Vulnerability Summary for the Week of April 25, 2022

05/02/2022 06:16 AM EDT

Original release date: May 2, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jfinalcms_project — jfinalcms JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. 2022-04-22 7.5 CVE-2022-27341
MISC
link-admin_project — link-admin Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). 2022-04-22 7.5 CVE-2022-27342
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. 2022-04-22 6.8 CVE-2021-38886
XF
CONFIRM
pimcore — pimcore SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 2022-04-22 5 CVE-2022-1429
MISC
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. 2022-04-22 4.3 CVE-2021-38904
XF
CONFIRM
microweber — microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. 2022-04-22 4.3 CVE-2022-1439
CONFIRM
MISC
crypt-server_project — crypt-server Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. 2022-04-22 4.3 CVE-2022-29589
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 4 CVE-2021-20464
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 4 CVE-2021-29824
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. 2022-04-22 4 CVE-2021-38905
XF
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. 2022-04-22 3.5 CVE-2021-38903
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. 2022-04-22 3.5 CVE-2021-38946
CONFIRM
XF

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
artifex — ghostscript
 
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC
wordpress — tatsu_wordpress_plugin
 
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC
wordpress– english_wordpress_admin_wordpress_plugin
 
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC
sophos — authenticator_for_android
 
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM
maxboard — maxboard
 
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC
tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’. 2022-04-26 not yet calculated CVE-2021-26629
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF
nomachine — nomachine_for_windows
 
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM
bender/ebee — cc612
 
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM
3scale — apicast
 
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC
solarwinds — serv-u
 
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC
metasys — ads/adx/oas
 
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM
veryfixpro — veryfixpro
 
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC
wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM
tripetto — tripetto_plugin
 
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM
motorola — multiple_products
 
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC
ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF
lenovo — lenovovariable_smi_handler
 
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC
red_hat — gnome-shell
 
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC
artica — proxy
 
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC
eclipse — openj9
 
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM
novelplus — novel-plus
 
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC
magic_cms_msvod — magic_cms_msvod
 
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC
encode– oss_httpx
 
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms — subrion_cms
 
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC
pingidentity — pingid_windows_login
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid_adnroid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid_ios
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
pingidentity — pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC
lenovo — nvme_driver
 
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC
lenovo — smbios_event_log_driver
 
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC
lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC
wordpress — sp_project_&_document_manager_wordpress_plugin
 
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC
elcomplus — smartptt
 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 2022-04-28 not yet calculated CVE-2021-43932
CONFIRM
elcomplus — smartptt

 

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. 2022-04-28 not yet calculated CVE-2021-43934
CONFIRM
elcomplus — smartptt_scada_server
 
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. 2022-04-29 not yet calculated CVE-2021-43937
CONFIRM
elcomplus — smartptt_scada_server

 

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. 2022-04-29 not yet calculated CVE-2021-43938
CONFIRM
elcomplus — smartptt_scada
 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 2022-04-28 not yet calculated CVE-2021-43939
CONFIRM
wondershare — dr._fone
 
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 2022-04-29 not yet calculated CVE-2021-44595
MISC
MISC
MISC
wondershare — dr._fone Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 2022-04-29 not yet calculated CVE-2021-44596
MISC
MISC
MISC
terramaster — terramaster
 
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 2022-04-25 not yet calculated CVE-2021-45836
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. 2022-04-25 not yet calculated CVE-2021-45837
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45839
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. 2022-04-25 not yet calculated CVE-2021-45840
MISC
terramaster — terramaster
 
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 2022-04-25 not yet calculated CVE-2021-45841
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45842
MISC
franklin_fueling_systems — ts-550_evo
 
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46420
MISC
franklin_fueling_systems — t5_series
 
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46421
MISC
telesquare — sdt-cw3b1 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. 2022-04-27 not yet calculated CVE-2021-46422
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 2022-04-27 not yet calculated CVE-2021-46423
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. 2022-04-27 not yet calculated CVE-2021-46424
MISC
d-link — dir-825_g1
 
In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 2022-04-27 not yet calculated CVE-2021-46441
MISC
MISC
D-Link DIR-825 G1
 
In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. 2022-04-27 not yet calculated CVE-2021-46442
MISC
MISC
wordpress — easy_google_maps_wordpress_plugin
 
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46780
MISC
wordpress — supsystic_wordpress_plugin
 
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46781
MISC
wordpress — supsystic_wordpress_plugin
 
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46782
MISC
lenovo — pcmanager
 
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 2022-04-22 not yet calculated CVE-2022-0192
MISC
wordpress — mycred_wordpress_plugin
 
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog 2022-04-25 not yet calculated CVE-2022-0287
MISC
lenovo — system_update
 
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 2022-04-22 not yet calculated CVE-2022-0354
MISC
MISC
wordpress — mycred_wordpress_lugin
 
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. 2022-04-25 not yet calculated CVE-2022-0363
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 2022-04-25 not yet calculated CVE-2022-0398
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 2022-04-25 not yet calculated CVE-2022-0477
MISC
CONFIRM
wordpress — flo-launch_wordpress_plugin
 
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. 2022-04-25 not yet calculated CVE-2022-0541
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. 2022-04-25 not yet calculated CVE-2022-0634
MISC
lenovo — thin_installer
 
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 2022-04-22 not yet calculated CVE-2022-0636
MISC
wordpress — web_to_print_shop_udraw_wordpress_plugin
 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) 2022-04-25 not yet calculated CVE-2022-0656
MISC
wordpress — 5_stars_rating_funnel_wordpress_plugin
 
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. 2022-04-25 not yet calculated CVE-2022-0657
MISC
wordpress — master_elements_wordpress_plugin
 
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0693
MISC
wordpress — users_ultra_wordpress_plugin
 
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. 2022-04-25 not yet calculated CVE-2022-0769
MISC
wordpress — donations_wordpress_plugin
 
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0782
MISC
wordpress — wpdevart_wordpress_plugin
 
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-0876
MISC
wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters 2022-04-25 not yet calculated CVE-2022-0953
MISC
linux — linux
 
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 2022-04-29 not yet calculated CVE-2022-0984
MISC
linux — linux
 
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. 2022-04-29 not yet calculated CVE-2022-0985
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 2022-04-29 not yet calculated CVE-2022-1015
MISC
MISC
MISC
wordpress — page_restriction_wordpress_plugin
 
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. 2022-04-25 not yet calculated CVE-2022-1027
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
wordpress — mycred_plugin
 
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog 2022-04-25 not yet calculated CVE-2022-1092
MISC
wordpress — wordpress
 
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1094
MISC
lenovo — thinkpad
 
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 2022-04-22 not yet calculated CVE-2022-1107
MISC
lenovo — thinkpad
 
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2022-1108
MISC
imagemagicks — relinquishdcminfo
 
A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. 2022-04-29 not yet calculated CVE-2022-1114
MISC
wordpress — menubar_plugin
 
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2022-1152
MISC
wordpress — layerslider_plugin
 
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-1153
MISC
wordpress — books_and_papers_plugin
 
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1156
MISC
getgrav — grav
 
stored xss in GitHub repository getgrav/grav prior to 1.7.33. 2022-04-26 not yet calculated CVE-2022-1173
MISC
CONFIRM
linux — linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
podman — podman
 
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. 2022-04-29 not yet calculated CVE-2022-1227
MISC
MISC
wordpress — opensea_plugin
 
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-25 not yet calculated CVE-2022-1228
MISC
linux — linux
 
A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. 2022-04-29 not yet calculated CVE-2022-1249
MISC
linux — linux_kernel
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
wordpress — admin_word_count_column
 
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique 2022-04-25 not yet calculated CVE-2022-1390
MISC
MISC
wordpress — cab_fare_calculator_plugin
 
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. 2022-04-25 not yet calculated CVE-2022-1391
MISC
MISC
wordpress — videos_sync_pdf_plugin
 
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 2022-04-25 not yet calculated CVE-2022-1392
MISC
MISC
wordpress — donorbox_plugin
 
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1396
MISC
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-04-29 not yet calculated CVE-2022-1402
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 2022-04-29 not yet calculated CVE-2022-1403
MISC
mruby — mruby
 
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 2022-04-23 not yet calculated CVE-2022-1427
CONFIRM
MISC
yarkeev — yarkeev
 
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. 2022-04-22 not yet calculated CVE-2022-1440
MISC
CONFIRM
gpac — gpac
 
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 2022-04-25 not yet calculated CVE-2022-1441
MISC
MISC
radareorg — radare2
 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 2022-04-23 not yet calculated CVE-2022-1444
CONFIRM
MISC
snipe — snipe-it
 
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-24 not yet calculated CVE-2022-1445
MISC
CONFIRM
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1451
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1452
CONFIRM
MISC
facturascripts — facturascripts
 
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-25 not yet calculated CVE-2022-1457
CONFIRM
MISC
openemr — openemr
 
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1458
MISC
CONFIRM
openemr — openemr
 
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1459
MISC
CONFIRM
openemr — openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1461
MISC
CONFIRM
getsimple — content_management_system
 
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 2022-04-26 not yet calculated CVE-2022-1466
MISC
MISC
MISC
getsimple — content_management_system A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. 2022-04-27 not yet calculated CVE-2022-1503
MISC
MISC
microweber — microweber
 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 2022-04-27 not yet calculated CVE-2022-1504
CONFIRM
MISC
chafa — chafa
 
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 2022-04-27 not yet calculated CVE-2022-1507
MISC
CONFIRM
hestiacp — hestiacp
 
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. 2022-04-28 not yet calculated CVE-2022-1509
CONFIRM
MISC
snipe — snipe-it
 
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. 2022-04-28 not yet calculated CVE-2022-1511
CONFIRM
MISC
facturascripts — facturascripts
 
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-28 not yet calculated CVE-2022-1514
MISC
CONFIRM
emlog — emlog_pro
 
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1526
MISC
MISC
livehelperchat — livehelperchat
 
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 2022-04-29 not yet calculated CVE-2022-1530
MISC
CONFIRM
rtx — rtx
 
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. 2022-04-29 not yet calculated CVE-2022-1531
MISC
CONFIRM
libmobi — libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. 2022-04-29 not yet calculated CVE-2022-1533
CONFIRM
MISC
libmobi — libmobi
 
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. 2022-04-29 not yet calculated CVE-2022-1534
MISC
CONFIRM
automad — automad
 
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(“home”)</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1536
N/A
N/A
scoold — scoold
 
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. 2022-04-29 not yet calculated CVE-2022-1543
CONFIRM
MISC
sonicwall — sonicos
 
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. 2022-04-27 not yet calculated CVE-2022-22275
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. 2022-04-27 not yet calculated CVE-2022-22276
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. 2022-04-27 not yet calculated CVE-2022-22277
CONFIRM
sonicwall — sonicos_cfs
 
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack 2022-04-27 not yet calculated CVE-2022-22278
CONFIRM
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. 2022-04-27 not yet calculated CVE-2022-22312
CONFIRM
XF
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. 2022-04-27 not yet calculated CVE-2022-22315
CONFIRM
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. 2022-04-28 not yet calculated CVE-2022-22322
CONFIRM
XF
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. 2022-04-27 not yet calculated CVE-2022-22323
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. 2022-04-27 not yet calculated CVE-2022-22345
XF
CONFIRM
ibm — planning_analytics_local
 
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. 2022-04-25 not yet calculated CVE-2022-22392
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. 2022-04-28 not yet calculated CVE-2022-22427
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. 2022-04-28 not yet calculated CVE-2022-22441
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. 2022-04-28 not yet calculated CVE-2022-22443
XF
CONFIRM
miele — benchmark_programming_tool
 
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. 2022-04-27 not yet calculated CVE-2022-22521
MISC
FULLDISC
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. 2022-04-28 not yet calculated CVE-2022-22781
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. 2022-04-28 not yet calculated CVE-2022-22782
MISC
zoom — on-premise_meeting_connector_controller
 
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. 2022-04-28 not yet calculated CVE-2022-22783
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one’s own implementation of the Validator interface. However, maintainers do not recommend this. 2022-04-25 not yet calculated CVE-2022-23457
MISC
MISC
CONFIRM
xilinx — xilinx
 
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. 2022-04-27 not yet calculated CVE-2022-23822
MISC
MISC
apache — doris
 
