not yet calculated CVE-2022-22972
MISC
vmware — workspace_one
 
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. 2022-05-20 not yet calculated CVE-2022-22973
MISC
vmware — spring_security Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. 2022-05-19 not yet calculated CVE-2022-22976
MISC
vmware — spring_security
 
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. 2022-05-19 not yet calculated CVE-2022-22978
MISC
tooljet — tooljet
 
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account. 2022-05-18 not yet calculated CVE-2022-23067
CONFIRM
MISC
tooljet — tooljet
 
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. 2022-05-18 not yet calculated CVE-2022-23068
MISC
CONFIRM
aruba_networks — clearpass_policy_manager
 
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23657
MISC
aruba_networks — clearpass_policy_manager
 
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23658
MISC
aruba_networks — clearpass_policy_manager
 
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23659
MISC
aruba_networks — clearpass_policy_manager
 
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23660
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23661
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23662
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23663
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23664
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23665
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23666
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23667
MISC
aruba_networks — clearpass_policy_manager
 
A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23668
MISC
aruba_networks — clearpass_policy_manager
 
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-17 not yet calculated CVE-2022-23669
MISC
aruba_networks — clearpass_policy_manager
 
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-16 not yet calculated CVE-2022-23670
MISC
aruba_networks — clearpass_policy_manager
 
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-17 not yet calculated CVE-2022-23671
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-17 not yet calculated CVE-2022-23672
MISC
aruba_networks — clearpass_policy_manager
 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-17 not yet calculated CVE-2022-23673
MISC
aruba_networks — clearpass_policy_manager
 
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-17 not yet calculated CVE-2022-23674
MISC
aruba_networks — clearpass_policy_manager
 
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2022-05-17 not yet calculated CVE-2022-23675
MISC
hewlett_packard_enterprise — oneview
 
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. 2022-05-17 not yet calculated CVE-2022-23706
MISC
desigo — dxr2
 
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames. 2022-05-20 not yet calculated CVE-2022-24043
CONFIRM
desigo — dxr2
 
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account. 2022-05-20 not yet calculated CVE-2022-24044
CONFIRM
desigo — dxr2
 
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information. 2022-05-20 not yet calculated CVE-2022-24045
CONFIRM
skyoftech — so_listing_tabs
 
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data. 2022-05-17 not yet calculated CVE-2022-24108
MISC
MISC
MISC
MISC
simatic — pcs_7
 
A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed. 2022-05-20 not yet calculated CVE-2022-24287
CONFIRM
siemens — teamcenter
 
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash. 2022-05-20 not yet calculated CVE-2022-24290
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24388
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24389
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24390
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24391
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24392
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24393
CONFIRM
fidelis_security — network_and_deception
 
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. 2022-05-17 not yet calculated CVE-2022-24394
CONFIRM
openjs_foundation — nodejs This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. 2022-05-20 not yet calculated CVE-2022-24434
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
silicon_labs — z-wavw_500
 
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. 2022-05-17 not yet calculated CVE-2022-24611
MISC
MISC
openclinica — openclinica
 
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade. 2022-05-14 not yet calculated CVE-2022-24830
CONFIRM
MISC
openclinica — openclinica
 
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade. 2022-05-14 not yet calculated CVE-2022-24831
CONFIRM
MISC
flytorg — flyteconsole FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround. 2022-05-17 not yet calculated CVE-2022-24856
CONFIRM
MISC
MISC
MISC
nextcloud — talk
 
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds. 2022-05-17 not yet calculated CVE-2022-24890
MISC
CONFIRM
MISC
MISC
argo — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD’s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could be leaked include manifest files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any JSON-formatted secrets which have been mounted as files on the repo-server. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. Users of versions 2.3.0 or above who do not have any Jsonnet/directory-type Applications may disable the Jsonnet/directory config management tool as a workaround. 2022-05-20 not yet calculated CVE-2022-24904
MISC
CONFIRM
MISC
MISC
argo — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL which contains the message to be displayed. As far as the research of the Argo CD team concluded, it is not possible to specify any active content (e.g. Javascript) or other HTML fragments (e.g. clickable links) in the spoofed message. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. There are currently no known workarounds. 2022-05-20 not yet calculated CVE-2022-24905
CONFIRM
MISC
MISC
MISC
nextcloud — deck
 
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available. 2022-05-20 not yet calculated CVE-2022-24906
MISC
CONFIRM
MISC
mitsubishi_electric — melsec_iq-f
 
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a DoS condition for the product’s program execution or communication by sending specially crafted packets. System reset of the product is required for recovery. 2022-05-18 not yet calculated CVE-2022-25161
MISC
MISC
mitsubishi_electric — melsec_iq-f
 
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product’s communication by sending specially crafted packets. 2022-05-18 not yet calculated CVE-2022-25162
MISC
MISC
apache — tika
 
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. 2022-05-16 not yet calculated CVE-2022-25169
CONFIRM
MLIST
proton — proton
 
Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The ‘nodeIntegration’ configuration is set to on which allows the ‘webpage’ to use ‘NodeJs’ features, an attacker can leverage this to run OS commands. 2022-05-20 not yet calculated CVE-2022-25224
MISC
thinfinity — vnc
 
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an ‘ID’ that can be used to send websocket requests and achieve RCE. 2022-05-20 not yet calculated CVE-2022-25227
MISC
popcorn_software — popcorn_time
 
Popcorn Time 0.4.7 has a Stored XSS in the ‘Movies API Server(s)’ field via the ‘settings’ page. The ‘nodeIntegration’ configuration is set to on which allows the ‘webpage’ to use ‘NodeJs’ features, an attacker can leverage this to run OS commands. 2022-05-20 not yet calculated CVE-2022-25229
MISC
MISC
wordpress — code_snippets_plugin
 
Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. 2022-05-18 not yet calculated CVE-2022-25617
CONFIRM
CONFIRM
open_source — multi-vendor_ online_groceries_management_system

 

Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. 2022-05-20 not yet calculated CVE-2022-26632
MISC
open_source — simple_student_quarterly_result/grade_system
 
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. 2022-05-20 not yet calculated CVE-2022-26633
MISC
hma — vpn
 
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 not yet calculated CVE-2022-26634
MISC
MISC
apache — shenyui
 
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3. 2022-05-17 not yet calculated CVE-2022-26650
CONFIRM
MLIST
private_internet_access — private_internet_access
 
Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 not yet calculated CVE-2022-27092
MISC
sony — playmemories
 
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 not yet calculated CVE-2022-27094
MISC
battleye — battleye
 
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 not yet calculated CVE-2022-27095
MISC
siemens — openv2g
 
A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. 2022-05-20 not yet calculated CVE-2022-27242
CONFIRM
jvn — multiple_products
 
Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page. 2022-05-18 not yet calculated CVE-2022-27632
MISC
MISC
simatic — multiple_products
 
A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot. 2022-05-20 not yet calculated CVE-2022-27640
CONFIRM
siemens — simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594) 2022-05-20 not yet calculated CVE-2022-27653
CONFIRM
foxit_software — pdf_editor
 
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. 2022-05-20 not yet calculated CVE-2022-28104
MISC
MISC
sourcecodester — online_sports_complex_booking_system
 
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. 2022-05-20 not yet calculated CVE-2022-28105
MISC
sourcecodester — online_sports_complex_booking_system
 
Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. 2022-05-20 not yet calculated CVE-2022-28106
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. 2022-05-17 not yet calculated CVE-2022-28181
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. 2022-05-17 not yet calculated CVE-2022-28182
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. 2022-05-17 not yet calculated CVE-2022-28183
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. 2022-05-17 not yet calculated CVE-2022-28184
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. 2022-05-17 not yet calculated CVE-2022-28185
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. 2022-05-17 not yet calculated CVE-2022-28186
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service. 2022-05-17 not yet calculated CVE-2022-28187
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service. 2022-05-17 not yet calculated CVE-2022-28188
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. 2022-05-17 not yet calculated CVE-2022-28189
MISC
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. 2022-05-17 not yet calculated CVE-2022-28190
MISC
nvidia — vgpu
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service. 2022-05-17 not yet calculated CVE-2022-28191
MISC
nvidia — vgpu
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges. 2022-05-17 not yet calculated CVE-2022-28192
MISC
arm — mali_gpu_kernel_driver
 
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. 2022-05-19 not yet calculated CVE-2022-28348
CONFIRM
MISC
arm — mali_gpu_kernel_driver
 
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. 2022-05-19 not yet calculated CVE-2022-28349
CONFIRM
MISC
arm — mali_gpu_kernel_driver
 
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. 2022-05-19 not yet calculated CVE-2022-28350
CONFIRM
MISC
sourcecodester — covid-19_directory_on_vaccination_system
 
Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. 2022-05-20 not yet calculated CVE-2022-28531
MISC
MISC
hpe — oneview
 
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. 2022-05-17 not yet calculated CVE-2022-28616
MISC
hpe — oneview
 
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. 2022-05-17 not yet calculated CVE-2022-28617
MISC
hpe — nimble
 
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. 2022-05-20 not yet calculated CVE-2022-28618
MISC
Grafana — enterprise_logs
 
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode 2022-05-20 not yet calculated CVE-2022-28660
CONFIRM

meikyo_electric — multiple_products

Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors. 2022-05-18 not yet calculated CVE-2022-28717
MISC
MISC
tenda — ax12
 
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. 2022-05-18 not yet calculated CVE-2022-28917
MISC
blogengine — blogengine.net
 
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. 2022-05-18 not yet calculated CVE-2022-28921
MISC
MISC
universis — universis-students
 
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. 2022-05-18 not yet calculated CVE-2022-28924
MISC
subconverter — subconverter A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. 2022-05-19 not yet calculated CVE-2022-28927
MISC
MISC
hospital_management-system — hospital_management-system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. 2022-05-15 not yet calculated CVE-2022-28929
MISC
sage_software — erp-pro
 
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. 2022-05-15 not yet calculated CVE-2022-28930
MISC
fisco-bcos — fisco-bcos
 
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. 2022-05-15 not yet calculated CVE-2022-28936
MISC
fisco-bcos — fisco-bcos FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients’ requests. 2022-05-15 not yet calculated CVE-2022-28937
MISC
open_policy_agent — opa
 
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. 2022-05-19 not yet calculated CVE-2022-28946
MISC
go-yaml — yaml
 
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. 2022-05-19 not yet calculated CVE-2022-28948
MISC
d-link — dir816l_fw206b01
 
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. 2022-05-18 not yet calculated CVE-2022-28955
MISC
MISC
d-link — dir816l_fw206b01
 
