US-CERT Bulletin (SB22-059):Vulnerability Summary for the Week of February 21, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
airspan — mimosa_management_platform | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | 2022-02-18 | 10 | CVE-2022-21141 MISC |
airspan — mimosa_management_platform | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands. | 2022-02-18 | 10 | CVE-2022-21143 MISC |
airspan — mimosa_management_platform | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | 2022-02-18 | 10 | CVE-2022-21196 MISC |
airspan — mimosa_management_platform | This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1. | 2022-02-18 | 10 | CVE-2022-21215 MISC |
gravitl — netmaker | Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | 2022-02-18 | 10 | CVE-2022-0664 CONFIRM MISC |
libexpat_project — libexpat | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | 2022-02-18 | 7.5 | CVE-2022-25315 MISC MLIST DEBIAN |
linux — linux_kernel | A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. | 2022-02-18 | 7.2 | CVE-2022-0646 MISC |
mingsoft — mcms | An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | 2022-02-18 | 7.5 | CVE-2021-46036 MISC |
moxa — tn-5916-wv-t_firmware | Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. | 2022-02-18 | 7.8 | CVE-2021-46082 MISC MISC |
mruby — mruby | Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 2022-02-18 | 7.5 | CVE-2022-0631 MISC CONFIRM |
object-extend_project — object-extend | The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend. | 2022-02-18 | 7.5 | CVE-2021-23702 CONFIRM |
online_shopping_portal_project — online_shopping_portal | Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | 2022-02-18 | 7.5 | CVE-2021-46110 MISC |
samba — samba | A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | 2022-02-18 | 8.5 | CVE-2020-25717 MISC MISC |
samba — samba | The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide “…enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.” Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | 2022-02-21 | 9 | CVE-2021-44142 CONFIRM CERT-VN CONFIRM MISC |
tmax — tooffice | An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code. | 2022-02-18 | 7.5 | CVE-2021-26618 MISC |
tp-link — tl-wa850re_firmware | TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | 2022-02-18 | 7.5 | CVE-2022-22922 MISC MISC |
zerof — web_server | ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | 2022-02-18 | 7.5 | CVE-2022-25322 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
airspan — mimosa_management_platform | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created. | 2022-02-18 | 5 | CVE-2022-0138 MISC |
airspan — mimosa_management_platform | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords. | 2022-02-18 | 4 | CVE-2022-21800 MISC |
airspan — mimosa_management_platform | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information. | 2022-02-18 | 5 | CVE-2022-21176 MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15368. | 2022-02-18 | 6.8 | CVE-2021-46574 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15024. | 2022-02-18 | 6.8 | CVE-2021-46565 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15027. | 2022-02-18 | 6.8 | CVE-2021-46566 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15028. | 2022-02-18 | 6.8 | CVE-2021-46567 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15030. | 2022-02-18 | 6.8 | CVE-2021-46568 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15031. | 2022-02-18 | 6.8 | CVE-2021-46569 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15364. | 2022-02-18 | 6.8 | CVE-2021-46570 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15365. | 2022-02-18 | 6.8 | CVE-2021-46571 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15366. | 2022-02-18 | 6.8 | CVE-2021-46572 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15367. | 2022-02-18 | 6.8 | CVE-2021-46573 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15371. | 2022-02-18 | 6.8 | CVE-2021-46577 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15370. | 2022-02-18 | 6.8 | CVE-2021-46576 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15369. | 2022-02-18 | 6.8 | CVE-2021-46575 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15372. | 2022-02-18 | 6.8 | CVE-2021-46578 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15374. | 2022-02-18 | 6.8 | CVE-2021-46580 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15375. | 2022-02-18 | 6.8 | CVE-2021-46581 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15376. | 2022-02-18 | 6.8 | CVE-2021-46582 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15377. | 2022-02-18 | 6.8 | CVE-2021-46583 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15378. | 2022-02-18 | 6.8 | CVE-2021-46584 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15379. | 2022-02-18 | 6.8 | CVE-2021-46585 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15380. | 2022-02-18 | 6.8 | CVE-2021-46586 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15023. | 2022-02-18 | 6.8 | CVE-2021-46564 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15373. | 2022-02-18 | 6.8 | CVE-2021-46579 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15381. | 2022-02-18 | 6.8 | CVE-2021-46587 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15400. | 2022-02-18 | 6.8 | CVE-2021-46606 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14987. | 2022-02-18 | 6.8 | CVE-2021-46562 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15402. | 2022-02-18 | 4.3 | CVE-2021-46608 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15386. | 2022-02-18 | 6.8 | CVE-2021-46592 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15391. | 2022-02-18 | 6.8 | CVE-2021-46597 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15392. | 2022-02-18 | 6.8 | CVE-2021-46598 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15395. | 2022-02-18 | 6.8 | CVE-2021-46601 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15397. | 2022-02-18 | 6.8 | CVE-2021-46603 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG images. Crafted data in a PNG image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15398. | 2022-02-18 | 6.8 | CVE-2021-46604 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15399. | 2022-02-18 | 6.8 | CVE-2021-46605 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14990. | 2022-02-18 | 6.8 | CVE-2021-46563 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15401. | 2022-02-18 | 4.3 | CVE-2021-46607 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15382. | 2022-02-18 | 6.8 | CVE-2021-46588 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15396. | 2022-02-18 | 4.3 | CVE-2021-46602 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15394. | 2022-02-18 | 4.3 | CVE-2021-46600 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15393. | 2022-02-18 | 4.3 | CVE-2021-46599 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15390. | 2022-02-18 | 4.3 | CVE-2021-46596 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15389. | 2022-02-18 | 4.3 | CVE-2021-46595 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15388. | 2022-02-18 | 4.3 | CVE-2021-46594 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15387. | 2022-02-18 | 4.3 | CVE-2021-46593 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15383. | 2022-02-18 | 4.3 | CVE-2021-46589 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15385. | 2022-02-18 | 6.8 | CVE-2021-46591 MISC MISC |
bentley — microstation | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15384. | 2022-02-18 | 6.8 | CVE-2021-46590 MISC MISC |
bitdefender — antivirus_plus | A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. | 2022-02-18 | 4.4 | CVE-2020-8107 MISC |
cerebrate-project — cerebrate | An issue was discovered in Cerebrate through 1.4. Username enumeration could occur. | 2022-02-18 | 5 | CVE-2022-25320 MISC |
cerebrate-project — cerebrate | An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups. | 2022-02-18 | 4 | CVE-2022-25318 MISC |
cerebrate-project — cerebrate | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | 2022-02-18 | 4.3 | CVE-2022-25321 MISC MISC |
cerebrate-project — cerebrate | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | 2022-02-18 | 5 | CVE-2022-25319 MISC |
cerebrate-project — cerebrate | An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description. | 2022-02-18 | 4.3 | CVE-2022-25317 MISC |
dart — dart_software_development_kit | Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond. | 2022-02-18 | 4 | CVE-2022-0451 MISC MISC |
dlink — dsl-2730e_firmware | D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | 2022-02-18 | 4.3 | CVE-2021-46108 MISC MISC |
eclipse — lemminx | A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | 2022-02-18 | 6.4 | CVE-2022-0673 MISC |
github — enterprise_server | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-02-18 | 6.5 | CVE-2021-41599 MISC MISC MISC |
ibm — guardium_data_encryption | IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964. | 2022-02-18 | 4.3 | CVE-2021-39026 XF CONFIRM |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | 2022-02-18 | 5 | CVE-2021-38935 XF CONFIRM |
libexpat_project — libexpat | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 2022-02-18 | 4.3 | CVE-2022-25313 MISC MLIST DEBIAN |
libexpat_project — libexpat | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | 2022-02-18 | 5 | CVE-2022-25314 MISC MLIST DEBIAN |
liveconfig — liveconfig | A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server. | 2022-02-18 | 4 | CVE-2021-40841 MISC MISC |
microweber — microweber | Cross-site Scripting (XSS) – Reflected in Packagist microweber/microweber prior to 1.2.11. | 2022-02-19 | 4.3 | CVE-2022-0690 MISC CONFIRM |
microweber — microweber | Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | 2022-02-19 | 5 | CVE-2022-0689 MISC CONFIRM |
microweber — microweber | CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | 2022-02-18 | 5 | CVE-2022-0666 MISC CONFIRM |
microweber — microweber | Cross-site Scripting (XSS) – Reflected in Packagist microweber/microweber prior to 1.2.11. | 2022-02-19 | 4.3 | CVE-2022-0678 CONFIRM MISC |
microweber — microweber | Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | 2022-02-18 | 5 | CVE-2022-0660 CONFIRM MISC |
mingsoft — mcms | MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | 2022-02-18 | 5.8 | CVE-2021-46062 MISC |
mingsoft — mcms | MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | 2022-02-18 | 5.5 | CVE-2021-46037 MISC |