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. 2022-04-26 not yet calculated CVE-2022-23942
CONFIRM
MLIST
MLIST
linysys — linksys
 
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. 2022-04-27 not yet calculated CVE-2022-24372
MISC
MISC
MISC
solar — appscreener
 
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. 2022-04-28 not yet calculated CVE-2022-24449
MISC
MISC
apache — couchdb
 
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. 2022-04-26 not yet calculated CVE-2022-24706
MISC
MISC
MLIST
redis — redis
 
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24735
MISC
CONFIRM
MISC
MISC
redis — redis
 
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24736
MISC
CONFIRM
MISC
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 2022-04-25 not yet calculated CVE-2022-24792
MISC
CONFIRM
discourse — discourse-assign
 
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24866
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24873
MISC
MISC
CONFIRM
shopware — shopware Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24879
CONFIRM
MISC
MISC
tethik — tethik
 
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. 2022-04-25 not yet calculated CVE-2022-24880
MISC
MISC
MISC
CONFIRM
ballcat — ballcat
 
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. 2022-04-26 not yet calculated CVE-2022-24881
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24882
MISC
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 2022-04-26 not yet calculated CVE-2022-24883
MISC
CONFIRM
MISC
MISC
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24885
MISC
MISC
CONFIRM
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24886
MISC
MISC
CONFIRM
nextcloud — talk
 
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24887
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing n, r, t, and v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24888
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 2022-04-27 not yet calculated CVE-2022-24889
CONFIRM
MISC
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for “onsiteURL” in the **antisamy-esapi.xml** configuration file that can cause “javascript:” URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the “onsiteURL” regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers’ release notes and security bulletin. 2022-04-27 not yet calculated CVE-2022-24891
MISC
CONFIRM
MISC
shopware — shopware
 
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. 2022-04-28 not yet calculated CVE-2022-24892
MISC
MISC
CONFIRM
xwiki — xwiki
 
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-04-28 not yet calculated CVE-2022-24898
MISC
MISC
CONFIRM
piano_led — piano_led
 
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. 2022-04-29 not yet calculated CVE-2022-24900
MISC
CONFIRM
MISC
MISC
MISC
lexmark — multiple_products
 
Lexmark products through 2022-02-10 have Incorrect Access Control. 2022-04-28 not yet calculated CVE-2022-24935
MISC
MISC
tagify — tagify
 
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. 2022-04-29 not yet calculated CVE-2022-25854
CONFIRM
CONFIRM
CONFIRM
CONFIRM
czproject — czproject
 
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-25 not yet calculated CVE-2022-25866
CONFIRM
CONFIRM
CONFIRM
nextcloud — android
 
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. 2022-04-25 not yet calculated CVE-2022-26111
MISC
MISC
hoteldruid — hotel_management_software
 
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. 2022-04-26 not yet calculated CVE-2022-26564
MISC
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. 2022-04-25 not yet calculated CVE-2022-26596
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. 2022-04-25 not yet calculated CVE-2022-26597
MISC
element-plus — element-plus
 
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. 2022-04-25 not yet calculated CVE-2022-27103
MISC
MISC
MISC
adobe — xpdf
 
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. 2022-04-25 not yet calculated CVE-2022-27135
MISC
MISC
MISC
cifa-utils — cifa-utils
 
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. 2022-04-27 not yet calculated CVE-2022-27239
MISC
MISC
MISC
MISC
MISC
hms — hms
 
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. 2022-04-26 not yet calculated CVE-2022-27299
MISC
amro — amro
 
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. 2022-04-25 not yet calculated CVE-2022-27311
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. 2022-04-27 not yet calculated CVE-2022-27331
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-27332
MISC
seacms — seacms
 
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. 2022-04-27 not yet calculated CVE-2022-27336
MISC
mcms — mcms
 
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. 2022-04-22 not yet calculated CVE-2022-27340
MISC
MISC
tenda — tenda
 
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. 2022-04-25 not yet calculated CVE-2022-27374
MISC
tenda — tenda Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. 2022-04-25 not yet calculated CVE-2022-27375
MISC
gallerycms — gallerycms
 
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. 2022-04-25 not yet calculated CVE-2022-27428
MISC
jizhicms — jizhicms
 
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. 2022-04-25 not yet calculated CVE-2022-27429
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. 2022-04-26 not yet calculated CVE-2022-27468
MISC
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). 2022-04-26 not yet calculated CVE-2022-27469
MISC
MISC
wordpress — wordpress
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 2022-04-26 not yet calculated CVE-2022-27854
CONFIRM
CONFIRM
wordpress — shea_bunge_footer_text 
 
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. 2022-04-28 not yet calculated CVE-2022-27860
CONFIRM
CONFIRM
palantir — palantir
 
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. 2022-04-26 not yet calculated CVE-2022-27888
MISC
controlup — real-time_agent
 
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:) to exploit this. 2022-04-27 not yet calculated CVE-2022-27905
MISC
cuppacms — cuppacms
 
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. 2022-04-26 not yet calculated CVE-2022-27984
MISC
MISC
cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. 2022-04-26 not yet calculated CVE-2022-27985
MISC
MISC
typemill — typemill
 
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28053
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backendfile_controller.php. 2022-04-26 not yet calculated CVE-2022-28058
MISC
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backenddatabase_controller.php. 2022-04-26 not yet calculated CVE-2022-28059
MISC
MISC
victor_cms — victor_cms
 
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. 2022-04-28 not yet calculated CVE-2022-28060
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-28085
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28093
MISC
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. 2022-04-25 not yet calculated CVE-2022-28094
MISC
MISC
MISC
turtlapp — turtle_note
 
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. 2022-04-28 not yet calculated CVE-2022-28101
MISC
MISC
php — mysql_admin_panel_generator
 
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. 2022-04-28 not yet calculated CVE-2022-28102
MISC
MISC
dscms — dscms
 
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. 2022-04-28 not yet calculated CVE-2022-28114
MISC
navigate_cms — navigate_cms
 
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. 2022-04-28 not yet calculated CVE-2022-28117
MISC
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28193
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28194
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28195
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. 2022-04-27 not yet calculated CVE-2022-28196
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28197
MISC
nvidia — omniverse_nucleus_and_cache
 
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. 2022-04-29 not yet calculated CVE-2022-28198
MISC
ciphermail — webmail_messenger
 
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). 2022-04-26 not yet calculated CVE-2022-28218
MISC
MISC
MISC
wordpress — country_selector_plugin
 
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request 2022-04-25 not yet calculated CVE-2022-28290
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC
nopsolutions — nopcommerce nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. 2022-04-26 not yet calculated CVE-2022-28448
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. 2022-04-26 not yet calculated CVE-2022-28449
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. 2022-04-26 not yet calculated CVE-2022-28450
MISC
lms_red_planet_laundry_management_system — lms_red_planet_laundry_management_system
 
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. 2022-04-29 not yet calculated CVE-2022-28452
MISC
MISC
MISC
MISC
limbas — limbas
 
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28454
MISC
MISC
MISC
apifox — apifox
 
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. 2022-04-27 not yet calculated CVE-2022-28464
MISC
wbce — wbce
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28477
MISC
MISC
allmediaserver — allmediaserver
 
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. 2022-04-29 not yet calculated CVE-2022-28480
MISC
giflib — giflb
 
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. 2022-04-25 not yet calculated CVE-2022-28506
MISC
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. 2022-04-26 not yet calculated CVE-2022-28521
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. 2022-04-26 not yet calculated CVE-2022-28522
MISC
MISC
hongcms — hongcms
 
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. 2022-04-26 not yet calculated CVE-2022-28523
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. 2022-04-26 not yet calculated CVE-2022-28524
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. 2022-04-26 not yet calculated CVE-2022-28525
MISC
dhcms — dhcms
 
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. 2022-04-26 not yet calculated CVE-2022-28527
MISC
bloofox — bloofoxcms
 
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. 2022-04-26 not yet calculated CVE-2022-28528
MISC
hoosk — hoosk
 
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. 2022-04-25 not yet calculated CVE-2022-28586
MISC
qualys — assetview
 
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. 2022-04-28 not yet calculated CVE-2022-28719
MISC
MISC
f-secure — atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-04-25 not yet calculated CVE-2022-28871
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. 2022-04-28 not yet calculated CVE-2022-28892
MISC
greencms — greencms
 
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. 2022-04-26 not yet calculated CVE-2022-28918
MISC
smallsrv — smallsrv
 
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. 2022-04-29 not yet calculated CVE-2022-28994
MISC
rippled — rippled A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. 2022-04-25 not yet calculated CVE-2022-29077
MISC
MISC
MISC
ejs — ejs_for_node.js
 
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). 2022-04-25 not yet calculated CVE-2022-29078
MISC
MISC
zoho — manageengine_access_manager_plus
 
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. 2022-04-28 not yet calculated CVE-2022-29081
MISC
MISC
ericom — powerterm_webconnect
 
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. 2022-04-28 not yet calculated CVE-2022-29152
MISC
MISC
coreboot — coreboot
 
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. 2022-04-25 not yet calculated CVE-2022-29264
MISC
MISC
apache — nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC
wordpress — hermit_plugin
 
Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 2022-04-28 not yet calculated CVE-2022-29410
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). 2022-04-28 not yet calculated CVE-2022-29411
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 2022-04-28 not yet calculated CVE-2022-29412
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. 2022-04-28 not yet calculated CVE-2022-29413
CONFIRM
CONFIRM
wpkube — subscribe_to_comments_reloaded_plugin
 
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. 2022-04-29 not yet calculated CVE-2022-29414
CONFIRM
CONFIRM
wordpress — ravpage_plugin
 
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. 2022-04-28 not yet calculated CVE-2022-29415
CONFIRM
CONFIRM
wordpress — shortpixel_adaptive_images_plugin
 
Plugin Settings Update vulnerability in ShortPixel’s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. 2022-04-25 not yet calculated CVE-2022-29417
CONFIRM
CONFIRM
wordpress — night_mode_plugin
 
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 2022-04-25 not yet calculated CVE-2022-29418
CONFIRM
CONFIRM
wordpress — 3xsocializer_plugin
 
SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 2022-04-25 not yet calculated CVE-2022-29419
CONFIRM
CONFIRM
wordpress — rara_one_click_demo_import_plugin
 
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. 2022-04-29 not yet calculated CVE-2022-29451
CONFIRM
CONFIRM
mitel — mivoice_connect
 
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. 2022-04-26 not yet calculated CVE-2022-29499
CONFIRM
line_corporation — line_for_windows
 
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. 2022-04-27 not yet calculated CVE-2022-29505
MISC
htmlunit — nekohtml_parser HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. 2022-04-25 not yet calculated CVE-2022-29546
CONFIRM
northern.tech –mender_enterprise The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. 2022-04-28 not yet calculated CVE-2022-29555
MISC
MISC
northern.tech — mender_enterprise The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. 2022-04-28 not yet calculated CVE-2022-29556
MISC
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. 2022-04-28 not yet calculated CVE-2022-29584
MISC
MISC
mahara — mahara
 
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). 2022-04-28 not yet calculated CVE-2022-29585
MISC
MISC
universis — universis-api
 
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. 2022-04-25 not yet calculated CVE-2022-29603
MISC
MISC
zammad — zammad
 
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. 2022-04-27 not yet calculated CVE-2022-29700
MISC
zammad — zammad
 
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. 2022-04-27 not yet calculated CVE-2022-29701
MISC
zoneminder — zoneminder
 
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. 2022-04-26 not yet calculated CVE-2022-29806
MISC
MISC
MISC
MISC
hashicorp — go-getter
 
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. 2022-04-27 not yet calculated CVE-2022-29810
MISC
MISC
MISC
jetbrains — hub
 
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. 2022-04-28 not yet calculated CVE-2022-29811
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient 2022-04-28 not yet calculated CVE-2022-29812
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible 2022-04-28 not yet calculated CVE-2022-29813
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 2022-04-28 not yet calculated CVE-2022-29814
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible 2022-04-28 not yet calculated CVE-2022-29815
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible 2022-04-28 not yet calculated CVE-2022-29816
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible 2022-04-28 not yet calculated CVE-2022-29817
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed 2022-04-28 not yet calculated CVE-2022-29818
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29819
MISC
jetbrains — pycharm
 
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible 2022-04-28 not yet calculated CVE-2022-29820
MISC
jetbrains — rider
 