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. 2022-05-18 not yet calculated CVE-2022-28956
MISC
MISC
d-link — dir816l_fw206b01
 
D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php. 2022-05-18 not yet calculated CVE-2022-28958
MISC
MISC
spip — spip_web_framework
 
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. 2022-05-19 not yet calculated CVE-2022-28959
MISC
MISC
MISC
MISC
MISC
spip — spip
 
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. 2022-05-19 not yet calculated CVE-2022-28960
MISC
MISC
MISC
MISC
MISC
spip — spip_web_framework
 
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. 2022-05-19 not yet calculated CVE-2022-28961
MISC
MISC
MISC
MISC
MISC
packet_storm — online_sports_complex_booking_system
 
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. 2022-05-19 not yet calculated CVE-2022-28962
MISC
MISC
avast — premium_security
 
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. 2022-05-20 not yet calculated CVE-2022-28964
MISC
MISC
avast — premium_security
 
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. 2022-05-20 not yet calculated CVE-2022-28965
MISC
MISC
orangehrm — orangehrm
 
A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. 2022-05-20 not yet calculated CVE-2022-28985
MISC
manageengine — adselfservice_plus
 
ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. 2022-05-20 not yet calculated CVE-2022-28987
MISC
MISC
wasms — wasm3
 
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. 2022-05-20 not yet calculated CVE-2022-28990
MISC
MISC
packet_storm — multi_store_inventory_management_system
 
Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. 2022-05-20 not yet calculated CVE-2022-28991
MISC
packet_storm — online_banquet_booking_system
 
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. 2022-05-20 not yet calculated CVE-2022-28992
MISC
packet_storm — multi_store_inventory_management_system
 
Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. 2022-05-20 not yet calculated CVE-2022-28993
MISC
yaml — regine
 
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. 2022-05-20 not yet calculated CVE-2022-28995
MISC
axiomatic-systems — bento4
 
Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. 2022-05-16 not yet calculated CVE-2022-29017
MISC
openrazer — openrazer
 
A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 not yet calculated CVE-2022-29021
MISC
openrazer — openrazer

 

A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 not yet calculated CVE-2022-29022
MISC
openrazer — openrazer

 

A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 not yet calculated CVE-2022-29023
MISC
seimens — multiple_products A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 not yet calculated CVE-2022-29028
CONFIRM
seimens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 not yet calculated CVE-2022-29029
CONFIRM
seimens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 not yet calculated CVE-2022-29030
CONFIRM
seimens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 not yet calculated CVE-2022-29031
CONFIRM
seimens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-05-20 not yet calculated CVE-2022-29032
CONFIRM
seimens — multiple_products A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-05-20 not yet calculated CVE-2022-29033
CONFIRM
nextcloud — nextcloud_deck
 
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions 1.4.8, 1.5.6, and 1.6.1. There are no known currently-known workarounds available. 2022-05-20 not yet calculated CVE-2022-29159
MISC
MISC
CONFIRM
nextcloud — nextcloud_android
 
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder’s information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available. 2022-05-20 not yet calculated CVE-2022-29160
CONFIRM
MISC
MISC
open_containers — runc
 
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec –cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec –cap` behavior such that the additional capabilities granted to the process being executed (as specified via `–cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. 2022-05-17 not yet calculated CVE-2022-29162
MISC
MISC
CONFIRM
nextcloud — nextcloud_server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds. 2022-05-20 not yet calculated CVE-2022-29163
MISC
CONFIRM
MISC
MISC
argo — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In a default Argo CD installation, anonymous access is disabled. The vulnerability can be exploited to impersonate as any user or role, including the built-in `admin` account regardless of whether it is enabled or disabled. Also, the attacker does not need an account on the Argo CD instance in order to exploit this. If anonymous access to the instance is enabled, an attacker can escalate their privileges, effectively allowing them to gain the same privileges on the cluster as the Argo CD instance, which is cluster admin in a default installation. This will allow the attacker to create, manipulate and delete any resource on the cluster. They may also exfiltrate data by deploying malicious workloads with elevated privileges, thus bypassing any redaction of sensitive data otherwise enforced by the Argo CD API. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. As a workaround, one may disable anonymous access, but upgrading to a patched version is preferable. 2022-05-20 not yet calculated CVE-2022-29165
MISC
CONFIRM
MISC
MISC
grafana — grafana_enterprise
 
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds. 2022-05-20 not yet calculated CVE-2022-29170
CONFIRM
MISC
MISC
MISC
countly — countly_server
 
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface. 2022-05-17 not yet calculated CVE-2022-29174
MISC
CONFIRM
ethereum — go_ethereum
 
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack. 2022-05-20 not yet calculated CVE-2022-29177
CONFIRM
MISC
cilium — cilium
 
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium’s DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability. 2022-05-20 not yet calculated CVE-2022-29178
MISC
MISC
MISC
CONFIRM
cilium — cilium
 
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium’s Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available. 2022-05-20 not yet calculated CVE-2022-29179
MISC
MISC
MISC
CONFIRM
nokogirl — nokogirl
 
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. 2022-05-20 not yet calculated CVE-2022-29181
MISC
CONFIRM
MISC
MISC
gocd — gocd
 
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run’s Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user’s browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph’s iframe. This could allow an attacker to steal a GoCD user’s session cookies and/or execute malicious code in the user’s context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds. 2022-05-20 not yet calculated CVE-2022-29182
MISC
MISC
CONFIRM
MISC
gocd — gocd
 
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function’s error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to. This issue is fixed in GoCD 21.4.0. As a workaround, block access to `/go/compare/.*` prior to GoCD Server via a reverse proxy, web application firewall or equivalent, which would prevent use of the pipeline comparison function. 2022-05-20 not yet calculated CVE-2022-29183
CONFIRM
MISC
MISC
MISC
gocd — gocd
 
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a malicious branch name which abuses Mercurial hooks/aliases to exploit a command injection weakness. An attacker would require access to an account with existing GoCD administration permissions to either create/edit (`hg`-based) configuration repositories; create/edit pipelines and their (`hg`-based) materials; or, where “pipelines-as-code” configuration repositories are used, to commit malicious configuration to such an external repository which will be automatically parsed into a pipeline configuration and (`hg`) material definition by the GoCD server. This issue is fixed in GoCD 22.1.0. As a workaround, users who do not use/rely upon Mercurial materials can uninstall/remove the `hg`/Mercurial binary from the underlying GoCD Server operating system or Docker image. 2022-05-20 not yet calculated CVE-2022-29184
MISC
MISC
MISC
CONFIRM
totp-rs — totp-rs
 
totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds. 2022-05-20 not yet calculated CVE-2022-29185
CONFIRM
MISC
MISC
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on remote host, those hosts would allow access to anyone with the exposed private credentials. This misconfiguration only impacts Rundeck Docker instances of PagerDuty® Process Automation On Prem (formerly Rundeck) version 4.0 and earlier, not Debian, RPM or .WAR. Additionally, the id_rsa.pub file would have to be copied from the Docker image filesystem contents without overwriting it and used to configure SSH access on a host. A patch on Rundeck’s `main` branch has removed the pre-generated SSH key pair, but it does not remove exposed keys that have been configured. To patch, users must run a script on hosts in their environment to search for exposed keys and rotate them. Two workarounds are available: Do not use any pre-existing public key file from the rundeck docker images to allow SSH access by adding it to authorized_keys files and, if you have copied the public key file included in the docker image, remove it from any authorized_keys files. 2022-05-20 not yet calculated CVE-2022-29186
CONFIRM
MISC
smokescreen — smokescreen
 
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by surrounding the hostname with square brackets (e.g. `[example.com]`). This only impacted the HTTP proxy functionality of Smokescreen. HTTPS requests were not impacted. Smokescreen version 0.0.4 contains a patch for this issue. 2022-05-21 not yet calculated CVE-2022-29188
MISC
CONFIRM
pion — pion_dtls
 
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. 2022-05-21 not yet calculated CVE-2022-29189
MISC
CONFIRM
MISC
pion — pion_dtls
 
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. 2022-05-21 not yet calculated CVE-2022-29190
MISC
MISC
CONFIRM
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29191
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29192
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29193
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29194
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29195
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29196
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29197
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29198
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29199
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29200
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29201
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29202
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29203
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29204
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don’t yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29205
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29206
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29207
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 not yet calculated CVE-2022-29208
MISC
MISC
MISC
MISC
MISC
CONFIRM
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-21 not yet calculated CVE-2022-29209
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. 2022-05-21 not yet calculated CVE-2022-29210
MISC
CONFIRM
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-21 not yet calculated CVE-2022-29211
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-21 not yet calculated CVE-2022-29212
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-21 not yet calculated CVE-2022-29213
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
nextauthjs — next-auth
 
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one’s `callbacks` option as a workaround for those unable to upgrade. 2022-05-21 not yet calculated CVE-2022-29214
MISC
CONFIRM
regionprotect — regionprotect RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash. 2022-05-21 not yet calculated CVE-2022-29215
MISC
CONFIRM
tensorflow — tensorflow
 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow’s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. 2022-05-21 not yet calculated CVE-2022-29216
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
pion — pion_dtls
 
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn’t posses the private key for and Pion DTLS wouldn’t reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can’t be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds. 2022-05-21 not yet calculated CVE-2022-29222
MISC
MISC
CONFIRM
cass — cass
 
CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials. The issue has been patched in 1.5.8, however, the vulnerable accounts are only resecured when the user next logs in using standalone authentication, as the data required to resecure the account is not available to the server. The issue may be mitigated by using SSO or client side certificates to log in. Please note that SSO and client side certificate authentication does not have this expectation of no-knowledge credential access, and cryptographic keys are available to the server administrator. 2022-05-18 not yet calculated CVE-2022-29229
MISC
CONFIRM
shopify — hydrogen
 
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability. 2022-05-18 not yet calculated CVE-2022-29230
MISC
CONFIRM
MISC
omline_sports_complex — online_sports_complex_booking_system
 
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. 2022-05-19 not yet calculated CVE-2022-29304
MISC
minitool — partition_wizard
 
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 not yet calculated CVE-2022-29320
MISC
d-link — dir-825_ac1200_r2
 
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the “../../../../” setting of the FTP server folder to set the router’s root folder for FTP access. This allows you to access the entire router file system via the FTP server. 2022-05-17 not yet calculated CVE-2022-29332
MISC
tiddlywiki5 — tiddlywiki5
 
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. 2022-05-16 not yet calculated CVE-2022-29351
MISC
MISC
MISC
MISC
graphql — graphql
 