mingsoft — mcms | MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | 2022-02-18 | 6.4 | CVE-2021-46063 MISC |
quadlayers — perfect_brands_for_woocommerce | The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | 2022-02-18 | 5 | CVE-2022-23982 CONFIRM CONFIRM |
quadlayers — perfect_brands_for_woocommerce | The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | 2022-02-18 | 4 | CVE-2022-23981 CONFIRM CONFIRM |
redhat — vscode-xml | A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | 2022-02-18 | 6.4 | CVE-2022-0671 MISC MISC |
samba — samba | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | 2022-02-18 | 6.5 | CVE-2020-25722 MISC MISC |
samba — samba | A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | 2022-02-18 | 4.3 | CVE-2016-2124 MISC MISC |
santesoft — dicom_viewer_pro | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14972. | 2022-02-18 | 4.3 | CVE-2022-24055 MISC |
santesoft — dicom_viewer_pro | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-15098. | 2022-02-18 | 6.8 | CVE-2022-24059 MISC |
santesoft — dicom_viewer_pro | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15077. | 2022-02-18 | 6.8 | CVE-2022-24057 MISC |
santesoft — dicom_viewer_pro | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15076. | 2022-02-18 | 6.8 | CVE-2022-24056 MISC |
webcc_project — webcc | This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server. | 2022-02-18 | 5 | CVE-2022-25298 MISC MISC |
wireshark — wireshark | Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file | 2022-02-18 | 4.3 | CVE-2022-0585 CONFIRM MISC FEDORA FEDORA |
zerof — web_server | ZEROF Web Server 2.0 allows /admin.back XSS. | 2022-02-18 | 4.3 | CVE-2022-25323 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
eclipse — lemminx | A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. | 2022-02-18 | 2.1 | CVE-2022-0672 MISC |
erudika — scoold | Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters. | 2022-02-18 | 3.5 | CVE-2021-46372 MISC |
samba — samba | All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. | 2022-02-21 | 3.5 | CVE-2021-44141 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accesspress_themes — plugins_and_themes |
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion | 2022-02-21 | not yet calculated | CVE-2021-24867 MISC MISC |
accounting_journal_management — accounting_journal_management |
Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. | 2022-02-24 | not yet calculated | CVE-2022-24582 MISC |
ad_inserter — ad_inserter |
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-02-21 | not yet calculated | CVE-2022-0288 MISC |
advanced_database_cleaner — advanced_database_cleaner |
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | 2022-02-21 | not yet calculated | CVE-2021-24921 MISC |
alecto — camera |
Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. | 2022-02-24 | not yet calculated | CVE-2022-24610 MISC |
alluxio — alluxio |
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability. | 2022-02-20 | not yet calculated | CVE-2022-23848 CONFIRM |
amazon — echo_dot |
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an “Alexa versus Alexa (AvA)” attack. | 2022-02-24 | not yet calculated | CVE-2022-25809 MISC |
anti-malware_security_and_brute-force_firewall — anti-malware_security_and_brute-force_firewall |
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user. | 2022-02-21 | not yet calculated | CVE-2021-25101 MISC |
anuko — time_tracker | Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name. | 2022-02-24 | not yet calculated | CVE-2022-24708 MISC CONFIRM |
anuko — time_tracker |
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input. | 2022-02-24 | not yet calculated | CVE-2022-24707 MISC CONFIRM |
anycomment — anycomment |
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | 2022-02-21 | not yet calculated | CVE-2022-0134 MISC |
anycomment — anycomment |
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users | 2022-02-21 | not yet calculated | CVE-2022-0279 MISC |
apache — airflow | In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | 2022-02-25 | not yet calculated | CVE-2022-24288 MISC |
apache — airflow |
It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. | 2022-02-25 | not yet calculated | CVE-2021-45229 MISC |
apache — apache_jspwiki |
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. | 2022-02-25 | not yet calculated | CVE-2022-24948 MISC MLIST |
apache — apache_jspwiki |
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. | 2022-02-25 | not yet calculated | CVE-2022-24947 MISC MLIST |
atlassian — jira_service_management_server_and_data_center |
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the “Object Schema” field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0. | 2022-02-24 | not yet calculated | CVE-2021-43943 N/A |
audio_file_library — audio_file_library |
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn’t use zero bytes to truncate the data. | 2022-02-24 | not yet calculated | CVE-2022-24599 MISC |
awful_salmonella_tar — awful_salmonella_tar |
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories. | 2022-02-18 | not yet calculated | CVE-2022-25358 MISC MISC |
b2-sdk-python — b2-sdk-python |
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. SDK users of the SqliteAccountInfo format are vulnerable while users of the InMemoryAccountInfo format are safe. The SqliteAccountInfo saves API keys (and bucket name-to-id mapping) in a local database file ($XDG_CONFIG_HOME/b2/account_info, ~/.b2_account_info or a user-defined path). When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory containing the file is readable by a local attacker then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Consumers of this SDK who rely on it to save data using SqliteAccountInfo class should upgrade to the latest version of the SDK. Those who believe a local user might have opened a handle using this race condition, should remove the affected database files and regenerate all application keys. Users should upgrade to b2-sdk-python 1.14.1 or later. | 2022-02-23 | not yet calculated | CVE-2022-23651 MISC MISC CONFIRM |
b2_command-line_tool — b2_command_line_tool |
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CONFIG_HOME/b2/account_info`, `~/.b2_account_info` or a user-defined path) when `b2 authorize-account` is first run. This happens regardless of whether a valid key is provided or not. When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory is readable by a local attacker and the user did not yet run `b2 authorize-account` then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Users that have not yet run `b2 authorize-account` should upgrade to B2 Command-Line Tool v3.2.1 before running it. Users that have run `b2 authorize-account` are safe if at the time of the file creation no other local users had read access to the local configuration file. Users that have run `b2 authorize-account` where the designated path could be opened by another local user should upgrade to B2 Command-Line Tool v3.2.1 and remove the database and regenerate all application keys. Note that `b2 clear-account` does not remove the database file and it should not be used to ensure that all open handles to the file are invalidated. If B2 Command-Line Tool cannot be upgraded to v3.2.1 due to a dependency conflict, a binary release can be used instead. Alternatively a new version could be installed within a virtualenv, or the permissions can be changed to prevent local users from opening the database file. | 2022-02-23 | not yet calculated | CVE-2022-23653 CONFIRM MISC |
baicloud-cms — baicloud-cms |
BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | 2022-02-19 | not yet calculated | CVE-2021-44302 MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15507. | 2022-02-18 | not yet calculated | CVE-2021-46635 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15508. | 2022-02-18 | not yet calculated | CVE-2021-46636 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15510. | 2022-02-18 | not yet calculated | CVE-2021-46638 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15511. | 2022-02-18 | not yet calculated | CVE-2021-46639 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. Crafted data in a BMP image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15531. | 2022-02-18 | not yet calculated | CVE-2021-46645 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15537. | 2022-02-18 | not yet calculated | CVE-2021-46651 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15535. | 2022-02-18 | not yet calculated | CVE-2021-46649 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15464. | 2022-02-18 | not yet calculated | CVE-2021-46634 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15509. | 2022-02-18 | not yet calculated | CVE-2021-46637 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15534. | 2022-02-18 | not yet calculated | CVE-2021-46648 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15533. | 2022-02-18 | not yet calculated | CVE-2021-46647 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15532. | 2022-02-18 | not yet calculated | CVE-2021-46646 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15536. | 2022-02-18 | not yet calculated | CVE-2021-46650 MISC MISC |
bentley — microstation_connect |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15530. | 2022-02-18 | not yet calculated | CVE-2021-46644 MISC MISC |
bentley — microstation_connect |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15463. | 2022-02-18 | not yet calculated | CVE-2021-46633 MISC MISC |
bentley — view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15515. | 2022-02-18 | not yet calculated | CVE-2021-46643 MISC MISC |
bentley — view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15457. | 2022-02-18 | not yet calculated | CVE-2021-46627 MISC MISC |
bentley — view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15459. | 2022-02-18 | not yet calculated | CVE-2021-46629 MISC MISC |
bentley — view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15460. | 2022-02-18 | not yet calculated | CVE-2021-46630 MISC MISC |
bentley — view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15461. | 2022-02-18 | not yet calculated | CVE-2021-46631 MISC MISC |
bentley — view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15462. | 2022-02-18 | not yet calculated | CVE-2021-46632 MISC MISC |
bentley — view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15630. | 2022-02-18 | not yet calculated | CVE-2021-46655 MISC MISC |
