US-CERT Bulletin (SB22-094):Vulnerability Summary for the Week of March 28, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
genians — genian_nac | An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. | 2022-03-25 | 10 | CVE-2021-26622 MISC |
dlink — dap-1360f1_firmware | In DLink DAP-1360 F1 firmware version <=v6.10 in the “webupg” binary, an attacker can use the “file” parameter to execute arbitrary system commands when the parameter is “name=deleteFile” after being authorized. | 2022-03-27 | 10 | CVE-2021-44127 MISC MISC |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-25880 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-25980 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26013 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26059 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26065 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26069 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26338 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26349 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26514 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26666 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26667 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26836 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-26887 CONFIRM |
deltaww — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | 10 | CVE-2022-27175 CONFIRM |
netgear — r8500_firmware | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | 2022-03-26 | 9 | CVE-2022-27945 MISC |
netgear — r8500_firmware | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | 2022-03-26 | 9 | CVE-2022-27946 MISC |
netgear — r8500_firmware | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | 2022-03-26 | 9 | CVE-2022-27947 MISC |
cef — fortessa_ftbtld_firmware | Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. | 2022-03-25 | 8.5 | CVE-2021-44905 MISC MISC |
impresscms — impresscms | ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | 2022-03-28 | 7.5 | CVE-2021-26599 MISC MISC MISC MISC |
impresscms — impresscms | ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). | 2022-03-28 | 7.5 | CVE-2021-26600 MISC MISC MISC MISC |
netu — mex01_firmware | An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. | 2022-03-25 | 7.5 | CVE-2021-26621 MISC |
predic8 — soa_model | An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function. | 2022-03-25 | 7.5 | CVE-2021-43090 MISC |
totolink — t10_v2_firmware | Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. | 2022-03-25 | 7.5 | CVE-2021-43636 MISC |
glpi-project — glpi | A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. | 2022-03-28 | 7.5 | CVE-2021-44617 MISC |
sophos — sfos | An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | 2022-03-25 | 7.5 | CVE-2022-1040 CONFIRM |
sonicwall — sonicos | A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | 2022-03-25 | 7.5 | CVE-2022-22274 CONFIRM |
synology — diskstation_manager | Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | 2022-03-25 | 7.5 | CVE-2022-22687 CONFIRM |
westerndigital — my_cloud_pr2100_firmware | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | 2022-03-25 | 7.5 | CVE-2022-22995 MISC |
tuzicms — tuzicms | TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. | 2022-03-28 | 7.5 | CVE-2022-23882 MISC |
deno — deno | Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. | 2022-03-25 | 7.5 | CVE-2022-24783 CONFIRM |
notable — notable | Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. | 2022-03-27 | 7.5 | CVE-2022-26198 MISC |
marky_project — marky | Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload. | 2022-03-27 | 7.5 | CVE-2022-26205 MISC |
dlink — dir-820l_firmware | D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp. | 2022-03-28 | 7.5 | CVE-2022-26258 MISC MISC MISC MISC |
xiaohuanxiong_project — xiaohuanxiong | Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. | 2022-03-28 | 7.5 | CVE-2022-26268 MISC |
eyoucms — eyoucms | EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | 2022-03-28 | 7.5 | CVE-2022-26273 MISC |
gradle — enterprise | Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | 2022-03-25 | 7.5 | CVE-2022-27919 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
mruby — mruby | User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | 2022-03-26 | 6.8 | CVE-2022-1071 CONFIRM MISC |
typesettercms — typesetter | TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | 2022-03-25 | 6.8 | CVE-2022-25523 MISC MISC MISC |
broadcom — tcpreplay | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | 2022-03-26 | 6.8 | CVE-2022-27940 MISC |
broadcom — tcpreplay | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | 2022-03-26 | 6.8 | CVE-2022-27941 MISC |
broadcom — tcpreplay | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | 2022-03-26 | 6.8 | CVE-2022-27942 MISC |
linux — linux_kernel | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | 2022-03-25 | 6.6 | CVE-2022-0995 MISC MISC |
solarwinds — webhelpdesk | SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | 2022-03-25 | 6.5 | CVE-2021-35254 MISC MISC |