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29821
MISC
automation_anywhere — automation360_22
 
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. 2022-04-29 not yet calculated CVE-2022-29856
MISC
MISC
ambiot — amb1_sdk
 
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. 2022-04-27 not yet calculated CVE-2022-29859
MISC
cif-utils — cifs_utils
 
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. 2022-04-28 not yet calculated CVE-2022-29869
MISC
MISC
mdeiawiki — private_domains The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. 2022-04-29 not yet calculated CVE-2022-29903
MISC
MISC
mediawiki — semanticdrilldown
 
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain ‘-‘ and ‘_’ constraints. 2022-04-29 not yet calculated CVE-2022-29904
MISC
MISC
mediawiki — fanboxes
 
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. 2022-04-29 not yet calculated CVE-2022-29905
MISC
MISC
mediawiki — quizgame
 
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. 2022-04-29 not yet calculated CVE-2022-29906
MISC
MISC
mediawiki_nimbus_skin
 
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 2022-04-29 not yet calculated CVE-2022-29907
MISC
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29934
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29935
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29936
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29937
MISC
dji — aeroscope
 
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol. 2022-04-29 not yet calculated CVE-2022-29945
MISC
MISC
MISC
woodpecker — woodpecker
 
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. 2022-04-29 not yet calculated CVE-2022-29947
MISC
MISC
glewlwyd — glewlwyd
 
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. 2022-04-29 not yet calculated CVE-2022-29967
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of March 7, 2022

03/14/2022 01:00 PM EDT

Original release date: March 14, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
a3rev — page_view_count The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks 2022-03-07 7.5 CVE-2022-0434
MISC
bitdefender — antivirus_plus Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. 2022-03-07 7.2 CVE-2021-4199
CONFIRM
MISC
calibre-web_project — calibre-web Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. 2022-03-07 7.5 CVE-2022-0766
CONFIRM
MISC
dlink — dir-859_firmware D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2022-03-04 7.1 CVE-2022-25106
MISC
MISC
MISC
genieacs — genieacs In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. 2022-03-06 7.5 CVE-2021-46704
MISC
MISC
linux — linux_kernel A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. 2022-03-10 7.2 CVE-2022-0847
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “virt_ext” field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. 2022-03-04 7.2 CVE-2021-3656
MISC
MISC
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations. 2022-03-08 7.5 CVE-2022-26314
CONFIRM
mi — ax3600_firmware A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. 2022-03-10 7.2 CVE-2020-14111
MISC
mi — ax3600_firmware A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. 2022-03-10 10 CVE-2020-14115
MISC
mingsoft — mcms gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${“freemarker.template.utility.Execute”?new()(“calc”)}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. 2022-03-04 7.5 CVE-2021-46384
MISC
network_block_device_project — network_block_device In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. 2022-03-06 7.5 CVE-2022-26496
MISC
MISC
MISC
network_block_device_project — network_block_device In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. 2022-03-06 7.5 CVE-2022-26495
MISC
MISC
MLIST
part-db_project — part-db OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. 2022-03-04 10 CVE-2022-0848
CONFIRM
MISC
MISC
pytorchlightning — pytorch_lightning Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. 2022-03-05 10 CVE-2022-0845
CONFIRM
MISC
secomea — gatemanager This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. 2022-03-04 8.5 CVE-2021-32008
MISC
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. 2022-03-08 7.5 CVE-2021-42019
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. 2022-03-08 7.5 CVE-2021-42018
CONFIRM
siemens — sinumerik_mc_firmware A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. 2022-03-08 7.2 CVE-2022-24408
CONFIRM
stylemixthemes — masterstudy_lms The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin 2022-03-07 7.5 CVE-2022-0441
CONFIRM
MISC
symantec — management_agent The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. 2022-03-04 7.2 CVE-2022-25623
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter. 2022-03-10 7.8 CVE-2022-25558
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 7.8 CVE-2022-25566
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter. 2022-03-10 7.8 CVE-2022-25557
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. 2022-03-10 7.8 CVE-2022-25548
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter. 2022-03-10 7.8 CVE-2022-25554
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. 2022-03-10 7.8 CVE-2022-25553
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. 2022-03-10 7.8 CVE-2022-25552
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. 2022-03-10 7.8 CVE-2022-25551
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. 2022-03-10 7.8 CVE-2022-25546
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 7.8 CVE-2022-25547
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. 2022-03-10 7.8 CVE-2022-25550
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter. 2022-03-10 7.8 CVE-2022-25555
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. 2022-03-10 7.8 CVE-2022-25549
MISC
tenda — ax3_firmware There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 7.5 CVE-2021-46393
MISC
tenda — ax3_firmware There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 7.5 CVE-2021-46394
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. 2022-03-10 10 CVE-2021-44622
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface. 2022-03-10 10 CVE-2021-44623
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44625
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44626
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44629
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44627
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44628
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44630
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44631
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44632
MISC
victor_cms_project — victor_cms Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. 2022-03-04 7.5 CVE-2022-26201
MISC
MISC
wpdeveloper — notificationx The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection 2022-03-07 7.5 CVE-2022-0349
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abcm2ps_project — abcm2ps abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. 2022-03-10 4.3 CVE-2021-32434
MISC
MISC
abcm2ps_project — abcm2ps An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-03-10 4.3 CVE-2021-32436
MISC
MISC
abcm2ps_project — abcm2ps Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-03-10 4.3 CVE-2021-32435
MISC
MISC
adrotate_project — adrotate The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection 2022-03-07 6.5 CVE-2022-0267
MISC
alfresco — alfresco Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 2022-03-04 4.3 CVE-2020-18327
MISC
MISC
apache — any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. 2022-03-05 6.4 CVE-2022-25312
MISC
MLIST
archivy_project — archivy Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. 2022-03-06 5.8 CVE-2022-0697
CONFIRM
MISC
ayecode — userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. 2022-03-07 4 CVE-2022-0442
MISC
catchplugins — catch_themes_demo_import The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) 2022-03-07 6.5 CVE-2022-0440
MISC
cerber — wp_cerber_security,_anti-spam_ amp;_malware_scan The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. 2022-03-07 4.3 CVE-2022-0429
MISC
correosexpress_project — correosexpress The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses 2022-03-07 5 CVE-2021-25009
MISC
custom_content_shortcode_project — custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when either the unfiltered_html or file_edit is disallowed) 2022-03-07 4 CVE-2021-24825
MISC
custom_content_shortcode_project — custom_content_shortcode The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved 2022-03-07 4 CVE-2021-24824
MISC
devowl — wordpress_real_cookie_banner The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack 2022-03-07 4.3 CVE-2022-0445
MISC
dlink — dir-x1860_firmware An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. 2022-03-04 5 CVE-2021-46353
MISC
MISC
ericsson — network_manager Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). 2022-03-10 4 CVE-2021-28488
MISC
MISC
MISC
espruino — espruino Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. 2022-03-05 6.8 CVE-2022-25465
MISC
espruino — espruino Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. 2022-03-05 6.8 CVE-2022-25044
MISC
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. 2022-03-06 4.3 CVE-2021-44748
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. 2022-03-06 4.3 CVE-2021-44749
MISC
fatcatapps — easy_pricing_tables The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash 2022-03-07 4.3 CVE-2021-25098
MISC
framasoft — peertube Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. 2022-03-09 4 CVE-2022-0881
MISC
CONFIRM
golang — go regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 2022-03-05 5 CVE-2022-24921
CONFIRM
google — android When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. 2022-03-04 6.9 CVE-2022-23729
MISC
hcltech — bigfix_compliance “TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” 2022-03-04 4.3 CVE-2021-27756
MISC
hcltech — bigfix_insights ” Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” 2022-03-04 5 CVE-2021-27757
MISC
hestiacp — control_panel Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-04 4.3 CVE-2022-0752
MISC
CONFIRM
hestiacp — control_panel Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. 2022-03-04 4.3 CVE-2022-0838
MISC
CONFIRM
hotscot — contact_form The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. 2022-03-07 6.5 CVE-2021-24777
MISC
icegram — email_subscribers_ amp;_newsletters The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link. 2022-03-07 6.5 CVE-2022-0439
MISC
intelliants — subrion_cms Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. 2022-03-04 4.3 CVE-2020-18325
MISC
MISC
MISC
intelliants — subrion_cms Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. 2022-03-04 6.8 CVE-2020-18326
MISC
MISC
MISC
intelliants — subrion_cms Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. 2022-03-04 4.3 CVE-2020-18324
MISC
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34341
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. 2022-03-10 4.3 CVE-2021-34342
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34340
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34339
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34338
MISC
MISC
libsixel_project — libsixel saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c. 2022-03-10 6.8 CVE-2020-36123
MISC
linux — linux_kernel st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. 2022-03-06 4.6 CVE-2022-26490
MISC
linux — linux_kernel A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. 2022-03-04 4.9 CVE-2021-3428
MISC
MISC
MISC
marktext — marktext Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. 2022-03-05 6.8 CVE-2022-25069
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts. 2022-03-08 6.8 CVE-2022-26313
CONFIRM
mendix — mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system. 2022-03-08 4 CVE-2022-26317
CONFIRM
mendix — mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. 2022-03-08 5.5 CVE-2022-24309
CONFIRM
metagauss — registrationmagic The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks 2022-03-07 6.5 CVE-2022-0420
MISC
CONFIRM
metaphorcreations — ditty The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. 2022-03-07 4.3 CVE-2022-0533
CONFIRM
MISC
mi — ax6000_firmware Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. 2022-03-10 5 CVE-2020-14112
MISC
microweber — microweber Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. 2022-03-09 6.8 CVE-2022-0896
CONFIRM
MISC
mini-inventory-and-sales-management-system_project — mini-inventory-and-sales-management-system Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. 2022-03-04 4.3 CVE-2021-44321
MISC
MISC
mybb — mybb MyBB is a free and open source forum software. In affected versions the Admin CP’s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB’s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds. 2022-03-09 6.5 CVE-2022-24734
MISC
MISC
CONFIRM
MISC
netapp — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). 2022-03-04 4 CVE-2022-23232
MISC
netapp — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. 2022-03-04 5 CVE-2022-23233
MISC
netgear — wac120_ac_firmware Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. 2022-03-04 4.3 CVE-2021-46382
MISC
MISC
obtaininfotech — multisite_content_copier/updater The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-03-07 4.3 CVE-2021-25039
MISC
obtaininfotech — multisite_user_sync/unsync The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-03-07 4.3 CVE-2021-25038
MISC
openexr — openexr A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. 2022-03-04 5.8 CVE-2021-20303
MISC
MISC
MISC
paloaltonetworks — pan-os Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7. 2022-03-09 4.6 CVE-2022-0022
CONFIRM
phpmyadmin — phpmyadmin PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. 2022-03-10 5 CVE-2022-0813
CONFIRM
CONFIRM
plugins-market — wp_visitor_statistics The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection 2022-03-07 6.5 CVE-2022-0410
MISC
radare — radare2 Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. 2022-03-05 4.3 CVE-2022-0849
MISC
CONFIRM
readdle — spark Apache Spark supports end-to-end encryption of RPC connections via “spark.authenticate” and “spark.network.crypto.enabled”. In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by “spark.authenticate.enableSaslEncryption”, “spark.io.encryption.enabled”, “spark.ssl”, “spark.ui.strictTransportSecurity”. Update to Apache Spark 3.1.3 or later 2022-03-10 5 CVE-2021-38296
CONFIRM
readymedia_project — readymedia A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. 2022-03-06 4.3 CVE-2022-26505
MISC
MISC
MLIST
redhat — coreos-installer An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. 2022-03-04 6.8 CVE-2021-20319
MISC
MISC
MISC
rednao — smart_forms The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form’s data, which could include sensitive information such as PII depending on the form. 2022-03-07 4 CVE-2022-0163
MISC
salesagility — suitecrm Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0755
MISC
CONFIRM
salesagility — suitecrm SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0754
CONFIRM
MISC
salesagility — suitecrm Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0756
MISC
CONFIRM
schneider-electric — ecostruxure_control_expert A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior) 2022-03-09 4.3 CVE-2022-24323
CONFIRM
schneider-electric — ecostruxure_control_expert A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior) 2022-03-09 4.3 CVE-2022-24322
CONFIRM
schneider-electric — ritto_wiser_door A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) 2022-03-09 4.8 CVE-2021-22783
CONFIRM
servmask — one-stop_wp_migration The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files’ extension, which allows administrators to upload PHP files on their site, even on multisite installations. 2022-03-07 6.5 CVE-2021-24216
MISC
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. 2022-03-08 4.3 CVE-2021-41541
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. 2022-03-08 4.3 CVE-2021-41542
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. 2022-03-08 4 CVE-2021-41543
CONFIRM
siemens — polarion_subversion_webclient A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. 2022-03-08 4.3 CVE-2021-44478
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. 2022-03-08 4 CVE-2021-37209
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. 2022-03-08 5 CVE-2021-42016
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. 2022-03-08 4.3 CVE-2021-42017
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. 2022-03-08 5 CVE-2021-42020
CONFIRM
siemens — simcenter_star-ccm_viewer A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. 2022-03-08 6.8 CVE-2022-24661
CONFIRM
siemens — sinec_network_management_syste A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. 2022-03-08 6.5 CVE-2022-24281
CONFIRM
siemens — sinec_network_management_system A vulnerability has been identified in SINEC NMS (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. 2022-03-08 6.5 CVE-2022-25311
CONFIRM
siemens — sinec_network_management_system A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. 2022-03-08 6.5 CVE-2022-24282
CONFIRM
spirit-project — spirit Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. 2022-03-06 5.8 CVE-2022-0869
CONFIRM
MISC
stripe — stripe_cli Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue. 2022-03-09 4.4 CVE-2022-24753
MISC
CONFIRM
tatvic — conversios.io The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. 2022-03-07 6.5 CVE-2021-24952
MISC
tinywebgallery — advanced_iframe The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-03-07 4.3 CVE-2021-24953
MISC
uclouvain — openjpeg A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. 2022-03-04 6.8 CVE-2021-3575
MISC
MISC
MISC
uri.js_project — uri.js Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. 2022-03-06 5.8 CVE-2022-0868
CONFIRM
MISC
veritas — infoscale_operations_manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. 2022-03-04 6.8 CVE-2022-26484
MISC
video_conferencing_with_zoom_project — video_conferencing_with_zoom The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog 2022-03-07 4 CVE-2022-0384
MISC
CONFIRM
videousermanuals — white_label_cms The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue 2022-03-07 4.3 CVE-2022-0422
MISC
CONFIRM
weblate — weblate The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. 2022-03-04 6.5 CVE-2022-23915
CONFIRM
CONFIRM
CONFIRM
CONFIRM
weblate — weblate Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn’t properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. 2022-03-04 6.5 CVE-2022-24727
MISC
CONFIRM
MISC
wpaffiliatefeed — tradetracker-store The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2022-03-07 6.5 CVE-2021-24778
MISC
wpbrigade — loginpress The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2022-03-07 4.3 CVE-2022-0347
MISC
wpdownloadmanager — wordpress_download_manager The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). 2022-03-07 5 CVE-2021-25087
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adtribes — product_feed_pro_for_woocommerce The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting 2022-03-07 3.5 CVE-2022-0426
MISC
CONFIRM
apasionados — customize_login_image A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser and can use an application as the vehicle for the attack. The XSS payload given in the “Custom logo link” executes whenever the user opens the Settings Page of the “Customize Login Image” Plugin. 2022-03-10 3.5 CVE-2021-33851
MISC
bitdefender — antivirus_plus A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48. 2022-03-07 3.6 CVE-2021-4198
CONFIRM
MISC
bookstackapp — bookstack Cross-site Scripting (XSS) – Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. 2022-03-08 3.5 CVE-2022-0877
MISC
CONFIRM
codepeople — wp_time_slots_booking_form The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-03-07 3.5 CVE-2022-0389
MISC
custom_content_shortcode_project — custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when the unfiltered_html is disallowed) 2022-03-07 3.5 CVE-2021-24826
MISC
dell — enterprise_storage_analytics Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-03-04 3.6 CVE-2021-43590
MISC
dwbooster — cp_blocks The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its “License ID” settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. 2022-03-07 3.5 CVE-2022-0448
MISC
e2pdf — e2pdf The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-07 3.5 CVE-2022-0535
MISC
CONFIRM
iptanus — wordpress_file_upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks 2022-03-07 3.5 CVE-2021-24960
MISC
CONFIRM
iptanus — wordpress_file_upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2022-03-07 3.5 CVE-2021-24961
MISC
CONFIRM
linux — linux_kernel A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. 2022-03-04 2.1 CVE-2021-3744
MISC
MISC
MISC
MISC
MLIST
DEBIAN
linux — linux_kernel An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. 2022-03-04 3.6 CVE-2021-3743
MISC
MISC
MISC
MISC
MISC
MISC
metaphorcreations — post_duplicator A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser and can use an application as the vehicle for the attack. The XSS payload given in the “Duplicate Title” text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts. 2022-03-10 3.5 CVE-2021-33852
MISC
nextcloud — talk Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds. 2022-03-08 2.1 CVE-2021-41181
CONFIRM
MISC
nicdark — cost_calculator The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) 2022-03-07 3.5 CVE-2021-24821
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 3.5 CVE-2022-0831
CONFIRM
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 3.5 CVE-2022-0832
MISC
CONFIRM
secomea — sitemanager_1129_firmware Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. 2022-03-10 3.5 CVE-2021-32005
MISC
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. 2022-03-08 3.5 CVE-2021-37208
CONFIRM
sophos — ssl_vpn_client A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. 2022-03-08 3.6 CVE-2021-36809
CONFIRM
st — j-safe3_firmware STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 1.9 CVE-2021-43392
MISC
MISC
st — stsafe-j_firmware STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 1.9 CVE-2021-43393
MISC
MISC
veritas — infoscale_operations_manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). 2022-03-04 3.5 CVE-2022-26483
MISC
wp-eventmanager — wp_event_manager The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-07 3.5 CVE-2021-24810
MISC
yop-poll — yop-poll The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue 2022-03-07 3.5 CVE-2022-0205
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
/dsadatatest — /dsadatatest
 