bentley — view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455. | 2022-02-18 | not yet calculated | CVE-2021-46625 MISC MISC |
bentley — view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15454. | 2022-02-18 | not yet calculated | CVE-2021-46624 MISC MISC |
bentley — view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15631. | 2022-02-18 | not yet calculated | CVE-2021-46656 MISC MISC |
bentley — view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15453. | 2022-02-18 | not yet calculated | CVE-2021-46623 MISC MISC |
bentley — view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15458. | 2022-02-18 | not yet calculated | CVE-2021-46628 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15538. | 2022-02-18 | not yet calculated | CVE-2021-46652 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15540. | 2022-02-18 | not yet calculated | CVE-2021-46654 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15539. | 2022-02-18 | not yet calculated | CVE-2021-46653 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15514. | 2022-02-18 | not yet calculated | CVE-2021-46642 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15456. | 2022-02-18 | not yet calculated | CVE-2021-46626 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN file. Crafted data in a DNG file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15513. | 2022-02-18 | not yet calculated | CVE-2021-46641 MISC MISC |
bentley — view |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15512. | 2022-02-18 | not yet calculated | CVE-2021-46640 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15411. | 2022-02-18 | not yet calculated | CVE-2021-46617 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415. | 2022-02-18 | not yet calculated | CVE-2021-46621 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15410. | 2022-02-18 | not yet calculated | CVE-2021-46616 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15414. | 2022-02-18 | not yet calculated | CVE-2021-46620 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15413. | 2022-02-18 | not yet calculated | CVE-2021-46619 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15412. | 2022-02-18 | not yet calculated | CVE-2021-46618 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15416. | 2022-02-18 | not yet calculated | CVE-2021-46622 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15409. | 2022-02-18 | not yet calculated | CVE-2021-46615 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15406. | 2022-02-18 | not yet calculated | CVE-2021-46612 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15405. | 2022-02-18 | not yet calculated | CVE-2021-46611 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15404. | 2022-02-18 | not yet calculated | CVE-2021-46610 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15407. | 2022-02-18 | not yet calculated | CVE-2021-46613 MISC MISC |
bentley — microstation_connect | Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15408. | 2022-02-18 | not yet calculated | CVE-2021-46614 MISC MISC |
bentley — microstation_connect | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15403. | 2022-02-18 | not yet calculated | CVE-2021-46609 MISC MISC |
blender — blender |
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. | 2022-02-24 | not yet calculated | CVE-2022-0545 MISC |
blender — blender |
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. | 2022-02-24 | not yet calculated | CVE-2022-0544 MISC |
blender — blender |
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. | 2022-02-24 | not yet calculated | CVE-2022-0546 MISC |
bloofoxcms — bloofoxcms | Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 – 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php. | 2022-02-24 | not yet calculated | CVE-2021-44610 MISC |
bloofoxcms — bloofoxcms |
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 – 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. | 2022-02-24 | not yet calculated | CVE-2021-44608 MISC |
bmc_tracki-it! — bmc_track-it! |
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618. | 2022-02-18 | not yet calculated | CVE-2022-24047 MISC MISC |
brocade — fabric_os |
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. | 2022-02-21 | not yet calculated | CVE-2021-27797 MISC |
brocade — fabric_os |
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries. | 2022-02-21 | not yet calculated | CVE-2021-27796 MISC |
bsafe — bsafe | Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date. | 2022-02-23 | not yet calculated | CVE-2022-24409 CONFIRM |
buffer_button — buffer_button |
The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field. | 2022-02-21 | not yet calculated | CVE-2021-25058 MISC |
c-dataonu4ferw — c-dataonu4ferw |
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | 2022-02-25 | not yet calculated | CVE-2021-44132 MISC |
capsule_operator — capsule_operator |
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue. | 2022-02-22 | not yet calculated | CVE-2022-23652 MISC CONFIRM MISC |
checkmk — checkmk | In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | 2022-02-24 | not yet calculated | CVE-2022-24566 MISC |
checkmk — checkmk |
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | 2022-02-21 | not yet calculated | CVE-2022-24564 MISC |
checkmk — checkmk |
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | 2022-02-24 | not yet calculated | CVE-2022-24565 MISC |
chocobozzz — peertube | Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | 2022-02-23 | not yet calculated | CVE-2022-0726 CONFIRM MISC |
chocobozzz — peertube |
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | 2022-02-23 | not yet calculated | CVE-2022-0727 MISC CONFIRM |
cimplicity — cimplicity |
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | 2022-02-25 | not yet calculated | CVE-2022-21798 MISC |
cimplicity — cimplicity |
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | 2022-02-25 | not yet calculated | CVE-2022-23921 MISC |
cisco — nx-os_software |
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default. | 2022-02-23 | not yet calculated | CVE-2022-20650 CISCO |
cisco — nxos_software | A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic. | 2022-02-23 | not yet calculated | CVE-2022-20623 CISCO |
cisco — nxos_software | A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2022-02-23 | not yet calculated | CVE-2022-20624 CISCO |
cisco — nxos_software |
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart. | 2022-02-23 | not yet calculated | CVE-2022-20625 CISCO |
cobbler — cobbler | An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the “#from MODULE import” substring. (Only lines beginning with #import are blocked.) | 2022-02-19 | not yet calculated | CVE-2021-45082 MISC MISC |
cobbler — cobbler | An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it’s trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password. | 2022-02-20 | not yet calculated | CVE-2021-45083 MISC MISC |
cobbler — cobbler |
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. | 2022-02-20 | not yet calculated | CVE-2021-45081 MISC MLIST |
coming_soon_and_maintenance — coming_soon_and_maintenance | The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack | 2022-02-21 | not yet calculated | CVE-2022-0199 CONFIRM MISC |
coming_soon_and_maintenance — coming_soon_and_maintenance |
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | 2022-02-21 | not yet calculated | CVE-2022-0164 MISC CONFIRM |
corenlp — corenlp |
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 2022-02-24 | not yet calculated | CVE-2021-44550 MISC |
cosign — cosign |
Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn’t. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and “keyless signing” with Fulcio. If an attacker has access to the signature in OCI, they can manipulate cosign into believing the entry was stored in Rekor even though it wasn’t. The vulnerability has been patched in v1.5.2 of Cosign. The `signature` in the `signedEntryTimestamp` provided by Rekor is now compared to the `signature` that is being verified. If these don’t match, then an error is returned. If a valid bundle is copied to a different signature, verification should fail. Cosign output now only informs the user that certificates were verified if a certificate was in fact verified. There is currently no known workaround. | 2022-02-18 | not yet calculated | CVE-2022-23649 CONFIRM MISC |
cryptomator — cryptomator |
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable. | 2022-02-19 | not yet calculated | CVE-2022-25366 MISC MISC |
cuppa_cms — cuppa_cms |
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | 2022-02-24 | not yet calculated | CVE-2022-25401 MISC |
cybonet — pineapp_mail_relay | Cybonet – PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server. | 2022-02-24 | not yet calculated | CVE-2022-22793 MISC |
cybonet — pineapp_mail_relay |
Cybonet – PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. | 2022-02-24 | not yet calculated | CVE-2022-22794 MISC |
cyrus_sasl — cyrus_sasl |
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | 2022-02-24 | not yet calculated | CVE-2022-24407 MLIST CONFIRM MISC |
database_backup — database_backup |
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue | 2022-02-21 | not yet calculated | CVE-2022-0255 MISC |
docker_desktop — docker_desktop |
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | 2022-02-19 | not yet calculated | CVE-2022-25365 MISC |
dolibarr — dolibarr |
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | 2022-02-23 | not yet calculated | CVE-2022-0731 MISC CONFIRM |
dolibarr — dolibarr |
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | 2022-02-25 | not yet calculated | CVE-2022-0746 CONFIRM MISC |
download_manager — download_manager |
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue | 2022-02-21 | not yet calculated | CVE-2021-25069 CONFIRM MISC |
drogonframework/drogon — drogonframework/drogon |
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. | 2022-02-21 | not yet calculated | CVE-2022-25297 CONFIRM CONFIRM CONFIRM |
duck — duck |
duck before 0.10 did not properly handle loading of untrusted code from the current directory. | 2022-02-19 | not yet calculated | CVE-2016-1239 MISC |
duplicate_page_or_post — duplicate_page_or_post |
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues | 2022-02-21 | not yet calculated | CVE-2021-25075 MISC |
ec-cube — ec-cube |
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. | 2022-02-24 | not yet calculated | CVE-2022-25355 MISC MISC |