diyhi — bbs | A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | 2022-03-28 | 6.5 | CVE-2021-43097 MISC |
diyhi — bbs | A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. | 2022-03-28 | 6.5 | CVE-2021-43098 MISC |
diyhi — bbs | A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 2022-03-28 | 6.5 | CVE-2021-43101 MISC |
diyhi — bbs | A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 2022-03-28 | 6.5 | CVE-2021-43102 MISC |
diyhi — bbs | A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 2022-03-28 | 6.5 | CVE-2021-43103 MISC |
moodle — moodle | An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | 2022-03-25 | 6.5 | CVE-2022-0983 MISC FEDORA |
clusterlabs — pcs | A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. | 2022-03-25 | 6.5 | CVE-2022-1049 MISC |
fork-cms — fork_cms | SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | 2022-03-25 | 6.5 | CVE-2022-1064 MISC CONFIRM |
synology — diskstation_manager | Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2022-03-25 | 6.5 | CVE-2022-22688 CONFIRM |
mruby — mruby | use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | 2022-03-27 | 6.4 | CVE-2022-1106 MISC CONFIRM |
python — pillow | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | 2022-03-28 | 6.4 | CVE-2022-24303 CONFIRM MISC |
alf-banco — alf-banco | ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. | 2022-03-25 | 6.4 | CVE-2022-25577 MISC |
duckduckgo — duckduckgo | The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker’s web site. | 2022-03-25 | 5.8 | CVE-2021-44683 MISC |
tinyrise — tinyshop | A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. | 2022-03-25 | 5.5 | CVE-2020-21554 MISC MISC MISC MISC |
impresscms — impresscms | ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | 2022-03-28 | 5.5 | CVE-2021-26601 MISC MISC MISC MISC |
zlib — zlib | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 2022-03-25 | 5 | CVE-2018-25032 MISC MISC MLIST MLIST MISC CONFIRM MISC MISC DEBIAN MLIST |
iptime — nas101_firmware | An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords. | 2022-03-25 | 5 | CVE-2021-26620 MISC |
gnome — caribou | A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. | 2022-03-25 | 5 | CVE-2021-3567 MISC |
yeswiki — yeswiki | An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | 2022-03-25 | 5 | CVE-2021-43091 MISC MISC |
f-secure — safe | A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. | 2022-03-25 | 5 | CVE-2021-44751 MISC |
deltaww — diaenergie | Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | 2022-03-25 | 5 | CVE-2022-0988 CONFIRM |
74cms — 74cms | 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. | 2022-03-28 | 5 | CVE-2022-26271 MISC |
redhat — keycloak | A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | 2022-03-25 | 4.3 | CVE-2021-20323 MISC |
leanote — leanote | Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require(‘child_process’).exec(‘calc’);})();> | 2022-03-28 | 4.3 | CVE-2021-43721 MISC |
spotweb_project — spotweb | There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | 2022-03-28 | 4.3 | CVE-2021-43725 MISC MISC |
open-xchange — ox_app_suite | OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | 2022-03-28 | 4.3 | CVE-2021-44208 MISC MISC |
open-xchange — ox_app_suite | OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. | 2022-03-28 | 4.3 | CVE-2021-44209 MISC MISC |
open-xchange — ox_app_suite | OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. | 2022-03-28 | 4.3 | CVE-2021-44210 MISC MISC |
open-xchange — ox_app_suite | OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. | 2022-03-28 | 4.3 | CVE-2021-44212 MISC MISC |
open-xchange — ox_app_suite | OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. | 2022-03-28 | 4.3 | CVE-2021-44213 MISC MISC |
deltaww — cncsoft_screeneditor | Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. | 2022-03-25 | 4.3 | CVE-2021-44768 CONFIRM |
phpipam — phpipam | phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | 2022-03-25 | 4.3 | CVE-2021-46426 MISC MISC MISC |
mapping_multiple_urls_redirect_same_page_project — mapping_multiple_urls_redirect_same_page | The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0599 MISC |
myceliumdesign — conference_scheduler | The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0600 MISC |
databasepeek_project — database_peek | The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0619 MISC |
deleteoldorders_project — delete_old_orders | The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0620 MISC |
dtabs_project — dtabs | The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0621 MISC |
ays-pro — popup_like_box | The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0641 MISC |
bank_mellat_project — bank_mellat | The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0643 MISC |
bulk_creator_project — bulk_creator | The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-28 | 4.3 | CVE-2022-0647 MISC |