An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. 2022-05-16 not yet calculated CVE-2022-29353
MISC
keystone — keystone
 
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. 2022-05-16 not yet calculated CVE-2022-29354
MISC
wordpress — biplob_adhikari’s_image_hover_effecgts_ultimate_plugin
 
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari’s Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. 2022-05-20 not yet calculated CVE-2022-29424
CONFIRM
CONFIRM
wordpress — wp_wham’s_checkout_files_upload_for_woocommerce_plugin Cross-Site Scripting (XSS) vulnerability in WP Wham’s Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. 2022-05-20 not yet calculated CVE-2022-29425
CONFIRM
CONFIRM
wordpress — 2j_slideshow_plugin Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team’s Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. 2022-05-20 not yet calculated CVE-2022-29426
CONFIRM
CONFIRM
wordpress — aftab_muni’s_disable_right_click_for_wp_plugin Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni’s Disable Right Click For WP plugin <= 1.1.6 at WordPress. 2022-05-20 not yet calculated CVE-2022-29427
CONFIRM
CONFIRM
wordpress — muneeb’s_wp_slider_plugin Cross-Site Scripting (XSS) vulnerability in Muneeb’s WP Slider Plugin <= 1.4.5 at WordPress. 2022-05-20 not yet calculated CVE-2022-29428
CONFIRM
CONFIRM
wordpress — alexander_stokmann’s_code_snippets_extended_plugin
 
Remote Code Execution (RCE) in Alexander Stokmann’s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. 2022-05-17 not yet calculated CVE-2022-29429
CONFIRM
CONFIRM
wordpress — kubiq_png_to_jpg_plugin Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. 2022-05-20 not yet calculated CVE-2022-29430
CONFIRM
CONFIRM
wordpress — kubiq_cpt_base_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. 2022-05-20 not yet calculated CVE-2022-29431
CONFIRM
CONFIRM
wordpress — tms_plugins_wpdatatables_plugin
 
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. 2022-05-20 not yet calculated CVE-2022-29432
CONFIRM
CONFIRM
wordpress — spiffy_plugins_spiffy_calendar
 
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. 2022-05-20 not yet calculated CVE-2022-29434
CONFIRM
CONFIRM
wordpress — alexander_stokmann’s_code_snippets_extended_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann’s Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. 2022-05-17 not yet calculated CVE-2022-29435
CONFIRM
CONFIRM
wordpress — alexander_stokmann’s_code_snippets_extended_plugin 
 
Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann’s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). 2022-05-17 not yet calculated CVE-2022-29436
CONFIRM
CONFIRM
wordpress — wow-company’s_popup_box_plugin
 
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Popup Box plugin <= 2.1.2 at WordPress. 2022-05-18 not yet calculated CVE-2022-29445
CONFIRM
CONFIRM
wordpress — wow-company’s_hover_effects_plugin
 
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Counter Box plugin <= 1.1.1 at WordPress. 2022-05-19 not yet calculated CVE-2022-29446
CONFIRM
CONFIRM
wordpress — wow-company’s_hover_effects_plugin
 
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Hover Effects plugin <= 2.1 at WordPress. 2022-05-20 not yet calculated CVE-2022-29447
CONFIRM
CONFIRM
wordpress — wow-company’s_herd_effects_plugin Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Herd Effects plugin <= 5.2 at WordPress. 2022-05-20 not yet calculated CVE-2022-29448
CONFIRM
CONFIRM
wordpress — opal_hotel_room_booking_plugin
 
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. 2022-05-19 not yet calculated CVE-2022-29449
CONFIRM
CONFIRM
fujitsu — multiple_products
 
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. 2022-05-18 not yet calculated CVE-2022-29516
MISC
MISC
koyo_electronics — multiple_products
 
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting’s account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI. 2022-05-18 not yet calculated CVE-2022-29518
MISC
MISC
net/sched — net/sched
 
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. 2022-05-17 not yet calculated CVE-2022-29581
MISC
MISC
MLIST
konica_minolta — bizhub_mfp
 
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. 2022-05-16 not yet calculated CVE-2022-29586
MISC
MISC
konica_minolta — bizhub_mfp
 
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. 2022-05-16 not yet calculated CVE-2022-29587
MISC
MISC
konica_minolta — bizhub_mfp
 
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. 2022-05-16 not yet calculated CVE-2022-29588
MISC
MISC
formidable — formidable An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. 2022-05-16 not yet calculated CVE-2022-29622
MISC
connect-multiparty — connect-multiparty An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. 2022-05-16 not yet calculated CVE-2022-29623
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2022-05-18 not yet calculated CVE-2022-29638
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. 2022-05-18 not yet calculated CVE-2022-29639
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2022-05-18 not yet calculated CVE-2022-29640
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2022-05-18 not yet calculated CVE-2022-29641
MISC
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2022-05-18 not yet calculated CVE-2022-29642
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2022-05-18 not yet calculated CVE-2022-29643
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. 2022-05-18 not yet calculated CVE-2022-29644
MISC
totolink — a3100R
 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. 2022-05-18 not yet calculated CVE-2022-29645
MISC
totolink — a3100R
 
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. 2022-05-18 not yet calculated CVE-2022-29646
MISC
packet_storm — online_sports_coplex_booking_system Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. 2022-05-19 not yet calculated CVE-2022-29652
MISC
MISC
siemen — teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. 2022-05-20 not yet calculated CVE-2022-29801
CONFIRM
siemens — multiple_products A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-05-20 not yet calculated CVE-2022-29872
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-05-20 not yet calculated CVE-2022-29873
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. 2022-05-20 not yet calculated CVE-2022-29874
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks. 2022-05-20 not yet calculated CVE-2022-29876
CONFIRM
siemens — multiple_products A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices allow unauthenticated access to the web interface configuration area. This could allow an attacker to extract internal configuration details or to reconfigure network settings. However, the reconfigured settings cannot be activated unless the role of an authenticated administrator user. 2022-05-20 not yet calculated CVE-2022-29877
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. 2022-05-20 not yet calculated CVE-2022-29878
CONFIRM
siemens — multiple_products A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information. 2022-05-20 not yet calculated CVE-2022-29879
CONFIRM
siemens — multiple_products A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views. 2022-05-20 not yet calculated CVE-2022-29880
CONFIRM
siemens — multiple_products A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details. 2022-05-20 not yet calculated CVE-2022-29881
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could – when a legitimate user accesses the error logs – perform arbitrary actions in the name of the user. 2022-05-20 not yet calculated CVE-2022-29882
CONFIRM
siemens — multiple_products A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication. 2022-05-20 not yet calculated CVE-2022-29883
CONFIRM
gxcms — gxcms
 
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. 2022-05-17 not yet calculated CVE-2022-30007
MISC
hms — hms In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. 2022-05-16 not yet calculated CVE-2022-30011
MISC
MISC
hms — hms
 
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. 2022-05-16 not yet calculated CVE-2022-30012
MISC
MISC
totaljs_cms — totaljs
 
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. 2022-05-16 not yet calculated CVE-2022-30013
MISC
MISC
mobotix — control_center_(mxcc)
 
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations. 2022-05-19 not yet calculated CVE-2022-30018
MISC
tenda — tx9_pro
 
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. 2022-05-18 not yet calculated CVE-2022-30033
MISC
ezxml — ezxml
 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. 2022-05-17 not yet calculated CVE-2022-30045
MISC
rebuild — rebuild
 
A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. 2022-05-15 not yet calculated CVE-2022-30049
MISC
tenable — gnuboard
 
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. 2022-05-16 not yet calculated CVE-2022-30050
MISC
home — clean_service_system
 
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. 2022-05-17 not yet calculated CVE-2022-30052
MISC
tenable — toll_tax_management_system
 
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. 2022-05-17 not yet calculated CVE-2022-30053
MISC
covid_19_travel_pass_management — covid_19_travel_pass_management
 
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. 2022-05-17 not yet calculated CVE-2022-30054
MISC
packet_storm — prime95
 
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. 2022-05-16 not yet calculated CVE-2022-30055
MISC
MISC
busybox – awk_applet
 
A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. 2022-05-18 not yet calculated CVE-2022-30065
MISC
gnome — gimp
 
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. 2022-05-17 not yet calculated CVE-2022-30067
MISC
wbce_cms — wbce_cms
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via adminpagessections_save.php namesection2 parameters. 2022-05-17 not yet calculated CVE-2022-30072
MISC
MISC
MISC
wbce_cms — wbce_cms

 

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. 2022-05-17 not yet calculated CVE-2022-30073
MISC
MISC
belkin — n300_firmware
 
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root. 2022-05-18 not yet calculated CVE-2022-30105
MISC
jirafeau — jirafeau
 
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users’ browser. 2022-05-17 not yet calculated CVE-2022-30110
MISC
caagearup — mck_smartlock Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. 2022-05-18 not yet calculated CVE-2022-30111
MISC
MISC
MISC
apache — tika
 
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 2022-05-16 not yet calculated CVE-2022-30126
CONFIRM
MLIST
microsoft — windows-print_spooler_elevation_privilege_vulnerability
 
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132. 2022-05-18 not yet calculated CVE-2022-30138
N/A
cx_security — chatbot
 
ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. 2022-05-20 not yet calculated CVE-2022-30518
MISC
MISC
trend_micro — password_manager_(consumer)
 
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. 2022-05-16 not yet calculated CVE-2022-30523
MISC
MISC
opc_foundation — ua_legacy_java_stack OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. 2022-05-20 not yet calculated CVE-2022-30551
MISC
MISC
MISC
moodle — moodle
 
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. 2022-05-18 not yet calculated CVE-2022-30596
MISC
MISC
MISC
moodle — moodle
 
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. 2022-05-18 not yet calculated CVE-2022-30597
MISC
MISC
MISC
moodle — moodle
 
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. 2022-05-18 not yet calculated CVE-2022-30598
MISC
MISC
MISC
moodle — moodle
 
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. 2022-05-18 not yet calculated CVE-2022-30599
MISC
MISC
MISC
moodle — moodle
 
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. 2022-05-18 not yet calculated CVE-2022-30600
MISC
MISC
MISC
strapi — strapi
 
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For example, a low-privileged “author” role account can view these details in the JSON response for an “editor” or “super admin” that has updated one of the author’s blog posts. There are also many other scenarios where such details from other users can leak in the JSON response, either through a direct or indirect relationship. Access to this information enables a user to compromise other users’ accounts by successfully invoking the password reset workflow. In a worst-case scenario, a low-privileged user could get access to a “super admin” account with full control over the Strapi instance, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. 2022-05-19 not yet calculated CVE-2022-30617
MISC
strapi — strapi
 