ec-cube — ec-cube |
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin ‘Mail Magazine Management Plugin’ ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly. | 2022-02-24 | not yet calculated | CVE-2022-21179 MISC MISC |
ectouch — ectouch |
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. | 2022-02-24 | not yet calculated | CVE-2022-25098 MISC |
emerson — openenterprise |
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | 2022-02-24 | not yet calculated | CVE-2020-10640 CONFIRM |
emerson — openenterprise |
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | 2022-02-24 | not yet calculated | CVE-2020-10636 CONFIRM |
emerson — openenterprise |
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | 2022-02-24 | not yet calculated | CVE-2020-10632 CONFIRM |
envoy — envoy | Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service. | 2022-02-22 | not yet calculated | CVE-2021-43825 MISC CONFIRM |
envoy — envoy | Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy’s tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade. | 2022-02-22 | not yet calculated | CVE-2022-21654 MISC CONFIRM |
envoy — envoy | Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener. | 2022-02-22 | not yet calculated | CVE-2022-21655 CONFIRM MISC |
envoy — envoy | Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. | 2022-02-22 | not yet calculated | CVE-2021-43826 CONFIRM MISC |
envoy — envoy |
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade. | 2022-02-22 | not yet calculated | CVE-2022-21657 MISC CONFIRM |
envoy — envoy |
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a “type confusion” bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted. | 2022-02-22 | not yet calculated | CVE-2022-21656 MISC CONFIRM |
envoy — envoy |
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade. | 2022-02-22 | not yet calculated | CVE-2021-43824 CONFIRM MISC |
envoy — envoy |
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade. | 2022-02-22 | not yet calculated | CVE-2022-23606 MISC CONFIRM |
eset — eset |
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system. | 2022-02-25 | not yet calculated | CVE-2022-0615 MISC |
essential_addons_for_elementor_life — essential_addons_for_elementor_life |
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8. | 2022-02-24 | not yet calculated | CVE-2022-0683 MISC MISC |
exportfeed — exportfeed |
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users | 2022-02-21 | not yet calculated | CVE-2021-4208 MISC |
eyesofnetwork — eyesofnetwork |
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. | 2022-02-25 | not yet calculated | CVE-2022-24612 MISC |
fatek_automation — fvdesigner | The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code | 2022-02-25 | not yet calculated | CVE-2022-25170 MISC |
fatek_automation — fvdesigner |
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. | 2022-02-25 | not yet calculated | CVE-2022-21209 MISC |
fatek_automation — fvdesigner |
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. | 2022-02-25 | not yet calculated | CVE-2022-23985 MISC |
feedwordpress — feedwordpress |
The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the “visibility” parameter. | 2022-02-21 | not yet calculated | CVE-2021-25055 CONFIRM MISC |
fgribreau — node-request-retry |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. | 2022-02-23 | not yet calculated | CVE-2022-0654 MISC CONFIRM |
filecloud — filecloud |
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter “path” passing “/SHARED/<username>”. A malicious actor could identify the existence of users by requesting share information on specified share paths. | 2022-02-24 | not yet calculated | CVE-2022-24633 MISC |
firstmall — firstmall |
This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | 2022-02-25 | not yet calculated | CVE-2021-26617 MISC |
five_start_business_profile_schema — five_start_business_profile_schema |
The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | 2022-02-21 | not yet calculated | CVE-2021-25060 MISC |
float — float |
The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack | 2022-02-21 | not yet calculated | CVE-2022-0313 CONFIRM MISC |
fortiguard — fortios |
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. | 2022-02-24 | not yet calculated | CVE-2021-26092 CONFIRM |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OnMouseExit method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14848. | 2022-02-18 | not yet calculated | CVE-2022-24356 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16115. | 2022-02-18 | not yet calculated | CVE-2022-24368 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16087. | 2022-02-18 | not yet calculated | CVE-2022-24369 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15743. | 2022-02-18 | not yet calculated | CVE-2022-24357 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15853. | 2022-02-18 | not yet calculated | CVE-2022-24366 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15852. | 2022-02-18 | not yet calculated | CVE-2022-24365 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15703. | 2022-02-18 | not yet calculated | CVE-2022-24358 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15877. | 2022-02-18 | not yet calculated | CVE-2022-24367 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15987. | 2022-02-18 | not yet calculated | CVE-2022-24362 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15861. | 2022-02-18 | not yet calculated | CVE-2022-24363 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15811. | 2022-02-18 | not yet calculated | CVE-2022-24361 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15744. | 2022-02-18 | not yet calculated | CVE-2022-24360 MISC MISC |
foxit — pdf_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15851. | 2022-02-18 | not yet calculated | CVE-2022-24364 MISC MISC |
foxit — pdf_reader |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15702. | 2022-02-18 | not yet calculated | CVE-2022-24359 MISC MISC |
foxit — pdf_reader |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14819. | 2022-02-18 | not yet calculated | CVE-2022-24370 MISC MISC |
foxit — pdf_reader |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15812. | 2022-02-18 | not yet calculated | CVE-2022-24971 MISC MISC |
fuel-cms — fuel-cms |
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | 2022-02-24 | not yet calculated | CVE-2021-44607 MISC |
fuschia — fuschia |
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. | 2022-02-25 | not yet calculated | CVE-2022-0247 CONFIRM |
givewp — givewp |
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting | 2022-02-21 | not yet calculated | CVE-2021-25100 CONFIRM MISC |
givewp — givewp |
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting | 2022-02-21 | not yet calculated | CVE-2021-25099 MISC CONFIRM |
givewp — givewp |
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-02-21 | not yet calculated | CVE-2022-0252 CONFIRM MISC |
google — fscrypt | The PAM module for fscrypt doesn’t adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | 2022-02-25 | not yet calculated | CVE-2022-25327 CONFIRM |
google — fscrypt | fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. | 2022-02-25 | not yet calculated | CVE-2022-25326 CONFIRM |
google — fscrypt |
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above | 2022-02-25 | not yet calculated | CVE-2022-25328 CONFIRM |
harmonyos — harmonyos |
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. | 2022-02-25 | not yet calculated | CVE-2021-22478 MISC |
harmonyos — harmonyos |
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. | 2022-02-25 | not yet calculated | CVE-2021-22480 MISC |
harmonyos — harmonyos |
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | 2022-02-25 | not yet calculated | CVE-2021-22479 MISC |
hashicorp — consul_and_consul_enterprise |
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. | 2022-02-24 | not yet calculated | CVE-2022-24687 MISC MISC |
hashicorp — terraform_enterprise |
HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. | 2022-02-25 | not yet calculated | CVE-2022-25374 MISC MISC |
hcl_software — sametime_for_android | “Sametime Android PathTraversal Vulnerability” | 2022-02-21 | not yet calculated | CVE-2021-27753 MISC |
hcl_software — sametime_for_android | “Sametime Android potential path traversal vulnerability when using File class” | 2022-02-21 | not yet calculated | CVE-2021-27755 MISC |
header_footer_code_manager — header_footer_code_manager |
The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST[‘page’] parameter. | 2022-02-24 | not yet calculated | CVE-2022-0710 MISC |
hms — hms | An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | 2022-02-24 | not yet calculated | CVE-2022-25402 MISC |
hms — hms |
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | 2022-02-24 | not yet calculated | CVE-2022-25403 MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | 2022-02-26 | not yet calculated | CVE-2022-25096 MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | 2022-02-26 | not yet calculated | CVE-2022-25095 MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter “cover” in SystemSettings.php. | 2022-02-26 | not yet calculated | CVE-2022-25094 MISC |
homebrew — mruby | Out-of-bounds Read in Homebrew mruby prior to 3.2. | 2022-02-19 | not yet calculated | CVE-2022-0630 MISC CONFIRM |
homebrew — mruby |
NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 2022-02-19 | not yet calculated | CVE-2022-0632 CONFIRM MISC |
honeywell — devices | Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. | 2022-02-24 | not yet calculated | CVE-2021-39364 MISC MISC CONFIRM |
honeywell — devices |
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | 2022-02-24 | not yet calculated | CVE-2021-39363 MISC MISC CONFIRM |
horizontcms — horizontcms | A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-02-24 | not yet calculated | CVE-2022-25101 MISC |
horizontcms — horizontcms |
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. | 2022-02-24 | not yet calculated | CVE-2022-25104 MISC |
hospital_patient_record_management_system — hospital_patient_record_management_system | Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. | 2022-02-24 | not yet calculated | CVE-2022-25003 MISC |
hospital_patient_record_management_system — hospital_patient_record_management_system |
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-02-24 | not yet calculated | CVE-2022-24232 MISC |