statamic — statamic | Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user’s password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. | 2022-03-25 | 4.3 | CVE-2022-24784 MISC MISC CONFIRM |
surveyking — surveyking | SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. | 2022-03-25 | 4.3 | CVE-2022-25590 MISC MISC MISC |
simpleajaxchat_project — simple_ajax_chat | Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | 2022-03-25 | 4.3 | CVE-2022-25610 CONFIRM CONFIRM |
yonyou — u8\+ | Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. | 2022-03-25 | 4.3 | CVE-2022-26263 MISC MISC MISC |
maccms — maccms | Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. | 2022-03-25 | 4.3 | CVE-2022-26573 MISC |
powerdns — authoritative_server | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | 2022-03-25 | 4.3 | CVE-2022-27227 CONFIRM CONFIRM MISC MISC MLIST |
maccms — maccms | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | 2022-03-25 | 4.3 | CVE-2022-27884 MISC |
maccms — maccms | Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | 2022-03-25 | 4.3 | CVE-2022-27885 MISC |
maccms — maccms | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | 2022-03-25 | 4.3 | CVE-2022-27886 MISC |
maccms — maccms | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | 2022-03-25 | 4.3 | CVE-2022-27887 MISC |
mendelson — oftp2 | Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. | 2022-03-25 | 4.3 | CVE-2022-27906 MISC MISC |
kiwix — libkiwix | libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | 2022-03-25 | 4.3 | CVE-2022-27920 MISC MISC FEDORA |
libsixel_project — libsixel | stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | 2022-03-26 | 4.3 | CVE-2022-27938 MISC |
broadcom — tcpreplay | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | 2022-03-26 | 4.3 | CVE-2022-27939 MISC |
gnu — gcc | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | 2022-03-26 | 4.3 | CVE-2022-27943 MISC MISC |
3cx — 3cx | 3CX System through 2022-03-17 stores cleartext passwords in a database. | 2022-03-28 | 4 | CVE-2021-45491 MISC MISC |
aapanel — aapanel | aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). | 2022-03-27 | 4 | CVE-2022-26252 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
docker — docker_desktop | Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | 2022-03-25 | 3.6 | CVE-2022-26659 MISC MISC MISC |
open-xchange — ox_app_suite | OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | 2022-03-28 | 3.5 | CVE-2021-44211 MISC MISC |
student_attendance_management_system_project — student_attendance_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. | 2022-03-29 | 3.5 | CVE-2021-45866 MISC |
codedropz — drag_and_drop_multiple_file_upload_-_contact_form_7 | The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue | 2022-03-28 | 3.5 | CVE-2022-0595 MISC CONFIRM |
shopizer — shopizer | A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 2022-03-29 | 3.5 | CVE-2022-23059 MISC MISC |
pearadmin — pear_admin_think | A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | 2022-03-29 | 3.5 | CVE-2022-23903 MISC |
open-emr — openemr | A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | 2022-03-25 | 3.5 | CVE-2022-24643 MISC MISC MISC |
douphp — douphp | A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | 2022-03-25 | 3.5 | CVE-2022-25574 MISC MISC |
classcms_project — classcms | A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. | 2022-03-25 | 3.5 | CVE-2022-25582 MISC |
wp-downloadmanager_project — wp-downloadmanager | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | 2022-03-25 | 3.5 | CVE-2022-25606 CONFIRM CONFIRM |
press_tigers — simple_event_planner | Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | 2022-03-25 | 3.5 | CVE-2022-25611 CONFIRM CONFIRM |
press_tigers — simple_event_planner | Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | 2022-03-25 | 3.5 | CVE-2022-25612 CONFIRM CONFIRM |
joget — joget_dx | Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. | 2022-03-25 | 3.5 | CVE-2022-26197 MISC MISC |
qemu — qemu | A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_CMD_CREATE_MR” command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. | 2022-03-25 | 2.1 | CVE-2021-3582 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
iss — blackice_pc_protection |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2003-5001 MISC MISC MISC |
iss — blackice_pc_protection |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2003-5002 MISC |
iss — blackice_pc_protection |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2003-5003 MISC |
netegrity — siteminder |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2005-10001 MISC |
pro2col — stingray_fts |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2008-10001 MISC MISC |
shemes — grablt |
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-03-28 | not yet calculated | CVE-2010-10001 MISC MISC MISC |
kiddoware — kids_place | A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component. | 2022-03-28 | not yet calculated | CVE-2015-10002 N/A |
yubico — ykneo-openpgp |