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. 2022-05-19 not yet calculated CVE-2022-30618
MISC
needrestart — needrestart
 
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. 2022-05-17 not yet calculated CVE-2022-30688
MISC
MISC
MISC
MISC
MLIST
DEBIAN
MLIST
hashicorp — multiple_products
 
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3. 2022-05-17 not yet calculated CVE-2022-30689
MISC
acronis — snap_deploy_(windows)
 
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 2022-05-16 not yet calculated CVE-2022-30695
MISC
acronis — snap_deploy_(windows) Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 2022-05-16 not yet calculated CVE-2022-30696
MISC
acronis — snap_deploy_(windows) Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 2022-05-16 not yet calculated CVE-2022-30697
MISC
webmin — webmin
 
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. 2022-05-15 not yet calculated CVE-2022-30708
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
janet-lang — janet
 
Janet before 1.22.0 mishandles arrays. 2022-05-16 not yet calculated CVE-2022-30763
MISC
MISC
calibre-web — calibre-web
 
Calibre-Web before 0.6.18 allows user table SQL Injection. 2022-05-16 not yet calculated CVE-2022-30765
MISC
MISC
uboot — uboot
 
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. 2022-05-16 not yet calculated CVE-2022-30767
MISC
MISC
MISC
terminalfour — terminalfour
 
Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions. 2022-05-16 not yet calculated CVE-2022-30770
MISC
MISC
MISC
pdfreader — xpdf xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. 2022-05-16 not yet calculated CVE-2022-30775
MISC
atmail — atmail
 
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. 2022-05-16 not yet calculated CVE-2022-30776
MISC
MISC
Parallels — h-sphere
 
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. 2022-05-16 not yet calculated CVE-2022-30777
MISC
MISC
laveral — laravel
 
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in IlluminateBroadcastingPendingBroadcast.php and dispatch($command) in IlluminateBusQueueingDispatcher.php. 2022-05-16 not yet calculated CVE-2022-30778
MISC
laveral — laravel
 
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttpCookieFileCookieJar.php. 2022-05-16 not yet calculated CVE-2022-30779
MISC
gitea — gitea
 
Gitea before 1.16.7 does not escape git fetch remote. 2022-05-16 not yet calculated CVE-2022-30781
MISC
MISC
MISC
openmoney — openmoney
 
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. 2022-05-16 not yet calculated CVE-2022-30782
MISC
MISC
packet_storm — school_dormitory_management_system School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. 2022-05-20 not yet calculated CVE-2022-30886
MISC
packet_storm — pharmacy_management_system
 
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. 2022-05-20 not yet calculated CVE-2022-30887
MISC
jenkins — groovy_plugin
 
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. 2022-05-17 not yet calculated CVE-2022-30945
CONFIRM
MLIST
jenkins — script_security_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. 2022-05-17 not yet calculated CVE-2022-30946
MLIST
CONFIRM
jjenkins — git_plugin
 
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects’ SCM contents. 2022-05-17 not yet calculated CVE-2022-30947
MLIST
CONFIRM
jenkins — mercurial_plugin
 
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects’ SCM contents. 2022-05-17 not yet calculated CVE-2022-30948
MLIST
CONFIRM
jenkins — repo_plugin
 
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects’ SCM contents. 2022-05-17 not yet calculated CVE-2022-30949
MLIST
CONFIRM
jenkins — wmi_windows_agents_plugin
 
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. 2022-05-17 not yet calculated CVE-2022-30950
MLIST
CONFIRM
jenkins — wmi_windows_agents_plugin
 
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they’re not allowed to log in. 2022-05-17 not yet calculated CVE-2022-30951
MLIST
CONFIRM
jenkins — pipeline_scm_api_for_blue_ocean_plugin
 
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. 2022-05-17 not yet calculated CVE-2022-30952
MLIST
CONFIRM
jenkins — blue_ocean_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. 2022-05-17 not yet calculated CVE-2022-30953
MLIST
CONFIRM
jenkins — blue_ocean_plugin
 
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. 2022-05-17 not yet calculated CVE-2022-30954
MLIST
CONFIRM
jenkins — gitlab_plugin
 
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-05-17 not yet calculated CVE-2022-30955
CONFIRM
jenkins — rundeck_plugin
 
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. 2022-05-17 not yet calculated CVE-2022-30956
CONFIRM
jenkins — ssh_plugin
 
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-05-17 not yet calculated CVE-2022-30957
MLIST
CONFIRM
jenkins — ssh_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-05-17 not yet calculated CVE-2022-30958
CONFIRM
jenkins — ssh_plugin
 
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-05-17 not yet calculated CVE-2022-30959
CONFIRM
jenkins — application_detector_plugin
 
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30960
CONFIRM
jenkins — autocomplete_parameter_plugin
 
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30961
CONFIRM
jenkins — global_variable_string_parameter_plugin Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30962
CONFIRM
jenkins — jdk_parameter_plugin
 
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30963
CONFIRM
jenkins — multiselect_parameter_plugin
 
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30964
CONFIRM
jenkins — promoted_builds_(simple)_plugin
 
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30965
CONFIRM
jenkins — random_string_parameter
 
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30966
CONFIRM
jenkins — selection_tasks_plugin
 
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30967
CONFIRM
jenkins — vboxwrapper_plugin
 
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30968
CONFIRM
jenkins — autocomplete_paraeter_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. 2022-05-17 not yet calculated CVE-2022-30969
CONFIRM
jenkins — autocomplete_paraeter_plugin
 
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-05-17 not yet calculated CVE-2022-30970
CONFIRM
jenkins — storale_configs_plugin
 
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-05-17 not yet calculated CVE-2022-30971
CONFIRM
jenkins — storale_configs_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. 2022-05-17 not yet calculated CVE-2022-30972
CONFIRM
artifex — mujs compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. 2022-05-18 not yet calculated CVE-2022-30974
MISC
artifex — mujs In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. 2022-05-18 not yet calculated CVE-2022-30975
MISC
gpac — gpac
 
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. 2022-05-18 not yet calculated CVE-2022-30976
MISC
MISC
MISC
acronis — multiple_products Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 2022-05-18 not yet calculated CVE-2022-30990
MISC
acronis — multiple_products
 
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 2022-05-18 not yet calculated CVE-2022-30991
MISC
acronis — multiple_products Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 2022-05-18 not yet calculated CVE-2022-30992
MISC
acronis — multiple_products Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 2022-05-18 not yet calculated CVE-2022-30993
MISC
acronis — acronis_cyber_protect_15_(windows) Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 2022-05-18 not yet calculated CVE-2022-30994
MISC
goverlan — multiple_products
 
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11. 2022-05-20 not yet calculated CVE-2022-31215
MISC
MISC
mailcow — mailcow
 
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the –debug option in conjunction with the —PIPEMESS option in Sync Jobs. 2022-05-20 not yet calculated CVE-2022-31245
MISC
MISC
checkmk — checkmk In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. 2022-05-20 not yet calculated CVE-2022-31258
MISC
MISC
beego — beego
 
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). 2022-05-21 not yet calculated CVE-2022-31259
MISC
MISC
MISC
solana — solana_rbpf
 
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. 2022-05-21 not yet calculated CVE-2022-31264
MISC
MISC
gitblit — gitblit
 
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext ‘attacker@example.comntrole = “#admin”‘ value. 2022-05-21 not yet calculated CVE-2022-31267
MISC
MISC
gitblit — gitblit
 
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). 2022-05-21 not yet calculated CVE-2022-31268
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of April 25, 2022

05/02/2022 06:16 AM EDT

Original release date: May 2, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jfinalcms_project — jfinalcms JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. 2022-04-22 7.5 CVE-2022-27341
MISC
link-admin_project — link-admin Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). 2022-04-22 7.5 CVE-2022-27342
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. 2022-04-22 6.8 CVE-2021-38886
XF
CONFIRM
pimcore — pimcore SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 2022-04-22 5 CVE-2022-1429
MISC
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. 2022-04-22 4.3 CVE-2021-38904
XF
CONFIRM
microweber — microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. 2022-04-22 4.3 CVE-2022-1439
CONFIRM
MISC
crypt-server_project — crypt-server Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. 2022-04-22 4.3 CVE-2022-29589
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 4 CVE-2021-20464
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 4 CVE-2021-29824
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. 2022-04-22 4 CVE-2021-38905
XF
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. 2022-04-22 3.5 CVE-2021-38903
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. 2022-04-22 3.5 CVE-2021-38946
CONFIRM
XF

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
artifex — ghostscript
 
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC
wordpress — tatsu_wordpress_plugin
 
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC
wordpress– english_wordpress_admin_wordpress_plugin
 
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC
sophos — authenticator_for_android
 
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM
maxboard — maxboard
 
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC
tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’. 2022-04-26 not yet calculated CVE-2021-26629
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF
nomachine — nomachine_for_windows
 
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM
bender/ebee — cc612
 
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM
3scale — apicast
 
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC
solarwinds — serv-u
 
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC
metasys — ads/adx/oas
 
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM
veryfixpro — veryfixpro
 
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC
wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM
tripetto — tripetto_plugin
 
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM
motorola — multiple_products
 
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC
ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF
lenovo — lenovovariable_smi_handler
 
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC
red_hat — gnome-shell
 
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC
artica — proxy
 
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC
eclipse — openj9
 
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM
novelplus — novel-plus
 
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC
magic_cms_msvod — magic_cms_msvod
 
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC
encode– oss_httpx
 
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms — subrion_cms
 
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC
pingidentity — pingid_windows_login
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid_adnroid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid_ios
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
pingidentity — pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC
lenovo — nvme_driver
 
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC
lenovo — smbios_event_log_driver
 
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC
lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC
wordpress — sp_project_&_document_manager_wordpress_plugin
 
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC
elcomplus — smartptt
 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 2022-04-28 not yet calculated CVE-2021-43932
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. 2022-04-28 not yet calculated CVE-2021-43934
CONFIRM
elcomplus — smartptt_scada_server
 
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. 2022-04-29 not yet calculated CVE-2021-43937
CONFIRM
elcomplus — smartptt_scada_server

 

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. 2022-04-29 not yet calculated CVE-2021-43938
CONFIRM
elcomplus — smartptt_scada
 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 2022-04-28 not yet calculated CVE-2021-43939
CONFIRM
wondershare — dr._fone
 
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 2022-04-29 not yet calculated CVE-2021-44595
MISC
MISC
MISC
wondershare — dr._fone Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 2022-04-29 not yet calculated CVE-2021-44596
MISC
MISC
MISC
terramaster — terramaster
 