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. 2022-03-10 not yet calculated CVE-2021-42856
CONFIRM
microsoft — vp9_video_extensions
 
VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24501. 2022-03-09 not yet calculated CVE-2022-24451
N/A
apc_smart-ups_family — apc_smart-ups_family
 
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-0715
CONFIRM
linux — linux_kernel_bpf
 
A NULL pointer dereference flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. 2022-03-10 not yet calculated CVE-2022-0433
MISC
MISC
MISC
easyappointments — easyappointments
 
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. 2022-03-09 not yet calculated CVE-2022-0482
CONFIRM
MISC
pandora_fms — pandora_api
 
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. 2022-03-10 not yet calculated CVE-2022-0507
CONFIRM
CONFIRM
linux — linux_kernel
 
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. 2022-03-10 not yet calculated CVE-2022-0516
MISC
DEBIAN
MISC
apple — swift-nio-http2
 
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-03-10 not yet calculated CVE-2022-0618
MISC
calibre_web — calibre_web
 
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. 2022-03-07 not yet calculated CVE-2022-0767
MISC
CONFIRM
keepass — keepass
 
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 2022-03-10 not yet calculated CVE-2022-0725
MISC
bluez — bluez
 
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. 2022-03-10 not yet calculated CVE-2022-0204
MISC
MISC
mcafee — mcafee_webadvisor_chrome
 
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. 2022-03-10 not yet calculated CVE-2022-0815
MISC
shopware — shopware
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 2022-03-09 not yet calculated CVE-2022-24744
CONFIRM
nextcloud — nextcloud
 
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `’enable_previews’` config flag. 2022-03-09 not yet calculated CVE-2022-24741
MISC
CONFIRM
MISC
alltube — alltube
 
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. 2022-03-08 not yet calculated CVE-2022-24739
MISC
CONFIRM
MISC
MISC
microsoft — microsoft 
 
Point-to-Point Tunneling Protocol Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-23253
N/A
mcafee — mcafee_total_protection
 
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. 2022-03-10 not yet calculated CVE-2022-0280
MISC
intel — intel
 
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 not yet calculated CVE-2022-0001
MISC
intel — intel
 
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 not yet calculated CVE-2022-0002
MISC
microsoft — microsoft
 
Remote Desktop Protocol Client Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-24503
N/A
frontend — frontend
 
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24919
CONFIRM
frontend — frontend
 
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24917
CONFIRM
frontend — frontend
 
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 2022-03-10 not yet calculated CVE-2022-24915
MISC
parse_community — parse_server 
 
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. 2022-03-12 not yet calculated CVE-2022-24760
CONFIRM
MISC
pjsip — pjsip_project
 
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. 2022-03-11 not yet calculated CVE-2022-24754
MISC
CONFIRM
ultravnc — ultravnc
 
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service. 2022-03-10 not yet calculated CVE-2022-24750
CONFIRM
MISC
MISC
microsft — remote_desktop_client
 
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990. 2022-03-09 not yet calculated CVE-2022-23285
N/A
evmos — evmos
 
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue. 2022-03-07 not yet calculated CVE-2022-24738
CONFIRM
MISC
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds. 2022-03-09 not yet calculated CVE-2022-24748
CONFIRM
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. 2022-03-09 not yet calculated CVE-2022-24747
MISC
MISC
CONFIRM
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. 2022-03-09 not yet calculated CVE-2022-24746
MISC
CONFIRM
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache. 2022-03-09 not yet calculated CVE-2022-24745
CONFIRM
antaris — razorengine
 
** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-06 not yet calculated CVE-2021-46703
MISC
npmjs — npmjs
 
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. 2022-03-11 not yet calculated CVE-2021-46708
MISC
MISC
libcaca — libcaca
 
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service 2022-03-10 not yet calculated CVE-2022-0856
MISC
httpie — httpie
 
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. 2022-03-07 not yet calculated CVE-2022-24737
MISC
MISC
CONFIRM
samsung_mobile_security — applock
 
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. 2022-03-10 not yet calculated CVE-2022-24929
MISC
mediatek — btif
 
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186. 2022-03-10 not yet calculated CVE-2022-20057
MISC
mediatek — connsyslogger
 
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038. 2022-03-10 not yet calculated CVE-2022-20050
MISC
mediatek — ims_service
 
In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127. 2022-03-10 not yet calculated CVE-2022-20051
MISC
mediatek — ims_service
 
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. 2022-03-10 not yet calculated CVE-2022-20053
MISC
mediatek — ims_service
 
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. 2022-03-10 not yet calculated CVE-2022-20054
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830. 2022-03-10 not yet calculated CVE-2022-20055
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820. 2022-03-10 not yet calculated CVE-2022-20056
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485. 2022-03-10 not yet calculated CVE-2022-20058
MISC
mediatek — video_decoder
 
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502. 2022-03-10 not yet calculated CVE-2022-20048
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781. 2022-03-10 not yet calculated CVE-2022-20059
MISC
mediatek — preloader
 
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462. 2022-03-10 not yet calculated CVE-2022-20060
MISC
madiant — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-22007
N/A
MISC
ipdio — web_interface
 
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history. 2022-03-10 not yet calculated CVE-2022-21146
MISC
marktext — marktext
 
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext. 2022-03-10 not yet calculated CVE-2022-21158
MISC
MISC
madiant — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-22006
N/A
MISC
mediatek — vpu
 
In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. 2022-03-10 not yet calculated CVE-2022-20049
MISC
mediatek — video_decoder
 
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. 2022-03-10 not yet calculated CVE-2022-20047
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23042
MISC
ipcomm — ipdio
 
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. 2022-03-10 not yet calculated CVE-2022-22985
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23041
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23040
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23039
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23038
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23037
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23036
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-24452
N/A
microsoft — media_foundation_information_disclosure 
 
Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21977. 2022-03-09 not yet calculated CVE-2022-22010
N/A
schneider-electric — smartconnect_family
 
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-22806
CONFIRM
schneider-electric — smartconnect_family
 
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-22805
CONFIRM
signiant-manager_agents — signiant-manager_agents
 
Signiant – Manager+Agents XML External Entity (XXE) – Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine. 2022-03-10 not yet calculated CVE-2022-22795
MISC
zz.inc — keymouse_windows
 
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. 2022-03-10 not yet calculated CVE-2022-24644
MISC
MISC
heindal — heimdal_premium_security
 