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. | 2022-03-30 | not yet calculated | CVE-2015-3298 MISC |
weka — interest_security_scanner |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2017-20011 MISC MISC |
weka — interest_security_scanner |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2017-20012 MISC MISC MISC |
weka — interest_security_scanner |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2017-20013 MISC MISC MISC |
weka — interest_security_scanner |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2017-20014 MISC MISC MISC |
weka — interest_security_scanner |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2017-20015 MISC MISC MISC |
weka — interest_security_scanner |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-03-28 | not yet calculated | CVE-2017-20016 MISC MISC MISC |
mirmay — secure_private_browser_and_file_manager |
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. | 2022-03-28 | not yet calculated | CVE-2018-25030 N/A N/A MISC |
wyze — cam_pan |
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | 2022-03-30 | not yet calculated | CVE-2019-12266 MISC |
linux — business_central_console |
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | 2022-04-01 | not yet calculated | CVE-2019-14839 MISC |
wyze — cam_pan |
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | 2022-03-30 | not yet calculated | CVE-2019-9564 CONFIRM |
inductive_automation — inductive_automation_ignition_7_gateway | Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server | 2022-04-01 | not yet calculated | CVE-2020-14479 MISC |
nexusphp — nexusphp |
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. | 2022-03-30 | not yet calculated | CVE-2020-24769 MISC MISC MISC |
nexusphp — nexusphp |
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2022-03-30 | not yet calculated | CVE-2020-24770 MISC MISC MISC |
nexusphp — nexusphp |
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | 2022-03-30 | not yet calculated | CVE-2020-24771 MISC MISC |
linux — linux |
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. | 2022-04-01 | not yet calculated | CVE-2020-25691 MISC |
linux — linux_kernels |
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | 2022-03-30 | not yet calculated | CVE-2020-35501 MISC |
android — android |
In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185190688 | 2022-03-30 | not yet calculated | CVE-2021-1000 MISC |
android — android |
In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185247656 | 2022-03-30 | not yet calculated | CVE-2021-1033 MISC |
qualcomm — qualcomm |
Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | not yet calculated | CVE-2021-1942 CONFIRM |
qualcomm — qualcomm |
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | not yet calculated | CVE-2021-1950 CONFIRM |
linux — linux |
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally. | 2022-04-01 | not yet calculated | CVE-2021-20238 MISC |
linux — linux |
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756. | 2022-04-01 | not yet calculated | CVE-2021-20295 MISC MISC |
pfsense — pfsense_ce_and_plus |
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. | 2022-03-31 | not yet calculated | CVE-2021-20729 MISC MISC |
abb — 800xa_control |
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite – Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. | 2022-04-01 | not yet calculated | CVE-2021-22277 MISC |
google — data_transfer_project |
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 | 2022-03-29 | not yet calculated | CVE-2021-22572 CONFIRM |
google — data_transfer_project |
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | 2022-04-01 | not yet calculated | CVE-2021-23247 MISC |
ipm — intelligent_power_manager |
The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. | 2022-04-01 | not yet calculated | CVE-2021-23287 MISC |
ipp — inteligent_power_protector |
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. | 2022-04-01 | not yet calculated | CVE-2021-23288 MISC |
bosch — cpp_firmware |
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | 2022-03-30 | not yet calculated | CVE-2021-23850 CONFIRM |
bosch — cpp_firmware |
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | 2022-03-30 | not yet calculated | CVE-2021-23851 CONFIRM |
wpscan — wpscan |
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the “Enable ‘More’ icon” option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue. | 2022-03-28 | not yet calculated | CVE-2021-24746 MISC |
wordpress — file_upload_free_and_pro |
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. | 2022-03-28 | not yet calculated | CVE-2021-24962 MISC CONFIRM |
wpscan — osmapper_wordpress_plugin |
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named ‘map’ and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog | 2022-03-28 | not yet calculated | CVE-2021-24978 MISC |
wpscan — pz-linkcard_wordpress |
The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues | 2022-03-28 | not yet calculated | CVE-2021-25012 MISC |