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 2022-04-25 not yet calculated CVE-2021-45836
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. 2022-04-25 not yet calculated CVE-2021-45837
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45839
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. 2022-04-25 not yet calculated CVE-2021-45840
MISC
terramaster — terramaster
 
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 2022-04-25 not yet calculated CVE-2021-45841
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45842
MISC
franklin_fueling_systems — ts-550_evo
 
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46420
MISC
franklin_fueling_systems — t5_series
 
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46421
MISC
telesquare — sdt-cw3b1 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. 2022-04-27 not yet calculated CVE-2021-46422
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 2022-04-27 not yet calculated CVE-2021-46423
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. 2022-04-27 not yet calculated CVE-2021-46424
MISC
d-link — dir-825_g1
 
In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 2022-04-27 not yet calculated CVE-2021-46441
MISC
MISC
D-Link DIR-825 G1
 
In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. 2022-04-27 not yet calculated CVE-2021-46442
MISC
MISC
wordpress — easy_google_maps_wordpress_plugin
 
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46780
MISC
wordpress — supsystic_wordpress_plugin
 
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46781
MISC
wordpress — supsystic_wordpress_plugin
 
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46782
MISC
lenovo — pcmanager
 
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 2022-04-22 not yet calculated CVE-2022-0192
MISC
wordpress — mycred_wordpress_plugin
 
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog 2022-04-25 not yet calculated CVE-2022-0287
MISC
lenovo — system_update
 
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 2022-04-22 not yet calculated CVE-2022-0354
MISC
MISC
wordpress — mycred_wordpress_lugin
 
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. 2022-04-25 not yet calculated CVE-2022-0363
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 2022-04-25 not yet calculated CVE-2022-0398
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 2022-04-25 not yet calculated CVE-2022-0477
MISC
CONFIRM
wordpress — flo-launch_wordpress_plugin
 
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. 2022-04-25 not yet calculated CVE-2022-0541
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. 2022-04-25 not yet calculated CVE-2022-0634
MISC
lenovo — thin_installer
 
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 2022-04-22 not yet calculated CVE-2022-0636
MISC
wordpress — web_to_print_shop_udraw_wordpress_plugin
 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) 2022-04-25 not yet calculated CVE-2022-0656
MISC
wordpress — 5_stars_rating_funnel_wordpress_plugin
 
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. 2022-04-25 not yet calculated CVE-2022-0657
MISC
wordpress — master_elements_wordpress_plugin
 
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0693
MISC
wordpress — users_ultra_wordpress_plugin
 
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. 2022-04-25 not yet calculated CVE-2022-0769
MISC
wordpress — donations_wordpress_plugin
 
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0782
MISC
wordpress — wpdevart_wordpress_plugin
 
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-0876
MISC
wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters 2022-04-25 not yet calculated CVE-2022-0953
MISC
linux — linux
 
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 2022-04-29 not yet calculated CVE-2022-0984
MISC
linux — linux
 
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. 2022-04-29 not yet calculated CVE-2022-0985
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 2022-04-29 not yet calculated CVE-2022-1015
MISC
MISC
MISC
wordpress — page_restriction_wordpress_plugin
 
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. 2022-04-25 not yet calculated CVE-2022-1027
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
wordpress — mycred_plugin
 
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog 2022-04-25 not yet calculated CVE-2022-1092
MISC
wordpress — wordpress
 
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1094
MISC
lenovo — thinkpad
 
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 2022-04-22 not yet calculated CVE-2022-1107
MISC
lenovo — thinkpad
 
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2022-1108
MISC
imagemagicks — relinquishdcminfo
 
A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. 2022-04-29 not yet calculated CVE-2022-1114
MISC
wordpress — menubar_plugin
 
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2022-1152
MISC
wordpress — layerslider_plugin
 
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-1153
MISC
wordpress — books_and_papers_plugin
 
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1156
MISC
getgrav — grav
 
stored xss in GitHub repository getgrav/grav prior to 1.7.33. 2022-04-26 not yet calculated CVE-2022-1173
MISC
CONFIRM
linux — linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
podman — podman
 
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. 2022-04-29 not yet calculated CVE-2022-1227
MISC
MISC
wordpress — opensea_plugin
 
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-25 not yet calculated CVE-2022-1228
MISC
linux — linux
 
A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. 2022-04-29 not yet calculated CVE-2022-1249
MISC
linux — linux_kernel
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
wordpress — admin_word_count_column
 
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique 2022-04-25 not yet calculated CVE-2022-1390
MISC
MISC
wordpress — cab_fare_calculator_plugin
 
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. 2022-04-25 not yet calculated CVE-2022-1391
MISC
MISC
wordpress — videos_sync_pdf_plugin
 
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 2022-04-25 not yet calculated CVE-2022-1392
MISC
MISC
wordpress — donorbox_plugin
 
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1396
MISC
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-04-29 not yet calculated CVE-2022-1402
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 2022-04-29 not yet calculated CVE-2022-1403
MISC
mruby — mruby
 
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 2022-04-23 not yet calculated CVE-2022-1427
CONFIRM
MISC
yarkeev — yarkeev
 
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. 2022-04-22 not yet calculated CVE-2022-1440
MISC
CONFIRM
gpac — gpac
 
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 2022-04-25 not yet calculated CVE-2022-1441
MISC
MISC
radareorg — radare2
 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 2022-04-23 not yet calculated CVE-2022-1444
CONFIRM
MISC
snipe — snipe-it
 
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-24 not yet calculated CVE-2022-1445
MISC
CONFIRM
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1451
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1452
CONFIRM
MISC
facturascripts — facturascripts
 
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-25 not yet calculated CVE-2022-1457
CONFIRM
MISC
openemr — openemr
 
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1458
MISC
CONFIRM
openemr — openemr
 
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1459
MISC
CONFIRM
openemr — openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1461
MISC
CONFIRM
getsimple — content_management_system
 
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 2022-04-26 not yet calculated CVE-2022-1466
MISC
MISC
MISC
getsimple — content_management_system A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. 2022-04-27 not yet calculated CVE-2022-1503
MISC
MISC
microweber — microweber
 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 2022-04-27 not yet calculated CVE-2022-1504
CONFIRM
MISC
chafa — chafa
 
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 2022-04-27 not yet calculated CVE-2022-1507
MISC
CONFIRM
hestiacp — hestiacp
 
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. 2022-04-28 not yet calculated CVE-2022-1509
CONFIRM
MISC
snipe — snipe-it
 
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. 2022-04-28 not yet calculated CVE-2022-1511
CONFIRM
MISC
facturascripts — facturascripts
 
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-28 not yet calculated CVE-2022-1514
MISC
CONFIRM
emlog — emlog_pro
 
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1526
MISC
MISC
livehelperchat — livehelperchat
 
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 2022-04-29 not yet calculated CVE-2022-1530
MISC
CONFIRM
rtx — rtx
 
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. 2022-04-29 not yet calculated CVE-2022-1531
MISC
CONFIRM
libmobi — libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. 2022-04-29 not yet calculated CVE-2022-1533
CONFIRM
MISC
libmobi — libmobi
 
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. 2022-04-29 not yet calculated CVE-2022-1534
MISC
CONFIRM
automad — automad
 
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(“home”)</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1536
N/A
N/A
scoold — scoold
 
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. 2022-04-29 not yet calculated CVE-2022-1543
CONFIRM
MISC
sonicwall — sonicos
 
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. 2022-04-27 not yet calculated CVE-2022-22275
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. 2022-04-27 not yet calculated CVE-2022-22276
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. 2022-04-27 not yet calculated CVE-2022-22277
CONFIRM
sonicwall — sonicos_cfs
 
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack 2022-04-27 not yet calculated CVE-2022-22278
CONFIRM
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. 2022-04-27 not yet calculated CVE-2022-22312
CONFIRM
XF
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. 2022-04-27 not yet calculated CVE-2022-22315
CONFIRM
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. 2022-04-28 not yet calculated CVE-2022-22322
CONFIRM
XF
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. 2022-04-27 not yet calculated CVE-2022-22323
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. 2022-04-27 not yet calculated CVE-2022-22345
XF
CONFIRM
ibm — planning_analytics_local
 
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. 2022-04-25 not yet calculated CVE-2022-22392
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. 2022-04-28 not yet calculated CVE-2022-22427
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. 2022-04-28 not yet calculated CVE-2022-22441
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. 2022-04-28 not yet calculated CVE-2022-22443
XF
CONFIRM
miele — benchmark_programming_tool
 
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. 2022-04-27 not yet calculated CVE-2022-22521
MISC
FULLDISC
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. 2022-04-28 not yet calculated CVE-2022-22781
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. 2022-04-28 not yet calculated CVE-2022-22782
MISC
zoom — on-premise_meeting_connector_controller
 
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. 2022-04-28 not yet calculated CVE-2022-22783
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one’s own implementation of the Validator interface. However, maintainers do not recommend this. 2022-04-25 not yet calculated CVE-2022-23457
MISC
MISC
CONFIRM
xilinx — xilinx
 
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. 2022-04-27 not yet calculated CVE-2022-23822
MISC
MISC
apache — doris
 
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. 2022-04-26 not yet calculated CVE-2022-23942
CONFIRM
MLIST
MLIST
linysys — linksys
 
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. 2022-04-27 not yet calculated CVE-2022-24372
MISC
MISC
MISC
solar — appscreener
 
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. 2022-04-28 not yet calculated CVE-2022-24449
MISC
MISC
apache — couchdb
 
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. 2022-04-26 not yet calculated CVE-2022-24706
MISC
MISC
MLIST
redis — redis
 
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24735
MISC
CONFIRM
MISC
MISC
redis — redis
 
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24736
MISC
CONFIRM
MISC
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 2022-04-25 not yet calculated CVE-2022-24792
MISC
CONFIRM
discourse — discourse-assign
 
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24866
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24873
MISC
MISC
CONFIRM
shopware — shopware Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24879
CONFIRM
MISC
MISC
tethik — tethik
 
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. 2022-04-25 not yet calculated CVE-2022-24880
MISC
MISC
MISC
CONFIRM
ballcat — ballcat
 
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. 2022-04-26 not yet calculated CVE-2022-24881
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24882
MISC
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 2022-04-26 not yet calculated CVE-2022-24883
MISC
CONFIRM
MISC
MISC
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24885
MISC
MISC
CONFIRM
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24886
MISC
MISC
CONFIRM
nextcloud — talk
 