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the “Browse For Folder” window accessible by triggering a “Repair” on the MSI package located in C:WindowsInstaller. 2022-03-10 not yet calculated CVE-2022-24618
MISC
MISC
wago — wago
 
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. 2022-03-09 not yet calculated CVE-2022-22511
CONFIRM
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 2022-03-07 not yet calculated CVE-2022-22351
XF
CONFIRM
samsung_mobile_security — kernel
 
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. 2022-03-10 not yet calculated CVE-2022-24928
MISC
zabbix — zabbix
 
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24918
CONFIRM
samsung_mobile_security — stretailmodereceiver
 
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission 2022-03-10 not yet calculated CVE-2022-24930
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23930
MISC
lg — lg
 
The public API error causes for the attacker to be able to bypass API access control. 2022-03-11 not yet calculated CVE-2022-23730
MISC
lg — v8_javascript_engine
 
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. 2022-03-11 not yet calculated CVE-2022-23731
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23924
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23925
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23926
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23927
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23928
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23929
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23931
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23295. 2022-03-09 not yet calculated CVE-2022-23300
N/A
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23932
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23933
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23934
MISC
samsung_mobile_security — apkinstaller
 
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission 2022-03-10 not yet calculated CVE-2022-24931
MISC
zabbix — zabbix_frontend
 
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors – an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. 2022-03-09 not yet calculated CVE-2022-24349
CONFIRM
mandiant — heif_image_extensions
 
HEIF Image Extensions Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24457
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453. 2022-03-09 not yet calculated CVE-2022-24456
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-24453
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-23301
N/A
microsft — remote_desktop_client
 
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285. 2022-03-09 not yet calculated CVE-2022-21990
N/A
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23300. 2022-03-09 not yet calculated CVE-2022-23295
N/A
suletm — pdftron_sdk
 
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows. 2022-03-10 not yet calculated CVE-2022-24960
MISC
MISC
tenda — tenda_ax3 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 not yet calculated CVE-2022-24995
MISC
printix — printix_secure_cloud_print_management
 
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. 2022-03-10 not yet calculated CVE-2022-25090
MISC
MISC
MISC
MISC
foxit — foxit_pdf_reader_and_editor
 
Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. 2022-03-10 not yet calculated CVE-2022-25108
MISC
tenable — phicomm_k2
 
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. 2022-03-10 not yet calculated CVE-2022-25213
MISC
tenable — phicomm_k2
 
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. 2022-03-10 not yet calculated CVE-2022-25214
MISC
tenable — dvdfab_12
 
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to <IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>. 2022-03-11 not yet calculated CVE-2022-25216
MISC
tenable — localmacconfi.asp
 
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself. 2022-03-10 not yet calculated CVE-2022-25215
MISC
tenable — telnetd_startup
 
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability. 2022-03-10 not yet calculated CVE-2022-25217
MISC
tenable — telnetd_startup
 
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the “plaintext” to which an arbitrary blob of ciphertext will be decrypted by OpenSSL’s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219). 2022-03-10 not yet calculated CVE-2022-25218
MISC
tenable — telnetd_startup
 
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218). 2022-03-10 not yet calculated CVE-2022-25219
MISC
microsoft — vp9_video_extensions 
 
VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24451. 2022-03-09 not yet calculated CVE-2022-24501
N/A
samsung_mobile_security — setup_wizard
 
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. 2022-03-10 not yet calculated CVE-2022-24932
MISC
abantecart — abantecart
 
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). 2022-03-10 not yet calculated CVE-2022-26521
MISC
ace2 — coloros11
 
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. 2022-03-11 not yet calculated CVE-2021-23246
MISC
acer — care_center
 
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 2022-03-10 not yet calculated CVE-2022-24285
MISC
acer — quickaccess
 
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 2022-03-10 not yet calculated CVE-2022-24286
MISC
adobe — after_effects Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24095
MISC
adobe — after_effects Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24094
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24097
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24096
MISC
adobe — illustrator
 
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. 2022-03-11 not yet calculated CVE-2022-23187
MISC
adobe — photoshop
 
Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24090
MISC
alist — alist
 
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. 2022-03-12 not yet calculated CVE-2022-26533
MISC
amd — cpus
 
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. 2022-03-11 not yet calculated CVE-2021-26401
MISC
amd — cpus
 
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. 2022-03-11 not yet calculated CVE-2021-26341
MISC
atlassian — jira_server_and_data_center
 
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 2022-03-08 not yet calculated CVE-2021-43944
N/A
atune — atune
 
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. 2022-03-11 not yet calculated CVE-2021-33658
CONFIRM
casaos — casaos
 
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api. 2022-03-10 not yet calculated CVE-2022-24193
MISC
MISC
MISC
MISC
cgi-bin/ej.cgi — cgi-bin/ej.cgi
 
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. 2022-03-10 not yet calculated CVE-2022-24177
MISC
citrix — federated_authentication_service
 
Citrix Federated Authentication Service (FAS) 7.17 – 10.6 causes deployments that have been configured to store a registration authority certificate’s private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. 2022-03-10 not yet calculated CVE-2022-26355
MISC
cobbler — cobbler
 
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. 2022-03-11 not yet calculated CVE-2022-0860
CONFIRM
MISC
cockpit — cockpit
 
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. 2022-03-10 not yet calculated CVE-2021-3698
MISC
cockpit — cockpit
 
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. 2022-03-10 not yet calculated CVE-2021-3660
MISC
MISC
MISC
contact_form_x — contact_form_x
 
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 2022-03-11 not yet calculated CVE-2022-25601
CONFIRM
CONFIRM
couchbase_operator — couchbase_operator
 
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments. 2022-03-10 not yet calculated CVE-2022-26311
CONFIRM
MISC
croogo — croogo
 
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. 2022-03-10 not yet calculated CVE-2021-44673
MISC
cx-programmer — cx-programmer Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. 2022-03-10 not yet calculated CVE-2022-25230
MISC
cx-programmer — cx-programmer Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. 2022-03-10 not yet calculated CVE-2022-25325
MISC
cx-programmer — cx-programmer
 
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. 2022-03-10 not yet calculated CVE-2022-21124
MISC
cx-programmer — cx-programmer
 
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. 2022-03-10 not yet calculated CVE-2022-25234
MISC
cx-programmer — cx-programmer
 
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-03-10 not yet calculated CVE-2022-21219
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24416
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24419
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24420
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24421
MISC
dell — bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24415
MISC
f-secure — support_tool
 
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands. 2022-03-10 not yet calculated CVE-2021-44750
MISC
MISC
fedora — fedora
 
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. 2022-03-10 not yet calculated CVE-2021-20269
MISC
fiori — launchpad
 
Fiori launchpad – versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-26101
MISC
MISC
freetakserver — freetakserver FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. 2022-03-11 not yet calculated CVE-2022-25510
MISC
freetakserver — freetakserver An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. 2022-03-11 not yet calculated CVE-2022-25508
MISC
freetakserver-ui — freetakserver-ui An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. 2022-03-11 not yet calculated CVE-2022-25511
MISC
freetakserver-ui — freetakserver-ui FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. 2022-03-11 not yet calculated CVE-2022-25506
MISC
freetakserver-ui — freetakserver-ui
 
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. 2022-03-11 not yet calculated CVE-2022-25512
MISC
freetakserver-ui — freetakserver-ui
 
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. 2022-03-11 not yet calculated CVE-2022-25507
MISC
gerapy — gerapy
 
An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function. 2022-03-10 not yet calculated CVE-2021-44597
MISC
go-gitea — gitea
 
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. 2022-03-10 not yet calculated CVE-2022-0905
CONFIRM
MISC
gogs — gogs
 
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. 2022-03-11 not yet calculated CVE-2022-0870
MISC
CONFIRM
gogs — gogs
 
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5. 2022-03-11 not yet calculated CVE-2022-0871
MISC
CONFIRM
gpac — gpac
 
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. 2022-03-12 not yet calculated CVE-2022-26967
MISC
grub2 — grub2
 
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. 2022-03-10 not yet calculated CVE-2021-3981
MISC
FEDORA
hitachi — aab_power_grids_ellipse_enterprise_asset_management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. 2022-03-11 not yet calculated CVE-2021-27416
CONFIRM
CONFIRM
hitachi — aab_power_grids_ellipse_enterprise_asset_management
 
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. 2022-03-11 not yet calculated CVE-2021-27414
CONFIRM
CONFIRM
horde — mime_viewer
 
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. 2022-03-11 not yet calculated CVE-2022-26874
MISC
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. 2022-03-10 not yet calculated CVE-2021-40064
MISC
MISC
huawei — devices There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. 2022-03-10 not yet calculated CVE-2021-40049
MISC
MISC
huawei — devices There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40051
MISC
MISC
huawei — devices There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. 2022-03-10 not yet calculated CVE-2021-40048
MISC
MISC
huawei — devices There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40052
MISC
huawei — devices There is a permission control vulnerability in the Nearby module. Successful exploitation of this vulnerability will affect availability and integrity. 2022-03-10 not yet calculated CVE-2021-40053
MISC
huawei — devices There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40054
MISC
huawei — devices There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40055
MISC
MISC
huawei — devices There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40056
MISC
huawei — devices There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40057
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40058
MISC
huawei — devices There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40059
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40060
MISC
huawei — devices There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40061
MISC
MISC
huawei — devices There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40062
MISC
huawei — devices There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40063
MISC
MISC
huawei — devices There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow. 2022-03-10 not yet calculated CVE-2021-40050
MISC
MISC
huawei — devices
 
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40047
MISC
MISC
ibm — aix_and_vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. 2022-03-07 not yet calculated CVE-2021-38988
XF
CONFIRM
ibm — aix_and_vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. 2022-03-07 not yet calculated CVE-2021-38989
XF
CONFIRM
ibm — datapower_gateway
 
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. 2022-03-10 not yet calculated CVE-2021-38910
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858. 2022-03-10 not yet calculated CVE-2021-39022
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. 2022-03-10 not yet calculated CVE-2021-39025
XF
CONFIRM
icinga_web_2 — icinga_web_2 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. 2022-03-08 not yet calculated CVE-2022-24716
CONFIRM
MISC
icinga_web_2 — icinga_web_2 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. 2022-03-08 not yet calculated CVE-2022-24715
CONFIRM
MISC
icinga_web_2 — icinga_web_2
 
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. 2022-03-08 not yet calculated CVE-2022-24714
CONFIRM
MISC
ifilter_ver — ifilter_ver
 
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. 2022-03-10 not yet calculated CVE-2022-21170
MISC
MISC
MISC
MISC
MISC
MISC
intel — sgx
 
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis. 2022-03-10 not yet calculated CVE-2021-44421
CONFIRM
MISC
CONFIRM
MISC
intel — trace_hub
 
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2022-03-11 not yet calculated CVE-2021-33150
MISC
ipdio — ipdio
 
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 2022-03-10 not yet calculated CVE-2022-24432
MISC
istio — istio
 
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities. 2022-03-10 not yet calculated CVE-2022-24726
MISC
MISC
CONFIRM
jackson-databind — jackson-databind
 
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 2022-03-11 not yet calculated CVE-2020-36518
MISC
jboss-client — jboss-client
 
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. 2022-03-11 not yet calculated CVE-2022-0853
MISC
MISC
jeecg-boot — jceeg-boot
 
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. 2022-03-10 not yet calculated CVE-2021-44585
MISC
jetson — linux
 
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. 2022-03-11 not yet calculated CVE-2022-21819
MISC
libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 2022-03-11 not yet calculated CVE-2022-0909
MISC
MISC
CONFIRM
libtiff — libtiff Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 2022-03-11 not yet calculated CVE-2022-0908
CONFIRM
MISC
MISC
libtiff — libtiff
 
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 2022-03-11 not yet calculated CVE-2022-0907
MISC
CONFIRM
MISC
libtiff — libtiff
 
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 2022-03-11 not yet calculated CVE-2022-0924
MISC
CONFIRM
MISC
libtiff — libtiff
 
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. 2022-03-10 not yet calculated CVE-2022-0865
MISC
MISC
CONFIRM
libtiff — libtiff
 