hospital_patient_record_management_system — hospital_patient_record_management_system |
Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. | 2022-02-24 | not yet calculated | CVE-2022-25004 MISC |
hpe — ilo_amplifier_pack |
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack. | 2022-02-24 | not yet calculated | CVE-2021-29220 MISC |
hpe — integrated_lights-out_4_firmware |
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4). | 2022-02-24 | not yet calculated | CVE-2022-23701 MISC |
hpe — oneview_global_dashboard |
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | 2022-02-24 | not yet calculated | CVE-2021-29217 MISC |
hpe — oneview_global_dashboard |
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | 2022-02-24 | not yet calculated | CVE-2021-29216 MISC |
htmldoc — htmldoc |
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | 2022-02-24 | not yet calculated | CVE-2021-26252 MISC |
huawei — devices |
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device. | 2022-02-25 | not yet calculated | CVE-2021-40043 MISC |
huawei — products |
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. | 2022-02-25 | not yet calculated | CVE-2021-22441 MISC |
huawei — smartphones |
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. | 2022-02-25 | not yet calculated | CVE-2021-22489 MISC MISC |
huawei — smartphones |
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. | 2022-02-25 | not yet calculated | CVE-2021-22448 MISC |
huawei — smartphones |
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-02-25 | not yet calculated | CVE-2021-37027 MISC MISC |
huawei — smartphones |
There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. | 2022-02-25 | not yet calculated | CVE-2021-22437 MISC |
huawei — smartphones |
There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 2022-02-25 | not yet calculated | CVE-2021-22434 MISC MISC |
huawei — smartphones |
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | 2022-02-25 | not yet calculated | CVE-2021-22432 MISC MISC |
huawei — smartphones |
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 2022-02-25 | not yet calculated | CVE-2021-22433 MISC MISC |
huawei — smartphones |
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 2022-02-25 | not yet calculated | CVE-2021-22429 MISC MISC |
huawei — smartphones |
There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | 2022-02-25 | not yet calculated | CVE-2021-22395 MISC MISC |
huawei — smartphones |
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | 2022-02-25 | not yet calculated | CVE-2021-22426 MISC MISC |
huawei — smartphones |
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. | 2022-02-25 | not yet calculated | CVE-2021-22319 MISC MISC |
huawei — smartphones |
There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. | 2022-02-25 | not yet calculated | CVE-2021-22430 MISC MISC |
huawei — smartphones |
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | 2022-02-25 | not yet calculated | CVE-2021-22431 MISC MISC |
huawei — smartphones |
There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. | 2022-02-25 | not yet calculated | CVE-2021-22394 MISC MISC |
huawei — wallet | There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. | 2022-02-25 | not yet calculated | CVE-2021-37103 MISC |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073. | 2022-02-24 | not yet calculated | CVE-2021-38995 CONFIRM XF |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072. | 2022-02-24 | not yet calculated | CVE-2021-38994 CONFIRM XF |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. | 2022-02-25 | not yet calculated | CVE-2021-38993 XF CONFIRM |
ibm — planning_analytics |
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. | 2022-02-21 | not yet calculated | CVE-2022-22308 XF CONFIRM |
ibm — sterling | IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. | 2022-02-23 | not yet calculated | CVE-2022-22336 XF CONFIRM |
ibm — sterling |
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. | 2022-02-23 | not yet calculated | CVE-2022-22333 XF CONFIRM |
ibm — sterling |
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. | 2022-02-24 | not yet calculated | CVE-2022-22349 XF CONFIRM |
ibm — websphere_application_server |
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. | 2022-02-24 | not yet calculated | CVE-2021-39038 CONFIRM XF |
image_photo_gallery_final_tiles_grid — image_photo_gallery_final_tiles_grid |
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard | 2022-02-21 | not yet calculated | CVE-2022-0186 MISC |
imagemagick — imagemagick |
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. | 2022-02-24 | not yet calculated | CVE-2021-3610 MISC MISC |
imagemagick — imagemagick |
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2’s xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. | 2022-02-24 | not yet calculated | CVE-2021-3596 MISC MISC |
istio — istio |
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent. | 2022-02-22 | not yet calculated | CVE-2022-23635 MISC MISC CONFIRM |
jetbrains — hub |
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | 2022-02-25 | not yet calculated | CVE-2022-24327 MISC MISC |
jetbrains — hub |
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | 2022-02-25 | not yet calculated | CVE-2022-25259 MISC MISC |
jetbrains — hub |
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | 2022-02-25 | not yet calculated | CVE-2022-25260 MISC MISC |
jetbrains — hub |
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | 2022-02-25 | not yet calculated | CVE-2022-24328 MISC MISC |
jetbrains — hub |
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 2022-02-25 | not yet calculated | CVE-2022-25262 MISC MISC |
jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | 2022-02-25 | not yet calculated | CVE-2022-24346 MISC MISC |
jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. | 2022-02-25 | not yet calculated | CVE-2022-24345 MISC MISC |
jetbrains — kotlin |
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | 2022-02-25 | not yet calculated | CVE-2022-24329 MISC MISC |
jetbrains — multiple_products |
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | 2022-02-25 | not yet calculated | CVE-2021-45977 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | 2022-02-25 | not yet calculated | CVE-2022-24330 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | 2022-02-25 | not yet calculated | CVE-2022-24336 MISC MISC |
jetbrains — teamcity |
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 2022-02-25 | not yet calculated | CVE-2022-25263 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. | 2022-02-25 | not yet calculated | CVE-2022-24334 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | 2022-02-25 | not yet calculated | CVE-2022-24337 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.3, environment variables of the “password” type could be logged in some cases. | 2022-02-25 | not yet calculated | CVE-2022-25264 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | 2022-02-25 | not yet calculated | CVE-2022-24331 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 2022-02-25 | not yet calculated | CVE-2022-24340 MISC MISC |
jetbrains — teamcity |
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. | 2022-02-25 | not yet calculated | CVE-2022-24335 MISC MISC |
jetbrains — teamcity |
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | 2022-02-25 | not yet calculated | CVE-2022-25261 MISC MISC |
jetbrains — teamcity |
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | 2022-02-25 | not yet calculated | CVE-2022-24339 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn’t terminate sessions of the edited user. | 2022-02-25 | not yet calculated | CVE-2022-24341 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2, a logout action didn’t remove a Remember Me cookie. | 2022-02-25 | not yet calculated | CVE-2022-24332 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | 2022-02-25 | not yet calculated | CVE-2022-24342 MISC MISC |
jetbrains — teamcity |
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | 2022-02-25 | not yet calculated | CVE-2022-24338 MISC MISC |
jetbrains — teamcity |
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. | 2022-02-25 | not yet calculated | CVE-2022-24333 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | 2022-02-25 | not yet calculated | CVE-2022-24343 MISC MISC |
jetbrains — youtrack |
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | 2022-02-25 | not yet calculated | CVE-2022-24442 MISC MISC |
jetbrains — youtrack |
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | 2022-02-25 | not yet calculated | CVE-2022-24344 MISC MISC |
jetbrains — youtrack |
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | 2022-02-25 | not yet calculated | CVE-2022-24347 MISC MISC |
jquery-upload-file — jquery-upload-file |
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | 2022-02-25 | not yet calculated | CVE-2021-37504 MISC MISC MISC MISC MISC MISC MISC |
karma — karma |
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | 2022-02-25 | not yet calculated | CVE-2021-23495 CONFIRM CONFIRM CONFIRM |
kde_kcron — kde_kcron |
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | 2022-02-26 | not yet calculated | CVE-2022-24986 MISC MISC |
kuka.sim — pro |
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext. | 2022-02-24 | not yet calculated | CVE-2020-10635 CONFIRM |
laravel — fortify |
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the “OT” part of the “TOTP” concept. | 2022-02-24 | not yet calculated | CVE-2022-25838 MISC |
libreoffice — libreoffice |
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both “X509Data” and “KeyValue” children of the “KeyInfo” tag, which when opened caused LibreOffice to verify using the “KeyValue” but to report verification with the unrelated “X509Data” value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5. | 2022-02-24 | not yet calculated | CVE-2021-25636 MISC |
libsixel — libsixel |
In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. | 2022-02-19 | not yet calculated | CVE-2021-46700 MISC |
libxml — libxml |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 2022-02-26 | not yet calculated | CVE-2022-23308 MISC CONFIRM |
limesurvey — limesurvey |
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | 2022-02-24 | not yet calculated | CVE-2021-44967 MISC MISC |
linux — linux+kernel |
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | 2022-02-20 | not yet calculated | CVE-2022-25375 MISC MISC MISC MLIST |
linux — linux_kernel |