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24887
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing n, r, t, and v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24888
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 2022-04-27 not yet calculated CVE-2022-24889
CONFIRM
MISC
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for “onsiteURL” in the **antisamy-esapi.xml** configuration file that can cause “javascript:” URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the “onsiteURL” regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers’ release notes and security bulletin. 2022-04-27 not yet calculated CVE-2022-24891
MISC
CONFIRM
MISC
shopware — shopware
 
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. 2022-04-28 not yet calculated CVE-2022-24892
MISC
MISC
CONFIRM
xwiki — xwiki
 
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-04-28 not yet calculated CVE-2022-24898
MISC
MISC
CONFIRM
piano_led — piano_led
 
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. 2022-04-29 not yet calculated CVE-2022-24900
MISC
CONFIRM
MISC
MISC
MISC
lexmark — multiple_products
 
Lexmark products through 2022-02-10 have Incorrect Access Control. 2022-04-28 not yet calculated CVE-2022-24935
MISC
MISC
tagify — tagify
 
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. 2022-04-29 not yet calculated CVE-2022-25854
CONFIRM
CONFIRM
CONFIRM
CONFIRM
czproject — czproject
 
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-25 not yet calculated CVE-2022-25866
CONFIRM
CONFIRM
CONFIRM
nextcloud — android
 
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. 2022-04-25 not yet calculated CVE-2022-26111
MISC
MISC
hoteldruid — hotel_management_software
 
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. 2022-04-26 not yet calculated CVE-2022-26564
MISC
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. 2022-04-25 not yet calculated CVE-2022-26596
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. 2022-04-25 not yet calculated CVE-2022-26597
MISC
element-plus — element-plus
 
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. 2022-04-25 not yet calculated CVE-2022-27103
MISC
MISC
MISC
adobe — xpdf
 
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. 2022-04-25 not yet calculated CVE-2022-27135
MISC
MISC
MISC
cifa-utils — cifa-utils
 
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. 2022-04-27 not yet calculated CVE-2022-27239
MISC
MISC
MISC
MISC
MISC
hms — hms
 
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. 2022-04-26 not yet calculated CVE-2022-27299
MISC
amro — amro
 
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. 2022-04-25 not yet calculated CVE-2022-27311
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. 2022-04-27 not yet calculated CVE-2022-27331
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-27332
MISC
seacms — seacms
 
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. 2022-04-27 not yet calculated CVE-2022-27336
MISC
mcms — mcms
 
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. 2022-04-22 not yet calculated CVE-2022-27340
MISC
MISC
tenda — tenda
 
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. 2022-04-25 not yet calculated CVE-2022-27374
MISC
tenda — tenda Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. 2022-04-25 not yet calculated CVE-2022-27375
MISC
gallerycms — gallerycms
 
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. 2022-04-25 not yet calculated CVE-2022-27428
MISC
jizhicms — jizhicms
 
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. 2022-04-25 not yet calculated CVE-2022-27429
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. 2022-04-26 not yet calculated CVE-2022-27468
MISC
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). 2022-04-26 not yet calculated CVE-2022-27469
MISC
MISC
wordpress — wordpress
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 2022-04-26 not yet calculated CVE-2022-27854
CONFIRM
CONFIRM
wordpress — shea_bunge_footer_text 
 
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. 2022-04-28 not yet calculated CVE-2022-27860
CONFIRM
CONFIRM
palantir — palantir
 
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. 2022-04-26 not yet calculated CVE-2022-27888
MISC
controlup — real-time_agent
 
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:) to exploit this. 2022-04-27 not yet calculated CVE-2022-27905
MISC
cuppacms — cuppacms
 
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. 2022-04-26 not yet calculated CVE-2022-27984
MISC
MISC
cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. 2022-04-26 not yet calculated CVE-2022-27985
MISC
MISC
typemill — typemill
 
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28053
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backendfile_controller.php. 2022-04-26 not yet calculated CVE-2022-28058
MISC
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backenddatabase_controller.php. 2022-04-26 not yet calculated CVE-2022-28059
MISC
MISC
victor_cms — victor_cms
 
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. 2022-04-28 not yet calculated CVE-2022-28060
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-28085
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28093
MISC
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. 2022-04-25 not yet calculated CVE-2022-28094
MISC
MISC
MISC
turtlapp — turtle_note
 
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. 2022-04-28 not yet calculated CVE-2022-28101
MISC
MISC
php — mysql_admin_panel_generator
 
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. 2022-04-28 not yet calculated CVE-2022-28102
MISC
MISC
dscms — dscms
 
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. 2022-04-28 not yet calculated CVE-2022-28114
MISC
navigate_cms — navigate_cms
 
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. 2022-04-28 not yet calculated CVE-2022-28117
MISC
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28193
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28194
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28195
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. 2022-04-27 not yet calculated CVE-2022-28196
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28197
MISC
nvidia — omniverse_nucleus_and_cache
 
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. 2022-04-29 not yet calculated CVE-2022-28198
MISC
ciphermail — webmail_messenger
 
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). 2022-04-26 not yet calculated CVE-2022-28218
MISC
MISC
MISC
wordpress — country_selector_plugin
 
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request 2022-04-25 not yet calculated CVE-2022-28290
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC
nopsolutions — nopcommerce nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. 2022-04-26 not yet calculated CVE-2022-28448
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. 2022-04-26 not yet calculated CVE-2022-28449
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. 2022-04-26 not yet calculated CVE-2022-28450
MISC
lms_red_planet_laundry_management_system — lms_red_planet_laundry_management_system
 
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. 2022-04-29 not yet calculated CVE-2022-28452
MISC
MISC
MISC
MISC
limbas — limbas
 
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28454
MISC
MISC
MISC
apifox — apifox
 
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. 2022-04-27 not yet calculated CVE-2022-28464
MISC
wbce — wbce
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28477
MISC
MISC
allmediaserver — allmediaserver
 
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. 2022-04-29 not yet calculated CVE-2022-28480
MISC
giflib — giflb
 
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. 2022-04-25 not yet calculated CVE-2022-28506
MISC
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. 2022-04-26 not yet calculated CVE-2022-28521
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. 2022-04-26 not yet calculated CVE-2022-28522
MISC
MISC
hongcms — hongcms
 
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. 2022-04-26 not yet calculated CVE-2022-28523
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. 2022-04-26 not yet calculated CVE-2022-28524
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. 2022-04-26 not yet calculated CVE-2022-28525
MISC
dhcms — dhcms
 
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. 2022-04-26 not yet calculated CVE-2022-28527
MISC
bloofox — bloofoxcms
 
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. 2022-04-26 not yet calculated CVE-2022-28528
MISC
hoosk — hoosk
 
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. 2022-04-25 not yet calculated CVE-2022-28586
MISC
qualys — assetview
 
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. 2022-04-28 not yet calculated CVE-2022-28719
MISC
MISC
f-secure — atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-04-25 not yet calculated CVE-2022-28871
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. 2022-04-28 not yet calculated CVE-2022-28892
MISC
greencms — greencms
 
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. 2022-04-26 not yet calculated CVE-2022-28918
MISC
smallsrv — smallsrv
 
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. 2022-04-29 not yet calculated CVE-2022-28994
MISC
rippled — rippled A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. 2022-04-25 not yet calculated CVE-2022-29077
MISC
MISC
MISC
ejs — ejs_for_node.js
 
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). 2022-04-25 not yet calculated CVE-2022-29078
MISC
MISC
zoho — manageengine_access_manager_plus
 
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. 2022-04-28 not yet calculated CVE-2022-29081
MISC
MISC
ericom — powerterm_webconnect
 
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. 2022-04-28 not yet calculated CVE-2022-29152
MISC
MISC
coreboot — coreboot
 
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. 2022-04-25 not yet calculated CVE-2022-29264
MISC
MISC
apache — nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC
wordpress — hermit_plugin
 
Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 2022-04-28 not yet calculated CVE-2022-29410
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). 2022-04-28 not yet calculated CVE-2022-29411
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 2022-04-28 not yet calculated CVE-2022-29412
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. 2022-04-28 not yet calculated CVE-2022-29413
CONFIRM
CONFIRM
wpkube — subscribe_to_comments_reloaded_plugin
 
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. 2022-04-29 not yet calculated CVE-2022-29414
CONFIRM
CONFIRM
wordpress — ravpage_plugin
 
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. 2022-04-28 not yet calculated CVE-2022-29415
CONFIRM
CONFIRM
wordpress — shortpixel_adaptive_images_plugin
 
Plugin Settings Update vulnerability in ShortPixel’s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. 2022-04-25 not yet calculated CVE-2022-29417
CONFIRM
CONFIRM
wordpress — night_mode_plugin
 
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 2022-04-25 not yet calculated CVE-2022-29418
CONFIRM
CONFIRM
wordpress — 3xsocializer_plugin
 
SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 2022-04-25 not yet calculated CVE-2022-29419
CONFIRM
CONFIRM
wordpress — rara_one_click_demo_import_plugin
 
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. 2022-04-29 not yet calculated CVE-2022-29451
CONFIRM
CONFIRM
mitel — mivoice_connect
 
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. 2022-04-26 not yet calculated CVE-2022-29499
CONFIRM
line_corporation — line_for_windows
 
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. 2022-04-27 not yet calculated CVE-2022-29505
MISC
htmlunit — nekohtml_parser HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. 2022-04-25 not yet calculated CVE-2022-29546
CONFIRM
northern.tech –mender_enterprise The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. 2022-04-28 not yet calculated CVE-2022-29555
MISC
MISC
northern.tech — mender_enterprise The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. 2022-04-28 not yet calculated CVE-2022-29556
MISC
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. 2022-04-28 not yet calculated CVE-2022-29584
MISC
MISC
mahara — mahara
 
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). 2022-04-28 not yet calculated CVE-2022-29585
MISC
MISC
universis — universis-api
 
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. 2022-04-25 not yet calculated CVE-2022-29603
MISC
MISC
zammad — zammad
 
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. 2022-04-27 not yet calculated CVE-2022-29700
MISC
zammad — zammad
 
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. 2022-04-27 not yet calculated CVE-2022-29701
MISC
zoneminder — zoneminder
 
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. 2022-04-26 not yet calculated CVE-2022-29806
MISC
MISC
MISC
MISC
hashicorp — go-getter
 
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. 2022-04-27 not yet calculated CVE-2022-29810
MISC
MISC
MISC
jetbrains — hub
 
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. 2022-04-28 not yet calculated CVE-2022-29811
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient 2022-04-28 not yet calculated CVE-2022-29812
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible 2022-04-28 not yet calculated CVE-2022-29813
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 2022-04-28 not yet calculated CVE-2022-29814
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible 2022-04-28 not yet calculated CVE-2022-29815
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible 2022-04-28 not yet calculated CVE-2022-29816
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible 2022-04-28 not yet calculated CVE-2022-29817
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed 2022-04-28 not yet calculated CVE-2022-29818
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29819
MISC
jetbrains — pycharm
 