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact 2022-03-10 not yet calculated CVE-2022-0891
CONFIRM
MISC
MISC
MISC
linux — linux_kernel drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). 2022-03-11 not yet calculated CVE-2022-26878
MISC
MISC
MISC
MISC
MLIST
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. 2022-03-10 not yet calculated CVE-2021-3739
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. 2022-03-12 not yet calculated CVE-2022-26966
MISC
MISC
linux — linux_kernel
 
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. 2022-03-10 not yet calculated CVE-2021-4023
MISC
linux — linux_kernel
 
A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount. 2022-03-10 not yet calculated CVE-2021-3732
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A NULL pointer dereference was found in the Linux kernel’s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. 2022-03-10 not yet calculated CVE-2021-4095
MISC
MLIST
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. 2022-03-10 not yet calculated CVE-2022-24604
MISC
luocms — luocms Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. 2022-03-10 not yet calculated CVE-2022-24608
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. 2022-03-10 not yet calculated CVE-2022-24602
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. 2022-03-10 not yet calculated CVE-2022-24601
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. 2022-03-10 not yet calculated CVE-2022-24603
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. 2022-03-10 not yet calculated CVE-2022-24605
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. 2022-03-10 not yet calculated CVE-2022-24606
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. 2022-03-10 not yet calculated CVE-2022-24607
MISC
luocms — luocms Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file. 2022-03-10 not yet calculated CVE-2022-24609
MISC
luocms — luocms
 
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. 2022-03-10 not yet calculated CVE-2022-24600
MISC
maddy — mail_server
 
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms. 2022-03-09 not yet calculated CVE-2022-24732
MISC
CONFIRM
mattermost — server A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document. 2022-03-10 not yet calculated CVE-2022-0904
MISC
mattermost — server
 
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body. 2022-03-10 not yet calculated CVE-2022-0903
MISC
microsoft — .net_and_visual_studio
 
.NET and Visual Studio Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24512
N/A
microsoft — .net_and_visual_studio
 
.NET and Visual Studio Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-24464
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518. 2022-03-09 not yet calculated CVE-2022-24519
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24518
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24517
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24470
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517. 2022-03-09 not yet calculated CVE-2022-24520
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24471
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24469
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24468
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24506
N/A
microsoft — azure
 
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24515
N/A
microsoft — azure
 
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24467
N/A
microsoft — defender Microsoft Defender for IoT Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23266
N/A
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23265
N/A
microsoft — defender
 
Microsoft Defender for Endpoint Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-23278
N/A
microsoft — exchange
 
Microsoft Exchange Server Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23277
N/A
microsoft — exchange_server
 
Microsoft Exchange Server Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-24463
N/A
microsoft — intune_portal
 
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24465
N/A
microsoft — media_foundation
 
Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22010. 2022-03-09 not yet calculated CVE-2022-21977
N/A
microsoft — office
 
Microsoft Office Word Tampering Vulnerability. 2022-03-09 not yet calculated CVE-2022-24511
N/A
microsoft — office_visio Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509. 2022-03-09 not yet calculated CVE-2022-24510
N/A
microsoft — office_visio Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510. 2022-03-09 not yet calculated CVE-2022-24509
N/A
microsoft — office_visio
 
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510. 2022-03-09 not yet calculated CVE-2022-24461
N/A
microsoft — pint_3d
 
Paint 3D Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23282
N/A
microsoft — skype
 
Skype Extension for Chrome Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-24522
N/A
microsoft — visual_studio
 
Visual Studio Code Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-24526
N/A
microsoft — windows Windows CD-ROM Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24455
N/A
microsoft — windows Windows Fax and Scan Service Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24459
N/A
microsoft — windows Tablet Windows User Interface Application Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24460
N/A
microsoft — windows Windows HTML Platforms Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24502
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287. 2022-03-09 not yet calculated CVE-2022-24505
N/A
microsoft — windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24507
N/A
microsoft — windows Windows SMBv3 Client/Server Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24508
N/A
microsoft — windows Microsoft Word Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24462
N/A
microsoft — windows Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23293
N/A
microsoft — windows Windows Event Tracing Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23294
N/A
microsoft — windows Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-23297
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23284
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-24505. 2022-03-09 not yet calculated CVE-2022-23287
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23291. 2022-03-09 not yet calculated CVE-2022-23288
N/A
microsoft — windows Windows Inking COM Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23290
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23288. 2022-03-09 not yet calculated CVE-2022-23291
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23296
N/A
MISC
microsoft — windows Windows PDEV Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23299
N/A
microsoft — windows Windows NT OS Kernel Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23298
N/A
microsoft — windows
 
Windows Hyper-V Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-21975
N/A
microsoft — windows
 
Windows Common Log File System Driver Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-23281
N/A
microsoft — windows
 
Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505. 2022-03-09 not yet calculated CVE-2022-23283
N/A
microsoft — windows
 
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23286
N/A
microsoft — windows
 
Windows Update Stack Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24525
N/A
microsoft — windows
 
Windows Security Support Provider Interface Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24454
N/A
microsoft — windows_media_center
 
Windows Media Center Update Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-21973
N/A
microsoft — wps_office_for_windows
 
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. 2022-03-09 not yet calculated CVE-2022-25943
CONFIRM
MISC
JVN
microsoft — xbox_live
 
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-21967
N/A
microweber — microweber XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-12 not yet calculated CVE-2022-0929
MISC
CONFIRM
microweber — microweber Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-11 not yet calculated CVE-2022-0912
MISC
CONFIRM
microweber — microweber Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. 2022-03-11 not yet calculated CVE-2022-0913
CONFIRM
MISC
microweber — microweber Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 not yet calculated CVE-2022-0921
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 not yet calculated CVE-2022-0926
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 not yet calculated CVE-2022-0930
MISC
CONFIRM
microweber — microweber
 
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. 2022-03-10 not yet calculated CVE-2022-0906
CONFIRM
MISC
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 not yet calculated CVE-2022-0928
MISC
CONFIRM
microweber — microweber
 
Static Code Injection in GitHub repository microweber/microweber prior to 1.3. 2022-03-10 not yet calculated CVE-2022-0895
CONFIRM
MISC
mitel — micollab
 
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. 2022-03-10 not yet calculated CVE-2022-26143
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moodle — moodle An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32474
MISC
moodle — moodle The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32478
MISC
moodle — moodle ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32475
MISC
moodle — moodle The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. 2022-03-11 not yet calculated CVE-2021-32477
MISC
moodle — moodle Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. 2022-03-11 not yet calculated CVE-2021-32472
MISC
moodle — moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected 2022-03-11 not yet calculated CVE-2021-32473
MISC
moodle — moodle
 
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32476
MISC
mruby — mruby
 
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. 2022-03-10 not yet calculated CVE-2022-0890
MISC
CONFIRM
myasus — myasus
 
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. 2022-03-10 not yet calculated CVE-2022-22814
MISC
nabu_casa — home_assistant_operating_system
 
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. 2022-03-10 not yet calculated CVE-2020-36517
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nacos — nacos A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. 2022-03-11 not yet calculated CVE-2021-44667
MISC
nats — nats-server
 
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. 2022-03-10 not yet calculated CVE-2022-26652
CONFIRM
MISC
CONFIRM
MLIST
network_olympus — network_olympus
 
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in ‘/api/eventinstance’ via the ‘sqlparameter’ JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. 2022-03-10 not yet calculated CVE-2022-25225
MISC
MISC
nextcloud — server Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting “advanced permissions” on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the “groupfolders” application in the admin settings. 2022-03-08 not yet calculated CVE-2021-41241
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. 2022-03-08 not yet calculated CVE-2021-41239
CONFIRM
MISC
MISC
nextcloud — talk
 
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. 2022-03-08 not yet calculated CVE-2021-41180
CONFIRM
MISC
MISC
nextcloud — text
 
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of “File Drop”. For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings. 2022-03-10 not yet calculated CVE-2021-41233
MISC
CONFIRM
northern.tech — cfengine_enterprise Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. 2022-03-10 not yet calculated CVE-2021-44216
MISC
MISC
northern.tech — cfengine_enterprise
 
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. 2022-03-10 not yet calculated CVE-2021-44215
MISC
MISC
nystudio107 — seomatic
 
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. 2022-03-11 not yet calculated CVE-2021-44618
MISC
MISC
onenav — onenav
 
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. 2022-03-12 not yet calculated CVE-2022-26276
MISC
opensuse — opensuse
 
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. 2022-03-09 not yet calculated CVE-2021-36777
CONFIRM
orchardcms — orchardcore Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0820
CONFIRM
MISC
orchardcms — orchardcore
 
Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0822
CONFIRM
MISC
orchardcms — orchardcore
 
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0821
CONFIRM
MISC
otris — update_manager
 
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. 2022-03-10 not yet calculated CVE-2021-40376
MISC
MISC
MISC
overit_geocall — overit_geocall An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution. 2022-03-10 not yet calculated CVE-2022-22834
MISC
MISC
overit_geocall — overit_geocall
 
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem. 2022-03-10 not yet calculated CVE-2022-22835
MISC
MISC
panorama_tools — libpano
 
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. 2022-03-10 not yet calculated CVE-2021-33293
MISC
MISC
pgjdbc — pgjdbc
 
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor’s position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. 2022-03-10 not yet calculated CVE-2022-26520
MISC
MISC
MISC
MISC
power_line_communications — plc4trucks
 
Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals. 2022-03-10 not yet calculated CVE-2022-26131
CONFIRM
power_line_communications — plt4trucks
 
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions. 2022-03-10 not yet calculated CVE-2022-25922
CONFIRM
proofpoint — insider_threat_management_agent_for_windows
 
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. 2022-03-10 not yet calculated CVE-2022-25294
MISC
python — python
 
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-3737
MISC
MISC
MISC
MISC
MISC
MISC
python — python
 
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. 2022-03-10 not yet calculated CVE-2022-26488
MISC
qnx_software_development_platform — qnx_software_development_platform
 
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. 2022-03-10 not yet calculated CVE-2021-32025
MISC
quicklert_for_digium — quickler_for_digium An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application’s permissions (SYSTEM). 2022-03-10 not yet calculated CVE-2021-43970
MISC
MISC
quicklert_for_digium — quickler_for_digium
 
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts’ login IDs and passwords) via the login.jsp uname parameter. 2022-03-10 not yet calculated CVE-2021-43969
MISC
MISC
regex — regex
 
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it’s considered part of the crate’s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it’s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. 2022-03-08 not yet calculated CVE-2022-24713
CONFIRM
MISC
MISC
rockcarry — ffjpeg
 
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. 2022-03-10 not yet calculated CVE-2021-34122
MISC
MISC
saleor– saleor
 
Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2. 2022-03-11 not yet calculated CVE-2022-0932
CONFIRM
MISC
samsung — acount
 
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. 2022-03-10 not yet calculated CVE-2022-25825
MISC
samsung — bixbytouch
 
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. 2022-03-10 not yet calculated CVE-2022-25824
MISC
samsung — galaxy_watch_plugin
 
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. 2022-03-10 not yet calculated CVE-2022-25823
MISC
samsung — galaxy_watch_plugin
 
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25827
MISC
samsung — smr Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. 2022-03-10 not yet calculated CVE-2022-25817
MISC
samsung — smr Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. 2022-03-10 not yet calculated CVE-2022-25818
MISC
samsung — smr PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 2022-03-10 not yet calculated CVE-2022-25815
MISC
samsung — smr OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. 2022-03-10 not yet calculated CVE-2022-25819
MISC
samsung — smr PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 2022-03-10 not yet calculated CVE-2022-25814
MISC
samsung — smr Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication 2022-03-10 not yet calculated CVE-2022-25816
MISC
samsung — smr
 
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. 2022-03-10 not yet calculated CVE-2022-25822
MISC
samsung — smr
 
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. 2022-03-10 not yet calculated CVE-2022-25821
MISC
samsung — smr
 
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. 2022-03-10 not yet calculated CVE-2022-25820
MISC
samsung — watch_active2_plugin
 
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25829
MISC
samsung — watch_active_plugin
 
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25828
MISC

samsung– galaxy_watch3_plugin

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25830
MISC
sap — business_objects_business_intelligence_platform
 
Under certain conditions SAP Business Objects Business Intelligence Platform – versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. 2022-03-10 not yet calculated CVE-2022-24398
MISC
MISC
sap — financial_consolidation
 
SAP Financial Consolidation – version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. 2022-03-10 not yet calculated CVE-2022-26104
MISC
MISC
sap — focused_run
 
The SAP Focused Run (Real User Monitoring) – versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-24399
MISC
MISC
sap — netweaver
 