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | 2022-02-24 | not yet calculated | CVE-2022-25636 MISC MISC MLIST |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. | 2022-02-26 | not yet calculated | CVE-2020-36516 MISC |
liveconfig — liveconfig |
A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2. | 2022-02-18 | not yet calculated | CVE-2021-40840 MISC MISC |
mariadb — connect | MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. | 2022-02-18 | not yet calculated | CVE-2022-24048 MISC MISC |
mariadb — connect | MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. | 2022-02-18 | not yet calculated | CVE-2022-24050 MISC MISC |
mariadb — connect | MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. | 2022-02-18 | not yet calculated | CVE-2022-24051 MISC MISC |
mariadb — connect |
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. | 2022-02-18 | not yet calculated | CVE-2022-24052 MISC MISC |
mattermost — mattermost |
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure. | 2022-02-21 | not yet calculated | CVE-2022-0708 MISC |
mediawiki — mediawiki |
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=”background-image: attr(title url);” attack within a DIV element that has an attacker-controlled URL in the title attribute. | 2022-02-18 | not yet calculated | CVE-2017-0371 MISC MISC |
metadata-extractor — metadata-extractor | When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library. | 2022-02-24 | not yet calculated | CVE-2022-24614 MISC |
metadata-extractor — metadata-extractor | metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library. | 2022-02-24 | not yet calculated | CVE-2022-24613 MISC |
mflow — mflow |
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | 2022-02-23 | not yet calculated | CVE-2022-0736 CONFIRM MISC |
microweber — microweber | Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.2.11. | 2022-02-26 | not yet calculated | CVE-2022-0723 MISC CONFIRM |
microweber — microweber | Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. | 2022-02-26 | not yet calculated | CVE-2022-0762 MISC CONFIRM |
microweber — microweber | Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.3. | 2022-02-23 | not yet calculated | CVE-2022-0719 MISC CONFIRM |
microweber — microweber | Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. | 2022-02-23 | not yet calculated | CVE-2022-0721 CONFIRM MISC |
microweber — microweber |
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3. | 2022-02-26 | not yet calculated | CVE-2022-0763 CONFIRM MISC |
microweber — microweber |
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. | 2022-02-20 | not yet calculated | CVE-2022-0688 MISC CONFIRM |
microweber — microweber |
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | 2022-02-23 | not yet calculated | CVE-2022-0724 CONFIRM MISC |
modx_revolution — modx_revolution |
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | 2022-02-26 | not yet calculated | CVE-2022-26149 MISC |
mruby — mruby |
Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. | 2022-02-23 | not yet calculated | CVE-2022-0717 CONFIRM MISC |
multiple_mobile_devices — multiple_mobile_devices |
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | 2022-02-24 | not yet calculated | CVE-2022-0732 CERT-VN CONFIRM MISC CERT-VN |
node.js — node.js |
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node’s ambiguous presentation of certificate subjects may be vulnerable. | 2022-02-24 | not yet calculated | CVE-2021-44533 MISC MISC |
node.js — node.js |
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the –security-revert command-line option. | 2022-02-24 | not yet calculated | CVE-2021-44532 MISC MISC |
node.js — node.js |
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the –security-revert command-line option. | 2022-02-24 | not yet calculated | CVE-2021-44531 MISC MISC |
node.js — node.js |
Due to the formatting logic of the “console.table()” function it was not safe to allow user controlled input to be passed to the “properties” parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be “__proto__”. The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. | 2022-02-24 | not yet calculated | CVE-2022-21824 MISC MISC |
npm — npm |
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue. | 2022-02-24 | not yet calculated | CVE-2022-24709 CONFIRM MISC |
npm — url-parse | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | 2022-02-20 | not yet calculated | CVE-2022-0686 CONFIRM MISC |
npm — url-parse |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | 2022-02-21 | not yet calculated | CVE-2022-0691 MISC CONFIRM |
octobercms — octobercms |
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation. | 2022-02-24 | not yet calculated | CVE-2022-23655 MISC CONFIRM |
octobercms — octobercms |
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually. | 2022-02-23 | not yet calculated | CVE-2022-21705 MISC CONFIRM |
ohio_supercomputer_center — open_ondemand |
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | 2022-02-26 | not yet calculated | CVE-2020-27958 MISC CONFIRM MISC |
okta — advanced_server_access_client_for_windows |
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | 2022-02-21 | not yet calculated | CVE-2022-24295 MISC |
opencmt — opencmt |
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | 2022-02-20 | not yet calculated | CVE-2022-22126 CONFIRM |
openmct — openmct |
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | 2022-02-20 | not yet calculated | CVE-2022-23053 CONFIRM |
openmct — openmct |
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | 2022-02-20 | not yet calculated | CVE-2022-23054 CONFIRM |
openmrs — openmrs |
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat’s URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance. | 2022-02-22 | not yet calculated | CVE-2022-23612 CONFIRM MISC MISC MISC |
opensuse — libsolv | Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 Dec 2020 in the resolve_installed function at src/solver.c: line 1728 & 1766. | 2022-02-21 | not yet calculated | CVE-2021-44573 MISC MISC MISC |
opensuse — libsolv | A heap overflow vulnerability exisfts in openSUSE libsolv through 13 Dec 2020 in the prefer_suggested function at src/policy.c: line 442. | 2022-02-21 | not yet calculated | CVE-2021-44571 MISC MISC |
opensuse — libsolv | A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solver_solve function at src/solver.c: line 3445. | 2022-02-21 | not yet calculated | CVE-2021-44569 MISC MISC |
opensuse — libsolv | Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 Dec 2020 bugs in the propagate function at src/solver.c: line 490 and 524. | 2022-02-21 | not yet calculated | CVE-2021-44577 MISC MISC MISC |
opensuse — libsolv | Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249. | 2022-02-21 | not yet calculated | CVE-2021-44576 MISC MISC MISC |
opensuse — libsolv | Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 13 Dec 2020 in the bugs in the solver_get_recommendations funtion function at src/solver.c: line 4286 & line 4305 FOR_PROVIDES. | 2022-02-21 | not yet calculated | CVE-2021-44570 MISC MISC MISC |
opensuse — libsolv | Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307. | 2022-02-21 | not yet calculated | CVE-2021-44575 MISC MISC MISC |
opensuse — libsolv | A heap-overflow vulnerability exists in openSUSE libsolv through 13 Dec 2020 in the resolve_jobrules function at src/solver.c at line 1599. | 2022-02-21 | not yet calculated | CVE-2021-44574 MISC MISC |
opensuse — libsolv |
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | 2022-02-21 | not yet calculated | CVE-2021-44568 MISC MISC MISC |
oracle — talent_acquisition_cloud-taleo_enterprise_edition |
A potential vulnerability in the Oracle Talent Acquisition Cloud – Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud – Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle. | 2022-02-24 | not yet calculated | CVE-2021-35689 MISC |
paquitosoftware — notimoo |
A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. | 2022-02-25 | not yet calculated | CVE-2021-42244 MISC |
pcmanager — pcmanager |
PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. | 2022-02-25 | not yet calculated | CVE-2021-40046 MISC |
pexip — infinity |
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service. | 2022-02-18 | not yet calculated | CVE-2022-23228 MISC |
pexip — infinity_connect |
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | 2022-02-18 | not yet calculated | CVE-2021-29655 MISC |
pexip — infinity_connect |
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked. | 2022-02-18 | not yet calculated | CVE-2021-29656 MISC |
phpuploader — phpuploader |
Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | 2022-02-24 | not yet calculated | CVE-2022-24435 MISC MISC |
phpuploader — phpuploader |
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. | 2022-02-24 | not yet calculated | CVE-2022-23986 MISC MISC |
pimcore — pimcore |
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. | 2022-02-22 | not yet calculated | CVE-2022-0665 CONFIRM MISC |
piwigo — piwigo |
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster’s cookies to get the webmaster’s access. | 2022-02-24 | not yet calculated | CVE-2022-24620 MISC |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. | 2022-02-22 | not yet calculated | CVE-2022-23608 CONFIRM MISC |
plesk — cms |
** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. | 2022-02-20 | not yet calculated | CVE-2021-45007 MISC |
plesk — cms |
** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. | 2022-02-21 | not yet calculated | CVE-2021-45008 MISC |
polkit — polkit |
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | 2022-02-21 | not yet calculated | CVE-2021-4115 MISC MISC MISC |
popup_builder — popup_builder |
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR | 2022-02-21 | not yet calculated | CVE-2021-25082 MISC CONFIRM |
popup_builder — popup_builder |
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | 2022-02-21 | not yet calculated | CVE-2022-0228 MISC CONFIRM |
premid — premid |
PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim’s “now playing” status on Discord. | 2022-02-20 | not yet calculated | CVE-2021-46701 MISC MISC |
pritunl_client — pritunl_client |
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | 2022-02-20 | not yet calculated | CVE-2022-25372 MISC MISC |
processwire — cms |
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | 2022-02-24 | not yet calculated | CVE-2020-27467 MISC |