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible 2022-04-28 not yet calculated CVE-2022-29820
MISC
jetbrains — rider
 
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29821
MISC
automation_anywhere — automation360_22
 
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. 2022-04-29 not yet calculated CVE-2022-29856
MISC
MISC
ambiot — amb1_sdk
 
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. 2022-04-27 not yet calculated CVE-2022-29859
MISC
cif-utils — cifs_utils
 
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. 2022-04-28 not yet calculated CVE-2022-29869
MISC
MISC
mdeiawiki — private_domains The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. 2022-04-29 not yet calculated CVE-2022-29903
MISC
MISC
mediawiki — semanticdrilldown
 
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain ‘-‘ and ‘_’ constraints. 2022-04-29 not yet calculated CVE-2022-29904
MISC
MISC
mediawiki — fanboxes
 
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. 2022-04-29 not yet calculated CVE-2022-29905
MISC
MISC
mediawiki — quizgame
 
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. 2022-04-29 not yet calculated CVE-2022-29906
MISC
MISC
mediawiki_nimbus_skin
 
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 2022-04-29 not yet calculated CVE-2022-29907
MISC
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29934
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29935
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29936
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29937
MISC
dji — aeroscope
 
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol. 2022-04-29 not yet calculated CVE-2022-29945
MISC
MISC
MISC
woodpecker — woodpecker
 
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. 2022-04-29 not yet calculated CVE-2022-29947
MISC
MISC
glewlwyd — glewlwyd
 
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. 2022-04-29 not yet calculated CVE-2022-29967
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of April 18, 2022

04/25/2022 06:37 AM EDT

Original release date: April 25, 2022 | Last revised: April 26, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. 2022-04-15 10 CVE-2022-26809
N/A
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809. 2022-04-15 9.3 CVE-2022-24492
N/A
microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability. 2022-04-15 9.3 CVE-2022-24532
N/A
cisco — ir510_operating_system Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 9 CVE-2022-20723
CISCO
MISC
microsoft — dynamics_365 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. 2022-04-15 9 CVE-2022-23259
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-24536
N/A
microsoft — windows_server_2016 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26811
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26812
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26813
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26815
N/A
microsoft — windows_server_2016 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26823
N/A
microsoft — windows_server_2016 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26824
N/A
microsoft — windows_server_2016 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829. 2022-04-15 9 CVE-2022-26825
N/A
microsoft — windows_10 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829. 2022-04-15 9 CVE-2022-26826
N/A
microsoft — windows_10 Remote Desktop Protocol Remote Code Execution Vulnerability. 2022-04-15 8.5 CVE-2022-24533
N/A
microsoft — windows_server_2012 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26814
N/A
microsoft — windows_server_2012 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26817
N/A
microsoft — windows_server_2012 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26818
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26819
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26820
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26821
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 8.5 CVE-2022-26822
N/A
microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826. 2022-04-15 8.5 CVE-2022-26829
N/A
cisco — cgr1000_compute_module Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 7.6 CVE-2022-20724
CISCO
MISC
microsoft — windows_10 Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. 2022-04-15 7.6 CVE-2022-22008
N/A
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. 2022-04-15 7.5 CVE-2021-44486
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution. 2022-04-15 7.5 CVE-2021-44496
MISC
MISC
MISC
wecul — nyron Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject ‘”> on the thes1 parameter. 2022-04-15 7.5 CVE-2022-23865
MISC
microsoft — windows_10 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability. 2022-04-15 7.5 CVE-2022-24487
N/A
microsoft — windows_10 Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497. 2022-04-15 7.5 CVE-2022-24491
N/A
microsoft — windows_10 Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491. 2022-04-15 7.5 CVE-2022-24497
N/A
php — pearweb pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. 2022-04-15 7.5 CVE-2022-27157
MISC
php — pearweb pearweb < 1.32 suffers from Deserialization of Untrusted Data. 2022-04-15 7.5 CVE-2022-27158
MISC
irzip_project — irzip Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. 2022-04-15 7.5 CVE-2022-28044
MISC
MISC
cisco — cgr1000_compute_module Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 7.2 CVE-2022-20727
CISCO
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 7.2 CVE-2022-26798
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802. 2022-04-15 7.2 CVE-2022-26803
N/A

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[]. 2022-04-18 6.8 CVE-2020-28602
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev(). 2022-04-18 6.8 CVE-2020-28603
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next(). 2022-04-18 6.8 CVE-2020-28604
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex(). 2022-04-18 6.8 CVE-2020-28605
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face(). 2022-04-18 6.8 CVE-2020-28606
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge(). 2022-04-18 6.8 CVE-2020-28607
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc(). 2022-04-18 6.8 CVE-2020-28608
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv(). 2022-04-18 6.8 CVE-2020-28609
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face(). 2022-04-18 6.8 CVE-2020-28610
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge(). 2022-04-18 6.8 CVE-2020-28611
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin(). 2022-04-18 6.8 CVE-2020-28612
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last(). 2022-04-18 6.8 CVE-2020-28613
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin(). 2022-04-18 6.8 CVE-2020-28614
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last(). 2022-04-18 6.8 CVE-2020-28615
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin(). 2022-04-18 6.8 CVE-2020-28616
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last(). 2022-04-18 6.8 CVE-2020-28617
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop(). 2022-04-18 6.8 CVE-2020-28618
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin(). 2022-04-18 6.8 CVE-2020-28619
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():. 2022-04-18 6.8 CVE-2020-28620
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge(). 2022-04-18 6.8 CVE-2020-28621
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface(). 2022-04-18 6.8 CVE-2020-28622
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin(). 2022-04-18 6.8 CVE-2020-28623
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of. 2022-04-18 6.8 CVE-2020-28624
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of. 2022-04-18 6.8 CVE-2020-28625
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume(). 2022-04-18 6.8 CVE-2020-28626
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects(). 2022-04-18 6.8 CVE-2020-28627
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin(). 2022-04-18 6.8 CVE-2020-28628
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev(). 2022-04-18 6.8 CVE-2020-28629
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext(). 2022-04-18 6.8 CVE-2020-28630
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source(). 2022-04-18 6.8 CVE-2020-28631
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface(). 2022-04-18 6.8 CVE-2020-28632
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev(). 2022-04-18 6.8 CVE-2020-28633
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next(). 2022-04-18 6.8 CVE-2020-28634
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet(). 2022-04-18 6.8 CVE-2020-28635
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet(). 2022-04-18 6.8 CVE-2020-35629
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex(). 2022-04-18 6.8 CVE-2020-35630
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle(). 2022-04-18 6.8 CVE-2020-35631
MISC
cgal — computational_geometry_algorithms_library Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of. 2022-04-18 6.8 CVE-2020-35632
MISC
microsoft — 365_apps Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901. 2022-04-15 6.8 CVE-2022-24473
N/A
microsoft — windows_server_2016 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785. 2022-04-15 6.8 CVE-2022-24490
N/A
microsoft — windows_10 Windows SMB Remote Code Execution Vulnerability. 2022-04-15 6.8 CVE-2022-24500
N/A
microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809. 2022-04-15 6.8 CVE-2022-24528
N/A
nothings — stb_image.h stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. 2022-04-15 6.8 CVE-2022-28042
MISC
MISC
stb_project — stb STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. 2022-04-15 6.8 CVE-2022-28048
MISC
MISC
chshcms — cscms Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. 2022-04-15 6.5 CVE-2022-27365
MISC
chshcms — cscms Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. 2022-04-15 6.5 CVE-2022-27366
MISC
chshcms — cscms Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. 2022-04-15 6.5 CVE-2022-27367
MISC
chshcms — cscms Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. 2022-04-15 6.5 CVE-2022-27368
MISC
chshcms — cscms Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. 2022-04-15 6.5 CVE-2022-27369
MISC
salesagility — suitecrm SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. 2022-04-15 6.5 CVE-2022-27474
MISC
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminemployee_delete.php. 2022-04-21 6.5 CVE-2022-28006
MISC
MISC
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component admincashadvance_delete.php. 2022-04-21 6.5 CVE-2022-28007
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminattendance_delete.php. 2022-04-21 6.5 CVE-2022-28008
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminattendance_delete.php. 2022-04-21 6.5 CVE-2022-28009
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminovertime_delete.php. 2022-04-21 6.5 CVE-2022-28010
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminschedule_delete.php. 2022-04-21 6.5 CVE-2022-28011
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminposition_delete.php. 2022-04-21 6.5 CVE-2022-28012
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminschedule_employee_edit.php. 2022-04-21 6.5 CVE-2022-28013
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminattendance_edit.php. 2022-04-21 6.5 CVE-2022-28014
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component admincashadvance_edit.php. 2022-04-21 6.5 CVE-2022-28015
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component admindeduction_edit.php. 2022-04-21 6.5 CVE-2022-28016
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminovertime_edit.php. 2022-04-21 6.5 CVE-2022-28017
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminschedule_edit.php. 2022-04-21 6.5 CVE-2022-28018
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminemployee_edit.php. 2022-04-21 6.5 CVE-2022-28019
MISC
attendance_and_payroll_system_project — attendance_and_payroll_system Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component adminposition_edit.php. 2022-04-21 6.5 CVE-2022-28020
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. 2022-04-15 6.4 CVE-2021-44488
MISC
digium — asterisk An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it’s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. 2022-04-15 6.4 CVE-2022-26499
MISC
MISC
MISC
yokogawa — b/m9000_vp Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server. 2022-04-15 5.8 CVE-2022-26034
MISC
MISC
microsoft — windows_10 Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. 2022-04-15 5.1 CVE-2022-21983
N/A
microsoft — windows_10 Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. 2022-04-15 5.1 CVE-2022-22009
N/A
microsoft — windows_10 Win32 File Enumeration Remote Code Execution Vulnerability. 2022-04-15 5.1 CVE-2022-24485
N/A
microsoft — windows_10 Windows Direct Show – Remote Code Execution Vulnerability. 2022-04-15 5.1 CVE-2022-24495
N/A
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. 2022-04-15 5 CVE-2021-44481
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. 2022-04-15 5 CVE-2021-44482
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. 2022-04-15 5 CVE-2021-44483
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 5 CVE-2021-44484
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 5 CVE-2021-44485
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 5 CVE-2021-44487
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a “- digs” subtraction. 2022-04-15 5 CVE-2021-44489
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a “- (digs < 1 ? 1 : digs)” subtraction. 2022-04-15 5 CVE-2021-44490
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs– calculation. 2022-04-15 5 CVE-2021-44491
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. 2022-04-15 5 CVE-2021-44492
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. 2022-04-15 5 CVE-2021-44493
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. 2022-04-15 5 CVE-2021-44494
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. 2022-04-15 5 CVE-2021-44495
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop. 2022-04-15 5 CVE-2021-44497
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. 2022-04-15 5 CVE-2021-44498
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. 2022-04-15 5 CVE-2021-44499
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. 2022-04-15 5 CVE-2021-44500
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. 2022-04-15 5 CVE-2021-44501
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. 2022-04-15 5 CVE-2021-44502
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault. 2022-04-15 5 CVE-2021-44503
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault. 2022-04-15 5 CVE-2021-44504
MISC
MISC
MISC
yottadb — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. 2022-04-15 5 CVE-2021-44505
MISC
MISC
MISC
yottadb — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. 2022-04-15 5 CVE-2021-44506
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. 2022-04-15 5 CVE-2021-44507
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 5 CVE-2021-44508
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. 2022-04-15 5 CVE-2021-44509
MISC
MISC
MISC
fisglobal — gt.m An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. 2022-04-15 5 CVE-2021-44510
MISC
MISC
MISC
cisco — cgr1000_compute_module Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 5 CVE-2022-20726
CISCO
digium — asterisk An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. 2022-04-15 5 CVE-2022-26498
MISC
MISC
MISC
hubzilla — hubzilla A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. 2022-04-15 5 CVE-2022-27257
MISC
MISC
plugin-planet — simple_ajax_chat Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 2022-04-15 5 CVE-2022-27849
CONFIRM
CONFIRM
microsoft — windows_10 Windows Kernel Information Disclosure Vulnerability. 2022-04-15 4.9 CVE-2022-24483
N/A
microsoft — windows_10 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. 2022-04-15 4.9 CVE-2022-24493
N/A
microsoft — windows_10 Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537. 2022-04-15 4.6 CVE-2022-23257
N/A
microsoft — windows_10 Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. 2022-04-15 4.6 CVE-2022-24474
N/A
microsoft — windows_10 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24479
N/A
microsoft — windows_10 Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. 2022-04-15 4.6 CVE-2022-24481
N/A
microsoft — windows_10 Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544. 2022-04-15 4.6 CVE-2022-24486
N/A
microsoft — windows_10 Windows Desktop Bridge Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24488
N/A
microsoft — windows_server_2016 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24489
N/A
microsoft — windows_10 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24494
N/A
microsoft — windows_10 Local Security Authority (LSA) Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24496
N/A
microsoft — windows_10 Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530. 2022-04-15 4.6 CVE-2022-24499
N/A
microsoft — visual_studio_2019 Visual Studio Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24513
N/A
microsoft — windows_10 Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481. 2022-04-15 4.6 CVE-2022-24521
N/A
microsoft — windows_10 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. 2022-04-15 4.6 CVE-2022-24527
N/A
microsoft — windows_10 Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499. 2022-04-15 4.6 CVE-2022-24530
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26786
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26787
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26789
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26790
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26791
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26792
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26793
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26794
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26795
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26796
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26797
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26802, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26801
N/A
microsoft — windows_10 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26803. 2022-04-15 4.6 CVE-2022-26802
N/A
microsoft — windows_10 Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540. 2022-04-15 4.4 CVE-2022-24482
N/A
yokogawa — b/m9000_vp OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. 2022-04-15 4.4 CVE-2022-27188
MISC
MISC
plantuml — plantuml XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see plantuml.com/de/running). 2022-04-15 4.3 CVE-2022-1231
MISC
CONFIRM
microsoft — on-premises_data_gateway Microsoft Power BI Spoofing Vulnerability. 2022-04-15 4.3 CVE-2022-23292
N/A
microsoft — malware_protection_engine Microsoft Defender Denial of Service Vulnerability. 2022-04-15 4.3 CVE-2022-24548
N/A
liferay — liferay_portal Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field’s help text to (1) Forms module’s form builder, or (2) App Builder module’s object form view’s form builder. 2022-04-15 4.3 CVE-2022-26594
MISC
MISC
hubzilla — hubzilla Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. 2022-04-15 4.3 CVE-2022-27258
MISC
MISC
plugin-planet — simple_ajax_chat Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. 2022-04-15 4.3 CVE-2022-27850
CONFIRM
CONFIRM
dineshkarki — use_any_font Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. 2022-04-15 4.3 CVE-2022-27851
CONFIRM
CONFIRM
wpchill — kb_support Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 2022-04-15 4.3 CVE-2022-27852
CONFIRM
CONFIRM
nothings — stb_image.h stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-04-15 4.3 CVE-2022-28041
MISC
MISC
f5 — njs NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. 2022-04-15 4.3 CVE-2022-28049
MISC
MISC
microsoft — windows_10 Windows iSCSI Target Service Information Disclosure Vulnerability. 2022-04-15 4 CVE-2022-24498
N/A
microsoft — windows_server_2012 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-26784. 2022-04-15 4 CVE-2022-24538
N/A