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) – version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. 2022-03-10 not yet calculated CVE-2022-26103
MISC
MISC
sap — netweaver_application_server_for_abap
 
Due to missing authorization check, SAP NetWeaver Application Server for ABAP – versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn’t authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. 2022-03-10 not yet calculated CVE-2022-26102
MISC
MISC
sap — netweaver_enterprise_portal
 
SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-24395
MISC
MISC
sap — netweaver_enterprise_portal
 
SAP NetWeaver Enterprise Portal – versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. 2022-03-10 not yet calculated CVE-2022-24397
MISC
MISC
sapcar — sapcar
 
SAPCAR – version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. 2022-03-10 not yet calculated CVE-2022-26100
MISC
MISC
sas — logon_manager
 
SAS Logon Manager v9.4 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. 2022-03-10 not yet calculated CVE-2021-42186
MISC
MISC
MISC
sasung — galaxy_s3_plugin
 
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25826
MISC
secomea — gatemanager Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. 2022-03-11 not yet calculated CVE-2021-32009
MISC
secomea — gatemanager
 
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. 2022-03-10 not yet calculated CVE-2021-32006
MISC
sentcms — sentcms sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. 2022-03-10 not yet calculated CVE-2022-24652
MISC
sentcms — sentcms
 
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. 2022-03-10 not yet calculated CVE-2022-24651
MISC
simowireless — luna_simo An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user’s list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. 2022-03-11 not yet calculated CVE-2021-41849
MISC
MISC
MISC
MISC
simowireless — luna_simo An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. 2022-03-11 not yet calculated CVE-2021-41850
MISC
MISC
MISC
MISC
simowireless — luna_simo
 
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatically grant permissions, uninstall apps, set the default launcher app to a malicious launcher app that spoofs other apps, set a network proxy to intercept network traffic, unload kernel modules, set the default keyboard to a keyboard that has keylogging functionality, examine notification contents, send text messages, and more. The spoofed update can optionally contain an arbitrary ARM binary that will be locally stored in internal storage and executed at system startup to achieve persistent code execution as the root user with the osi SELinux domain. This ARM binary will continue to execute at startup even if the app that provided the spoofed update is uninstalled. 2022-03-11 not yet calculated CVE-2021-41848
MISC
MISC
MISC
MISC
simple-git — simple-git
 
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. 2022-03-11 not yet calculated CVE-2022-24433
MISC
MISC
MISC
MISC
simple_diagnostics_agent — simple_diagnostics_agent
 
Simple Diagnostics Agent – versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits. 2022-03-10 not yet calculated CVE-2022-22547
MISC
MISC
simple_diagnostics_agent — simple_diagnostics_agent
 
The Simple Diagnostics Agent – versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations. 2022-03-10 not yet calculated CVE-2022-24396
MISC
MISC
smartbear — codecollaborator
 
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. 2022-03-10 not yet calculated CVE-2021-41657
MISC
MISC
MISC
softing_opc — ua_c++_sdk An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. 2022-03-11 not yet calculated CVE-2021-42577
MISC
MISC
softing_opc — ua_c++_sdk
 
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. 2022-03-11 not yet calculated CVE-2021-42262
MISC
MISC
solarwinds — solarwinds
 
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. 2022-03-10 not yet calculated CVE-2021-35251
MISC
MISC
spectre_bhb — spectre_bhb
 
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim’s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. 2022-03-10 not yet calculated CVE-2022-25368
MISC
MISC
CONFIRM
spip — spip SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. 2022-03-10 not yet calculated CVE-2022-26846
MISC
MISC
MISC
spip — spip
 
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. 2022-03-10 not yet calculated CVE-2022-26847
MISC
MISC
MISC
star7th — showdoc
 
Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. 2022-03-12 not yet calculated CVE-2022-0880
MISC
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/configuration” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42787
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the “.debug_command.config” file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the “/api/appInternals/1.0/agent/configuration” API to map the corresponding ID to a command to be executed. 2022-03-10 not yet calculated CVE-2021-42855
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) PluginServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/plugin/pmx” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42854
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the “/api/appInternals/1.0/agent/diagnostic/logs” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42853
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent
 
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user’s input that allowed a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42786
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent
 
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDaServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/da/pcf” API. The affected endpoint does not have any validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42857
CONFIRM
suitecrm — suitecrm
 
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. 2022-03-10 not yet calculated CVE-2022-23940
MISC
MISC
swagger_ui — swagger_ui
 
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. 2022-03-11 not yet calculated CVE-2018-25031
MISC
MISC
MISC
tenda — ax12 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-03-10 not yet calculated CVE-2022-25560
MISC
tenda — ax12 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-03-10 not yet calculated CVE-2022-25556
MISC
tenda — ax12
 
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. 2022-03-10 not yet calculated CVE-2021-46408
MISC
tenda — ax12
 
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-03-10 not yet calculated CVE-2022-25561
MISC
totolink — a3100r
 
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. 2022-03-11 not yet calculated CVE-2021-44620
MISC
MISC
MISC
tp-link — omada_sdn_software_controller
 
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded “no authentication” method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. 2022-03-10 not yet calculated CVE-2021-44032
MISC
MISC
MISC
tp-link — tapo_c200_ip_camera
 
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. 2022-03-10 not yet calculated CVE-2021-4045
CONFIRM
trend_micro — password_manager
 
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. 2022-03-08 not yet calculated CVE-2022-26337
N/A
trend_micro — portable_security An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 2022-03-08 not yet calculated CVE-2022-26319
N/A
tryton_application_platform — tryton_application_platform An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. 2022-03-10 not yet calculated CVE-2022-26661
MISC
MISC
MLIST
MLIST
DEBIAN
DEBIAN
tryton_application_platform — tryton_application_platform
 
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. 2022-03-10 not yet calculated CVE-2022-26662
MISC
MISC
MLIST
MLIST
DEBIAN
DEBIAN
univerge_wa — univerge_wa
 
UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands. 2022-03-11 not yet calculated CVE-2022-25621
MISC
url-js — url-js
 
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\localhost and localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is. 2022-03-11 not yet calculated CVE-2022-25839
CONFIRM
CONFIRM
urlib — abstractbasicauthhandler
 
There’s a flaw in urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. 2022-03-10 not yet calculated CVE-2021-3733
MISC
MISC
MISC
MISC
MISC
vault_enterprise — vault_enterprise “Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. 2022-03-10 not yet calculated CVE-2022-25243
MISC
MISC
vault_enterprise — vault_enterprise
 
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10. 2022-03-10 not yet calculated CVE-2022-25244
MISC
MISC
veritas_system_recovery — veritas_system_recovery
 
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. 2022-03-10 not yet calculated CVE-2022-26778
MISC
watchguard — firebox_and_xtm
 
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 2022-03-04 not yet calculated CVE-2022-26318
CONFIRM
wavpack — wavpack
 
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. 2022-03-10 not yet calculated CVE-2021-44269
MISC
wire-ios — wire-ios
 
Wire-ios is a messaging application using the wire protocol on apple’s ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-03-11 not yet calculated CVE-2022-23625
MISC
MISC
CONFIRM
wireguard — wireguard
 
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. 2022-03-10 not yet calculated CVE-2022-21132
MISC
MISC
wp_google_map — wp_google_map
 
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 2022-03-11 not yet calculated CVE-2022-25600
CONFIRM
CONFIRM
yokogawa_electric — multiple_product The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-21194
CONFIRM
yokogawa_electric — multiple_product Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-21808
CONFIRM
yokogawa_electric — multiple_products CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22151
CONFIRM
yokogawa_electric — multiple_products ‘Root Service’ service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22148
CONFIRM
yokogawa_electric — multiple_products CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22145
CONFIRM
yokogawa_electric — multiple_products ‘Long-term Data Archive Package’ service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22141
CONFIRM
yokogawa_electric — multiple_products The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 2022-03-11 not yet calculated CVE-2022-23402
CONFIRM
yokogawa_electric — multiple_products There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-21177
CONFIRM
yokogawa_electric — multiple_products CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22729
CONFIRM
yokogawa_electric — multiple_products
 
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-23401
CONFIRM
yxmcms — yzmcms
 
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user’s personal home page can be realized. It is necessary to judge the user’s login status before accessing the personal home page, but the vulnerability can access other users’ home pages through the non login status because real authentication is not carried out. 2022-03-10 not yet calculated CVE-2022-23383
MISC
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of February 28, 2022

03/07/2022 07:14 AM EST

Original release date: March 7, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. 2022-02-25 7.5 CVE-2022-24340
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. 2022-02-25 7.5 CVE-2022-24442
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — airflow It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. 2022-02-25 4.3 CVE-2021-45229
MISC
apache — airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. 2022-02-25 6.5 CVE-2022-24288
MISC
apache — jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 6.8 CVE-2022-24947
MISC
MLIST
apache — jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 4.3 CVE-2022-24948
MISC
MLIST
dolibarr — dolibarr Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. 2022-02-25 4 CVE-2022-0746
CONFIRM
MISC
hashicorp — terraform_enterprise HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. 2022-02-25 5 CVE-2022-25374
MISC
MISC
jetbrains — hub In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. 2022-02-25 5 CVE-2022-24327
MISC
MISC
jetbrains — hub In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. 2022-02-25 4 CVE-2022-24328
MISC
MISC
jetbrains — hub JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. 2022-02-25 4.3 CVE-2022-25259
MISC
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. 2022-02-25 4.6 CVE-2022-24345
MISC
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. 2022-02-25 4.6 CVE-2022-24346
MISC
MISC
jetbrains — kotlin In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. 2022-02-25 5 CVE-2022-24329
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. 2022-02-25 4 CVE-2022-24337
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. 2022-02-25 4 CVE-2022-24333
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. 2022-02-25 6.8 CVE-2022-24335
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. 2022-02-25 4.3 CVE-2022-24338
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. 2022-02-25 6.8 CVE-2022-24342
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn’t terminate sessions of the edited user. 2022-02-25 5 CVE-2022-24341
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. 2022-02-25 5 CVE-2022-24336
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. 2022-02-25 5 CVE-2022-24334
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, a logout action didn’t remove a Remember Me cookie. 2022-02-25 5 CVE-2022-24332
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. 2022-02-25 5.8 CVE-2022-24330
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. 2022-02-25 4 CVE-2022-24343
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
eyesofnetwork — eyesofnetwork An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. 2022-02-25 3.5 CVE-2022-24612
MISC
google — fscrypt fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. 2022-02-25 2.1 CVE-2022-25326
CONFIRM
ibm — vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. 2022-02-25 2.1 CVE-2021-38993
XF
CONFIRM
jetbrains — teamcity JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. 2022-02-25 3.5 CVE-2022-24339
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. 2022-02-25 3.5 CVE-2022-24344
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. 2022-02-25 3.5 CVE-2022-24347
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info

15zine — 15zine

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2020-36510
MISC
academy_software_foundation — openexr A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. 2022-03-04 not yet calculated CVE-2021-20303
MISC
MISC
MISC
academy_software_foundation — openexr A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-20302
MISC
MISC
MISC
academy_software_foundation — openexr
 
A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-20300
MISC
MISC
MISC
air_cargo_management_system — air_cargo_management_system
 
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. 2022-03-02 not yet calculated CVE-2022-26169
MISC
alfresco — alfresco_community_edition
 
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 2022-03-04 not yet calculated CVE-2020-18327
MISC
MISC
algorithmia — msol
 
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. 2022-03-01 not yet calculated CVE-2021-42951
MISC
MISC
ametys — cms
 
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. 2022-02-28 not yet calculated CVE-2022-26159
MISC
MISC
MISC
ansible — ansible_engine A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. 2022-03-03 not yet calculated CVE-2021-3620
MISC
MISC
MISC
any23 — any23
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. 2022-03-05 not yet calculated CVE-2022-25312
MISC
MLIST
apache — poi
 
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. 2022-03-04 not yet calculated CVE-2022-26336
CONFIRM
archeevo — archeevo
 
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. 2022-03-01 not yet calculated CVE-2022-23377
MISC
argus — surveillance_dvr
 
Argus Surveillance DVR v4.0 employs weak password encryption. 2022-03-01 not yet calculated CVE-2022-25012
MISC
MISC
arm — arm
 