profile_builder-user_profile_and_user_registration_forms — profile_builder-user_profile_and_user_registration_forms |
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1. | 2022-02-24 | not yet calculated | CVE-2022-0653 MISC MISC |
qemu — qemu |
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the ‘page’ argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | 2022-02-18 | not yet calculated | CVE-2021-3930 MISC CONFIRM |
qemu — qemu |
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. | 2022-02-24 | not yet calculated | CVE-2021-3608 MISC MISC |
qemu — qemu |
An integer overflow was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | 2022-02-24 | not yet calculated | CVE-2021-3607 MISC MISC |
qlik — sense_enterprise |
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. | 2022-02-21 | not yet calculated | CVE-2022-0564 CONFIRM CONFIRM CONFIRM |
qnap — device |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later | 2022-02-25 | not yet calculated | CVE-2021-34361 CONFIRM |
qnap — device |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later | 2022-02-25 | not yet calculated | CVE-2021-34359 CONFIRM |
radare2 — radare2 |
A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. | 2022-02-24 | not yet calculated | CVE-2021-4021 MISC |
radareorg — radare2 |
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | 2022-02-23 | not yet calculated | CVE-2022-0476 MISC CONFIRM |
radareorg — radare2 |
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | 2022-02-24 | not yet calculated | CVE-2022-0695 CONFIRM MISC |
radareorg — radare2 |
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | 2022-02-22 | not yet calculated | CVE-2022-0713 CONFIRM MISC |
radareorg — radare2 |
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | 2022-02-22 | not yet calculated | CVE-2022-0676 CONFIRM MISC |
radareorg — radare2 |
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. | 2022-02-22 | not yet calculated | CVE-2022-0712 MISC CONFIRM |
redis — redis |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 2022-02-18 | not yet calculated | CVE-2022-0543 MISC DEBIAN MISC MLIST |
rockwell_automation — 1734-aentr |
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. | 2022-02-24 | not yet calculated | CVE-2020-14504 MISC |
rockwell_automation — 1734-aentr |
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. | 2022-02-24 | not yet calculated | CVE-2020-14502 MISC |
rockwell_automation — factorytalk |
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. | 2022-02-24 | not yet calculated | CVE-2020-14481 MISC |
rockwell_automation — factorytalk |
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. | 2022-02-24 | not yet calculated | CVE-2020-14480 MISC |
rockwell_automation — factorytalk |
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. | 2022-02-24 | not yet calculated | CVE-2020-14478 MISC |
rosariosis — rosariosis |
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | 2022-02-24 | not yet calculated | CVE-2021-44565 MISC MISC MISC |
rosariosis — rosariosis |
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | 2022-02-24 | not yet calculated | CVE-2021-44566 MISC MISC MISC |
rosariosis — rosariosis |
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | 2022-02-24 | not yet calculated | CVE-2021-44567 MISC MISC MISC MISC |
rudloff — alltube |
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | 2022-02-21 | not yet calculated | CVE-2022-0692 CONFIRM MISC |
sangforcsclient.exe — sangforcsclient.exe |
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. | 2022-02-26 | not yet calculated | CVE-2022-22908 MISC |
sante — dicom_viewer_pro | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15100. | 2022-02-18 | not yet calculated | CVE-2022-24061 MISC |
sante — dicom_viewer_pro | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15095. | 2022-02-18 | not yet calculated | CVE-2022-24058 MISC |
sante — dicom_viewer_pro | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15099. | 2022-02-18 | not yet calculated | CVE-2022-24060 MISC |
sante — dicom_viewer_pro | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15104. | 2022-02-18 | not yet calculated | CVE-2022-24062 MISC |
sante — dicom_viewer_pro |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15105. | 2022-02-18 | not yet calculated | CVE-2022-24063 MISC |
sante — dicom_viewer_pro |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15161. | 2022-02-18 | not yet calculated | CVE-2022-24064 MISC |
sas — web_report_studio |
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. | 2022-02-19 | not yet calculated | CVE-2022-25256 MISC MISC CONFIRM |
scadaflex — scada_controller |
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | 2022-02-26 | not yet calculated | CVE-2022-25359 MISC MISC |
seatd– seatd |
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. | 2022-02-24 | not yet calculated | CVE-2022-25643 MISC MISC MISC |
sha256crypt — sha256crypt |
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm’s runtime is proportional to the square of the length of the password. | 2022-02-19 | not yet calculated | CVE-2016-20013 MISC MISC MISC |
shield_security — shield_security |
The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 2022-02-21 | not yet calculated | CVE-2022-0211 MISC |
showdoc — showdoc |
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. | 2022-02-19 | not yet calculated | CVE-2022-0409 CONFIRM MISC |
simcenter — femap |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) | 2022-02-22 | not yet calculated | CVE-2021-46162 CONFIRM |
simcenter — femap |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061) | 2022-02-22 | not yet calculated | CVE-2021-46699 CONFIRM |
sonos — one_speaker |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15798. | 2022-02-18 | not yet calculated | CVE-2022-24049 MISC |
sonos — one_speaker |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828. | 2022-02-18 | not yet calculated | CVE-2022-24046 MISC |
sourcegraph — sourcegraph |
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected. | 2022-02-18 | not yet calculated | CVE-2022-23642 CONFIRM MISC |
spiffy_calendar — spiffy_calendar |
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 2022-02-21 | not yet calculated | CVE-2022-25599 CONFIRM CONFIRM |
strapi — strapi |
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | 2022-02-26 | not yet calculated | CVE-2022-0764 CONFIRM MISC |
subrion — cms |
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | 2022-02-24 | not yet calculated | CVE-2021-43724 MISC |
survey_maker — survey_maker |
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | 2022-02-21 | not yet calculated | CVE-2021-26256 CONFIRM CONFIRM |
swtpm — swtpm |
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm’s state, where the blobheader’s hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. | 2022-02-18 | not yet calculated | CVE-2022-23645 CONFIRM MISC MISC MISC MISC |
tenda — routers | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. | 2022-02-24 | not yet calculated | CVE-2022-25414 MISC |
tenda — routers | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. | 2022-02-24 | not yet calculated | CVE-2022-25417 MISC |
tenda — routers |
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. | 2022-02-24 | not yet calculated | CVE-2022-25418 MISC |
tongda2000 — tongda2000 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. | 2022-02-24 | not yet calculated | CVE-2022-25406 MISC |
tongda2000 — tongda2000 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. | 2022-02-24 | not yet calculated | CVE-2022-25404 MISC |
tongda2000 — tongda2000 |
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. | 2022-02-24 | not yet calculated | CVE-2022-25405 MISC |
tor_browser — tor_browser |
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn’t properly free memory. | 2022-02-26 | not yet calculated | CVE-2021-46702 MISC |
totolink — technology_routers | A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25134 MISC |
totolink — technology_routers | A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25133 MISC |
totolink — technology_routers | A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25130 MISC |
totolink — technology_routers | A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25135 MISC |
totolink — technology_routers | A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25136 MISC |
totolink — technology_routers | TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25079 MISC |
totolink — technology_routers | A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25131 MISC |
totolink — technology_routers | TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25077 MISC |
totolink — technology_routers | TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25076 MISC |
totolink — technology_routers | TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25082 MISC |
totolink — technology_routers | TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25078 MISC |
totolink — technology_routers | TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25081 MISC |
totolink — technology_routers | TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25075 MISC |
totolink — technology_routers | A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25132 MISC |
totolink — technology_routers | TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25080 MISC |
totolink — technology_routers |
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25084 MISC |
totolink — technology_routers |
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | 2022-02-24 | not yet calculated | CVE-2022-25083 MISC |
totolink — technology_routers |
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2022-02-19 | not yet calculated | CVE-2022-25137 MISC |
tp-link — routers | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835. | 2022-02-18 | not yet calculated | CVE-2022-24354 MISC |
tp-link — routers | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | 2022-02-25 | not yet calculated | CVE-2022-25064 MISC MISC MISC |
tp-link — routers | TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | 2022-02-24 | not yet calculated | CVE-2022-25072 MISC |
tp-link — routers | TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | 2022-02-24 | not yet calculated | CVE-2022-25073 MISC |
tp-link — routers | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | 2022-02-25 | not yet calculated | CVE-2022-25060 MISC MISC MISC |
tp-link — routers | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | 2022-02-25 | not yet calculated | CVE-2022-25061 MISC MISC MISC |