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wp_maintenance_project — wp_maintenance Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs. 2022-04-15 3.5 CVE-2021-36828
CONFIRM
CONFIRM
microsoft — sharepoint_foundation Microsoft SharePoint Server Spoofing Vulnerability. 2022-04-15 3.5 CVE-2022-24472
N/A
microsoft — windows_11 Windows Hyper-V Denial of Service Vulnerability. 2022-04-15 2.1 CVE-2022-23268
N/A
microsoft — windows_server_2012 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24538, CVE-2022-26784. 2022-04-15 2.1 CVE-2022-24484
N/A

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wordpress — wordpress
 
A flaw exists in WordPress related to the ‘wp-admin/press-this.php ‘script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publish_posts’ permission. 2022-04-18 not yet calculated CVE-2011-1762
MISC
linux — linux_kernel
 
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. 2022-04-18 not yet calculated CVE-2011-4917
MISC
MISC
pam_tacplus.c — pam_tacplus
 
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. 2022-04-21 not yet calculated CVE-2016-20014
MISC
pixar — pixar_openusd
 
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file. 2022-04-18 not yet calculated CVE-2020-13495
MISC
phpgacl — phpgacl
 
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-18 not yet calculated CVE-2020-13567
MISC
rukovoditel — rukovoditel_project_management_app
 
Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery. 2022-04-18 not yet calculated CVE-2020-13590
MISC
xiaomi — mi_browser
 
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this. 2022-04-21 not yet calculated CVE-2020-14116
MISC
xiaomi — xiaomi_content_ center_app A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP. 2022-04-21 not yet calculated CVE-2020-14117
MISC
xiaomi — mi-app-store
 
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps. 2022-04-21 not yet calculated CVE-2020-14118
MISC
xiaomi — xiaomi
 
Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected. 2022-04-21 not yet calculated CVE-2020-14120
MISC
xiaomi — mi_app_store
 
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation. 2022-04-21 not yet calculated CVE-2020-14121
MISC
xiaomi — xiaomi
 
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage. 2022-04-21 not yet calculated CVE-2020-14122
MISC
xiaomi — miui_services There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges. 2022-04-22 not yet calculated CVE-2020-14123
MISC
pi_system — pi_processbook A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. 2022-04-18 not yet calculated CVE-2020-25163
CONFIRM
osisoft — pi_vision_2020 OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. 2022-04-18 not yet calculated CVE-2020-25167
CONFIRM
graphisoft — graphisoft_bimx_desktop_viewer An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-18 not yet calculated CVE-2020-6099
MISC
wildfly — wildfly_elytron A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. 2022-04-18 not yet calculated CVE-2021-20324
MISC
ibm — cognos_analytics_powerplay IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 not yet calculated CVE-2021-20464
CONFIRM
XF
nginx — nginx_ingress_controller On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-04-21 not yet calculated CVE-2021-23055
MISC
eaton — eaton_intelligent_power_protector Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. 2022-04-19 not yet calculated CVE-2021-23283
MISC
eaton — intelligent_power_manager_infrastructure Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. 2022-04-18 not yet calculated CVE-2021-23284
MISC
MISC
eaton — intelligent_power_manager_infrastructure Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. 2022-04-18 not yet calculated CVE-2021-23285
MISC
MISC
eaton — intelligent_power_manager_infrastructure Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. 2022-04-18 not yet calculated CVE-2021-23286
MISC
MISC
wordpress — easy_social_feed_free The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues 2022-04-18 not yet calculated CVE-2021-25120
MISC
nexacro — nexacro_17 Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. 2022-04-19 not yet calculated CVE-2021-26625
MISC
tobesoft — xplatform Improper input validation vulnerability in XPLATFORM’s execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. 2022-04-19 not yet calculated CVE-2021-26626
MISC
edrhyme — qcp_200w Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image. 2022-04-19 not yet calculated CVE-2021-26627
MISC
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 not yet calculated CVE-2021-29824
CONFIRM
XF
apache — log4j
 
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-12 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. 2022-04-19 not yet calculated CVE-2021-3100
MISC
MISC
MISC
linux — linux
 
Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container. 2022-04-19 not yet calculated CVE-2021-3101
MISC
MISC
uffizio — gps_tracker An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker. 2022-04-22 not yet calculated CVE-2021-32927
CONFIRM
uffizio — gps_tracker All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user. 2022-04-22 not yet calculated CVE-2021-32929
CONFIRM
wildfly — rbac A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. 2022-04-18 not yet calculated CVE-2021-3503
MISC
MISC
dynatrace — database_performance_monitor Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query 2022-04-21 not yet calculated CVE-2021-35229
MISC
MISC
sct — sct/sct_pro A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote unauthenticated attacker to identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. This issue affects all versions of SCT/SCT Pro prior to version 14.2.2. 2022-04-22 not yet calculated CVE-2021-36203
CERT
CONFIRM
johnson_controls — metasys_ads_adx_oas_servers Under certain circumstances the session token is not cleared on logout. 2022-04-15 not yet calculated CVE-2021-36205
CERT
CONFIRM
dcraw — dcraw
 
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim’s system. 2022-04-18 not yet calculated CVE-2021-3624
MISC
389_ds_base — 389_ds_base
 
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled. 2022-04-18 not yet calculated CVE-2021-3652
MISC
MISC
galaxy — ansible_galaxy_collections A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the “build_ignore“ list in “galaxy.yml” include files in the “.tar.gz“ file. This contains sensitive info, such as the user’s Ansible Galaxy API key and any secrets in “ansible“ or “ansible-playbook“ verbose output without the“no_log“ redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets. 2022-04-18