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function. 2022-03-03 not yet calculated CVE-2022-22706
MISC
MISC
arm — astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). 2022-02-28 not yet calculated CVE-2021-44331
MISC
arm — astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in “/Source/astcenc_compress_symbolic.cpp”. 2022-02-28 not yet calculated CVE-2021-43086
MISC
aruba — aos-cx
 
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41000
MISC
aruba — aos-cx
 
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. 2022-03-02 not yet calculated CVE-2021-41001
MISC
aruba — aos-cx
 
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41003
MISC
aruba — aos-cx
 
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41002
MISC
asgaros_forum — asgaros_forum
 
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection 2022-02-28 not yet calculated CVE-2022-0411
MISC
CONFIRM
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. 2022-02-28 not yet calculated CVE-2021-43945
MISC
audio_file — audio_file
 
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. 2022-02-28 not yet calculated CVE-2022-25023
MISC
auto_spare_parts_management — auto_spare_parts_management
 
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. 2022-03-02 not yet calculated CVE-2022-25398
MISC
axelor — open_suite Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. 2022-03-03 not yet calculated CVE-2022-25138
MISC
MISC
aya — ayacms
 
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, 2022-03-01 not yet calculated CVE-2021-44238
MISC
bank_management_system — bank_management_system
 
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. 2022-03-02 not yet calculated CVE-2022-26171
MISC
basebmpsupportlib — basebmpsupportlib Heap Overflow in BaseBmpSupportLib. 2022-03-03 not yet calculated CVE-2021-38577
MISC
batflat– cms
 
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. 2022-03-01 not yet calculated CVE-2021-41652
MISC
MISC
big_fix_compliance — big_fix_compliance
 
“TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” 2022-03-04 not yet calculated CVE-2021-27756
MISC
big_fix_insights — big_fix_insights
 
“Insecure password storage issue. The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” 2022-03-04 not yet calculated CVE-2021-27757
MISC
bluez — bluetoothd
 
bluetoothd from bluez incorrectly saves adapters’ Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. 2022-03-02 not yet calculated CVE-2021-3658
MISC
MISC
MISC
MISC
buildah — buildah
 
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). 2022-03-03 not yet calculated CVE-2021-3602
MISC
MISC
MISC
MISC
cacti — cacti
 
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. 2022-03-03 not yet calculated CVE-2022-0730
MISC
car_driving_school_management_system — car_driving_school_management_system

 

Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. 2022-02-28 not yet calculated CVE-2022-24572
MISC
car_driving_school_management_system — car_driving_school_management_system
 
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. 2022-02-28 not yet calculated CVE-2022-24571
MISC
MISC
MISC
cedar_gate — ez-net
 
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. 2022-03-04 not yet calculated CVE-2022-23397
MISC
cherwell — cherwell service_management An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. 2022-02-28 not yet calculated CVE-2022-26155
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. 2022-02-28 not yet calculated CVE-2022-26157
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 2022-02-28 not yet calculated CVE-2022-26158
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker’s server. 2022-02-28 not yet calculated CVE-2022-26156
MISC
MISC
cipi — cipi
 
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. 2022-03-01 not yet calculated CVE-2022-26332
MISC
MISC
clair — claircore
 
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. 2022-03-03 not yet calculated CVE-2021-3762
MISC
MISC
MISC
MISC
MISC
MISC
cmark-grm — cmark-gfm
 
cmark-gfm is GitHub’s extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm’s table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who’s marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. 2022-03-03 not yet calculated CVE-2022-24724
CONFIRM
cms_made_simple — cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. 2022-02-28 not yet calculated CVE-2022-23906
MISC
cms_made_simple — cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. 2022-02-28 not yet calculated CVE-2022-23907
MISC
codeigniter4 — codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. 2022-02-28 not yet calculated CVE-2022-24711
MISC
CONFIRM
codeigniter4 — codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. 2022-02-28 not yet calculated CVE-2022-24712
MISC
CONFIRM
contact_forms-drag_and_drop_contact_form_builder — contact_forms-drag_and_drop_contact_form_builder
 
The Contact Forms – Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack 2022-02-28 not yet calculated CVE-2021-24689
MISC
contaierd — containerd
 
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. 2022-03-03 not yet calculated CVE-2022-23648
CONFIRM
MISC
MISC
MISC
MISC
core_tweaks_wp_setup — core_tweaks_wp_setup
 
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks 2022-02-28 not yet calculated CVE-2021-24803
MISC
coreos-installer — coreos-installer
 
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. 2022-03-04 not yet calculated CVE-2021-20319
MISC
MISC
MISC
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. 2022-03-02 not yet calculated CVE-2022-25395
MISC
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. 2022-03-02 not yet calculated CVE-2022-25396
MISC
cost _calculator — cost_calculator
 
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout 2022-02-28 not yet calculated CVE-2021-24820
MISC
crazy_bone — crazy_bone
 
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting 2022-02-28 not yet calculated CVE-2022-0385
MISC
customize — customize
 
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). 2022-02-28 not yet calculated CVE-2022-0345
MISC
cyberark — identity
 
CyberArk Identity versions up to and including 22.1 in the ‘StartAuthentication’ resource, exposes the response header ‘X-CFY-TX-TM’. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. 2022-03-03 not yet calculated CVE-2022-22700
MISC
MISC
d-link — dap-1620
 
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. 2022-03-04 not yet calculated CVE-2021-46381
MISC
MISC
d-link — dir-859
 
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2022-03-04 not yet calculated CVE-2022-25106
MISC
MISC
MISC
datarobot — datarobot
 
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. 2022-02-28 not yet calculated CVE-2021-45414
MISC
dell — emc_enterprise_storage_analytics_for_vrealize_operations
 
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-03-04 not yet calculated CVE-2021-43590
MISC
devolutions — password_hub_for_ios
 
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. 2022-03-03 not yet calculated CVE-2022-23849
MISC
MISC
dlink — dir-x1860
 
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. 2022-03-04 not yet calculated CVE-2021-46353
MISC
MISC
dlink — dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. 2022-03-04 not yet calculated CVE-2021-46379
MISC
MISC
dlink — dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. 2022-03-04 not yet calculated CVE-2021-46378
MISC
MISC
dolibarr — dolibarr
 
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. 2022-03-02 not yet calculated CVE-2022-0819
MISC
CONFIRM
dropbox — lepton
 
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. 2022-02-28 not yet calculated CVE-2022-26181
MISC
MISC
MISC
dynamic_widgets — dynamic_widgets
 
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2021-24933
MISC
easy_drag_and_drop_all_import — easy_drag_and_drop_all_import
 
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2022-0360
MISC
CONFIRM
editabletable — editabletable
 
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-28 not yet calculated CVE-2021-24898
MISC
elasticsearch — elasticsearch
 
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. 2022-03-03 not yet calculated CVE-2022-23710
MISC
elastisearch — elastisearch
 
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. 2022-03-03 not yet calculated CVE-2022-23708
MISC
element-it — http_commander
 
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. 2022-03-03 not yet calculated CVE-2022-24573
MISC
MISC
espruino — espruino
 
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. 2022-03-05 not yet calculated CVE-2022-25044
MISC
MISC
espruno — espruno
 
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. 2022-03-05 not yet calculated CVE-2022-25465
MISC
event_managemnt — event_management Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. 2022-03-02 not yet calculated CVE-2022-25114
MISC
excel_streaming_reader — excel_streaming_reader
 
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround. 2022-03-02 not yet calculated CVE-2022-23640
CONFIRM
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. 2022-03-01 not yet calculated CVE-2022-24253
MISC
MISC
MISC
extensis — portfolio
 
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. 2022-03-01 not yet calculated CVE-2022-24254
MISC
MISC
MISC
MISC
extensis — portfolio
 
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. 2022-03-01 not yet calculated CVE-2022-24252
MISC
MISC
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. 2022-03-01 not yet calculated CVE-2022-24255
MISC
MISC
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. 2022-03-01 not yet calculated CVE-2022-24251
MISC
MISC
MISC
f-secure — f-secure
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. 2022-03-01 not yet calculated CVE-2021-44747
MISC
finastra — ssr-pages ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4. 2022-03-01 not yet calculated CVE-2022-24718
MISC
MISC
CONFIRM
finastra — ssr-pages
 
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5. 2022-03-01 not yet calculated CVE-2022-24717
MISC
MISC
MISC
CONFIRM
fluture-js — fluture-node
 
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2. 2022-03-01 not yet calculated CVE-2022-24719
MISC
MISC
MISC
CONFIRM
fortinet — fortianalyzer A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. 2022-03-01 not yet calculated CVE-2022-22300
CONFIRM
fortinet — fortiap-c
 
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. 2022-03-02 not yet calculated CVE-2022-22301
CONFIRM
fortinet — fortigate
 
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. 2022-03-01 not yet calculated CVE-2020-15936
CONFIRM
fortinet — fortimail
 
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. 2022-03-01 not yet calculated CVE-2021-32586
CONFIRM
fortinet — fortimail
 
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account’s authentication token by means of the observation of certain system’s properties. 2022-03-01 not yet calculated CVE-2021-36166
CONFIRM
fortinet — fortimanager
 
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. 2022-03-02 not yet calculated CVE-2022-22303
CONFIRM
fortinet — fortiportal
 
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. 2022-03-01 not yet calculated CVE-2021-36171
CONFIRM
fortinet — fortitoken_mobile
 
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user’s password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. 2022-03-02 not yet calculated CVE-2021-44166
CONFIRM
fortinet — fortiwlm
 
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. 2022-03-02 not yet calculated CVE-2021-43070
CONFIRM
fortinet — fortiwlm
 
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. 2022-03-01 not yet calculated CVE-2021-43075
CONFIRM
fortinet — fortiwlm
 
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. 2022-03-01 not yet calculated CVE-2021-43077
CONFIRM
frrouting — frrouting Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. 2022-03-03 not yet calculated CVE-2022-26125
MISC
frrouting — frrouting A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26127
MISC
frrouting — frrouting A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26128
MISC
frrouting — frrouting Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. 2022-03-03 not yet calculated CVE-2022-26126
MISC
frrouting — frrouting
 
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26129
MISC
fulifilm — docucenter-vi
 
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. 2022-03-03 not yet calculated CVE-2021-43774
MISC
MISC
genixcms — genixcms
 
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options” via the intro_title and intro_image parameters. 2022-03-03 not yet calculated CVE-2022-24563
MISC
MISC
MISC
getgrav — grav
 
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. 2022-02-28 not yet calculated CVE-2022-0743
MISC
CONFIRM
go-ethereum — go-ethereum
 
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node’s memory pool, causing a denial of service (DoS). 2022-03-04 not yet calculated CVE-2022-23327
MISC
MISC
MISC
MISC
go-ethereum — go-ethereum
 
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node’s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). 2022-03-04 not yet calculated CVE-2022-23328
MISC
MISC
MISC
MISC
golang — go
 
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 2022-03-05 not yet calculated CVE-2022-24921
CONFIRM
grand_flagallery — grand_flagallery
 
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2021-24903
MISC
grcp — grcp
 
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. 2022-02-28 not yet calculated CVE-2022-26315
MISC
hakimel — revealjs
 
Cross-site Scripting (XSS) – DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. 2022-03-01 not yet calculated CVE-2022-0776
MISC
CONFIRM
haproxy — haproxy
 
A flaw was found in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. 2022-03-02 not yet calculated CVE-2022-0711
MISC
MISC
MISC
hashicorp — nomad
 
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. 2022-02-28 not yet calculated CVE-2022-24685
MISC
MISC
hazelcast — hazelcast
 
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1. 2022-03-03 not yet calculated CVE-2022-0265
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-04 not yet calculated CVE-2022-0752
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. 2022-03-04 not yet calculated CVE-2022-0838
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-03 not yet calculated CVE-2022-0753
MISC
CONFIRM
hicos — hicos
 
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. 2022-03-01 not yet calculated CVE-2020-12775
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. 2022-02-28 not yet calculated CVE-2022-25028
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. 2022-03-02 not yet calculated CVE-2022-25045
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2. 2022-02-28 not yet calculated CVE-2022-25029
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. 2022-03-02 not yet calculated CVE-2022-25115
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. 2022-02-26 not yet calculated CVE-2022-25096
MISC
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-03-02 not yet calculated CVE-2022-25016
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25409
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25408
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a