tp-link — routers | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2022-02-25 | not yet calculated | CVE-2022-25062 MISC MISC MISC |
tp-link — routers |
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | 2022-02-24 | not yet calculated | CVE-2022-25074 MISC |
tp-link — routers |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910. | 2022-02-18 | not yet calculated | CVE-2022-24355 MISC |
translation_exchange — translation_exchange |
The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin’s settings. | 2022-02-21 | not yet calculated | CVE-2021-25057 MISC |
trend_micro — antivirus_for_max |
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-02-24 | not yet calculated | CVE-2022-24671 N/A N/A |
trend_micro — apex_one |
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-02-24 | not yet calculated | CVE-2022-24680 N/A N/A N/A |
trend_micro — multiple_products | An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. | 2022-02-24 | not yet calculated | CVE-2022-24678 N/A N/A N/A |
trend_micro — multiple_products |
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-02-24 | not yet calculated | CVE-2022-24679 N/A N/A N/A |
trend_micro — serverprotect | Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. | 2022-02-24 | not yet calculated | CVE-2022-25329 N/A N/A |
trend_micro — serverprotect |
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | 2022-02-24 | not yet calculated | CVE-2022-25330 N/A N/A |
trend_micro — serverprotection |
Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | 2022-02-24 | not yet calculated | CVE-2022-25331 N/A N/A |
tricentis — qtest |
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. | 2022-02-26 | not yet calculated | CVE-2022-26146 MISC MISC |
trillium — notes |
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function | 2022-02-24 | not yet calculated | CVE-2021-43745 MISC |
typo3 — kitodo_presentation_extension |
An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to. | 2022-02-19 | not yet calculated | CVE-2022-24980 CONFIRM MISC |
typo3 — varnishcache_extension |
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements. | 2022-02-19 | not yet calculated | CVE-2022-24979 CONFIRM MISC |
usbguard — usbguard |
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. | 2022-02-24 | not yet calculated | CVE-2019-25058 MISC MISC MISC |
usbredir — usbredir |
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. | 2022-02-24 | not yet calculated | CVE-2021-3700 MISC MISC |
util-linux — util-linux |
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an “INPUTRC” environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | 2022-02-21 | not yet calculated | CVE-2022-0563 MISC |
v2fly — v2ray |
Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0. | 2022-02-23 | not yet calculated | CVE-2021-4070 CONFIRM MISC |
ver — ver |
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916. | 2022-02-24 | not yet calculated | CVE-2022-24374 MISC MISC |
ver — ver |
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. | 2022-02-24 | not yet calculated | CVE-2022-21142 MISC MISC |
ver — ver |
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374. | 2022-02-24 | not yet calculated | CVE-2022-23916 MISC MISC |
ver — ver |
Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | 2022-02-24 | not yet calculated | CVE-2022-23810 MISC MISC |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | 2022-02-22 | not yet calculated | CVE-2022-0714 MISC CONFIRM FEDORA FEDORA |
vim — vim |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | 2022-02-23 | not yet calculated | CVE-2022-0729 CONFIRM MISC FEDORA FEDORA |
vim — vim |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. | 2022-02-21 | not yet calculated | CVE-2022-0696 MISC CONFIRM FEDORA |
vim — vim |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | 2022-02-20 | not yet calculated | CVE-2022-0685 CONFIRM MISC FEDORA |
visual_voice_mail — visual_voice_mail |
** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a “concrete and exploitable risk.” | 2022-02-25 | not yet calculated | CVE-2022-23835 MISC MISC |
waline — waline |
In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. | 2022-02-25 | not yet calculated | CVE-2022-24594 MISC MISC |
watchguard — firebox_and_xtm |
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 11.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3. | 2022-02-24 | not yet calculated | CVE-2022-23176 CONFIRM MISC |
watchguard — firebox_and_xtm_appliances |
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-02-24 | not yet calculated | CVE-2022-25363 CONFIRM |
watchguard — firebox_and_xtm_appliances |
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-02-24 | not yet calculated | CVE-2022-25360 CONFIRM |
watchguard — firebox_xtm_appliances | A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-02-24 | not yet calculated | CVE-2022-25292 CONFIRM |
watchguard — firebox_xtm_appliances | An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-02-24 | not yet calculated | CVE-2022-25291 CONFIRM |
watchguard — firebox_xtm_appliances | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-02-24 | not yet calculated | CVE-2022-25290 CONFIRM |
watchguard — firebox_xtm_appliances |
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-02-24 | not yet calculated | CVE-2022-25293 CONFIRM |
wbce_cms — wbce_cms |
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-02-24 | not yet calculated | CVE-2022-25099 MISC |
webankpartners — wecube-platform |
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | 2022-02-24 | not yet calculated | CVE-2021-45746 MISC |
weblate — weblate |
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic. | 2022-02-25 | not yet calculated | CVE-2022-24710 CONFIRM MISC MISC MISC |
wiki.js — wiki.js |
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation. | 2022-02-22 | not yet calculated | CVE-2022-23654 CONFIRM MISC |
wikidocs — wikidocs |
WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. | 2022-02-19 | not yet calculated | CVE-2022-23376 MISC MISC MISC MISC |
wikidocs — wikidocs |
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | 2022-02-19 | not yet calculated | CVE-2022-23375 MISC MISC MISC MISC |
win-911 — win-911 |
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | 2022-02-24 | not yet calculated | CVE-2022-23104 CONFIRM CONFIRM |
win-911 — win-911 |
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | 2022-02-24 | not yet calculated | CVE-2022-23922 CONFIRM CONFIRM |
wireguard — wireguard |
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds. | 2022-02-18 | not yet calculated | CVE-2022-23650 MISC MISC MISC CONFIRM |
wolfssl — wolfssl |
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. | 2022-02-24 | not yet calculated | CVE-2022-25638 CONFIRM MISC |
wolfssl — wolfssl |
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. | 2022-02-24 | not yet calculated | CVE-2022-25640 MISC |
woocs — woocs |
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 2022-02-21 | not yet calculated | CVE-2022-0234 MISC CONFIRM |
wp_content_copy_protection_and_no_right_click — wp_content_copy_protection_and_no_right_click |
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | 2022-02-21 | not yet calculated | CVE-2022-23983 CONFIRM CONFIRM |
wp_statistics — wp_statistics | The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | 2022-02-24 | not yet calculated | CVE-2022-25148 MISC MISC MISC |
wp_statistics — wp_statistics | The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | 2022-02-24 | not yet calculated | CVE-2022-25305 MISC MISC MISC |
wp_statistics — wp_statistics | The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | 2022-02-24 | not yet calculated | CVE-2022-25306 MISC MISC MISC |
wp_statistics — wp_statistics |
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | 2022-02-24 | not yet calculated | CVE-2022-25149 MISC MISC MISC |
wp_statistics — wp_statistics |
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | 2022-02-24 | not yet calculated | CVE-2022-25307 MISC MISC MISC |
wp_statistics — wp_statistics |
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | 2022-02-24 | not yet calculated | CVE-2022-0651 MISC MISC MISC |
wpdiscuz — wpdiscuz |
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | 2022-02-21 | not yet calculated | CVE-2022-23984 CONFIRM CONFIRM |
xerte_project — xerte | An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the ‘mediapath’ variable. | 2022-02-24 | not yet calculated | CVE-2021-44664 MISC MISC MISC |
xerte_project — xerte | A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php. | 2022-02-24 | not yet calculated | CVE-2021-44665 MISC |
xerte_project — xerte | A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | 2022-02-24 | not yet calculated | CVE-2021-44663 MISC MISC MISC |
xerte_project — xerte |
A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php. | 2022-02-24 | not yet calculated | CVE-2021-44662 MISC MISC MISC |
zenario — cms |
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new ‘File/MIME Types’ using the ‘.phar’ extension. Then an attacker can upload a malicious file, intercept the request and change the extension to ‘.phar’ in order to run commands on the server. | 2022-02-24 | not yet calculated | CVE-2022-23043 MISC MISC |
zepl — notebooks |
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. | 2022-02-25 | not yet calculated | CVE-2021-42952 MISC MISC |
zfaka — zfaka |
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | 2022-02-21 | not yet calculated | CVE-2022-24553 MISC MISC |
zip4j — zip4j |
zip4j up to 2.9.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library. | 2022-02-24 | not yet calculated | CVE-2022-24615 MISC |
zte — products |
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation. | 2022-02-24 | not yet calculated | CVE-2022-23135 MISC |
zulip — zulip |
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | 2022-02-26 | not yet calculated | CVE-2021-3967 CONFIRM MISC |
zulip — zulip |
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users’ email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:[email protected]). | 2022-02-26 | not yet calculated | CVE-2022-21706 CONFIRM MISC MISC MISC |
zyxel — armor_firmware | A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. | 2022-02-24 | not yet calculated | CVE-2021-4030 CONFIRM |
zyxel — armor_firmware |
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | 2022-02-24 | not yet calculated | CVE-2021-4029 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.