wpscan — wow_countdowns_wordpress_plugin |
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. | 2022-03-28 | not yet calculated | CVE-2021-25064 MISC |
wpscan — sync_woocommerce_product_feed |
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the ‘feed_id’ POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | 2022-03-28 | not yet calculated | CVE-2021-25068 MISC |
wpscan — black_bad_bots_wordpress_plugin |
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | 2022-03-28 | not yet calculated | CVE-2021-25070 MISC |
wpscan — wordpress_plugin |
The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-03-28 | not yet calculated | CVE-2021-25071 MISC |
impresscms — impresscms |
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). | 2022-03-28 | not yet calculated | CVE-2021-26598 MISC MISC MISC MISC |
microsoft — bandzip |
A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. | 2022-04-01 | not yet calculated | CVE-2021-26623 MISC |
linux — escan_anti-virus_for_ linux |
An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. | 2022-04-01 | not yet calculated | CVE-2021-26624 MISC |
kaspersky — multiple_products |
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS | 2022-04-01 | not yet calculated | CVE-2021-27223 MISC |
phillips — vue_pacs |
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | 2022-04-01 | not yet calculated | CVE-2021-27493 CONFIRM CONFIRM |
phillips — vue_pacs |
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | 2022-04-01 | not yet calculated | CVE-2021-27497 CONFIRM CONFIRM |
phillips — vue_pacs |
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | 2022-04-01 | not yet calculated | CVE-2021-27501 CONFIRM CONFIRM |
arista — eos_platforms |
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | 2022-04-01 | not yet calculated | CVE-2021-28504 MISC |
snapdragon — multple_products |
Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-04-01 | not yet calculated | CVE-2021-30328 CONFIRM |
snapdragon — multple_products |
Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-04-01 | not yet calculated | CVE-2021-30329 CONFIRM |
snapdragon — multple_products |
Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-04-01 | not yet calculated | CVE-2021-30331 CONFIRM |
snapdragon — multple_products |
Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-04-01 | not yet calculated | CVE-2021-30332 CONFIRM |
snapdragon — multple_products |
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-04-01 | not yet calculated | CVE-2021-30333 CONFIRM |
sick — sick |
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | 2022-04-01 | not yet calculated | CVE-2021-32503 MISC |
mdt_software — mdt_autosave |
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | 2022-04-01 | not yet calculated | CVE-2021-32933 CONFIRM |
mdt_software — mdt_autosave |
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. | 2022-04-01 | not yet calculated | CVE-2021-32937 CONFIRM |
mdt_software — mdt_autosave | An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | 2022-04-01 | not yet calculated | CVE-2021-32945 CONFIRM |
mdt_software — mdt_autosave | An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | 2022-04-01 | not yet calculated | CVE-2021-32949 CONFIRM |
mdt_software — mdt_autosave | An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | 2022-04-01 | not yet calculated | CVE-2021-32953 CONFIRM |
mdt_software — mdt_autosave |
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. | 2022-04-01 | not yet calculated | CVE-2021-32957 CONFIRM |
rockwell_automation — factorytalk_services_platform |
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. | 2022-04-01 | not yet calculated | CVE-2021-32960 CONFIRM CONFIRM |
mdt_software — mdt_autosave |
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. | 2022-04-01 | not yet calculated | CVE-2021-32961 CONFIRM |
moxa — nport |
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. | 2022-04-01 | not yet calculated | CVE-2021-32968 CONFIRM CONFIRM |
moxa — nport | Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. | 2022-04-01 | not yet calculated | CVE-2021-32970 CONFIRM CONFIRM |
moxa — nport | Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | 2022-04-01 | not yet calculated | CVE-2021-32974 CONFIRM CONFIRM |
moxa — nport | Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. | 2022-04-01 | not yet calculated | CVE-2021-32976 CONFIRM CONFIRM |
phillips — vue_pacs |
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | 2022-04-01 | not yet calculated | CVE-2021-33018 CONFIRM CONFIRM |
phillips — vue_pacs |
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | 2022-04-01 | not yet calculated | CVE-2021-33020 CONFIRM CONFIRM |
phillips — vue_pacs |
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 2022-04-01 | not yet calculated | CVE-2021-33022 CONFIRM CONFIRM |
phillips — vue_pacs |
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | 2022-04-01 | not yet calculated | CVE-2021-33024 CONFIRM CONFIRM |
blackarrow — mashzone_nextgen | The “Register an Ehcache Configuration File” admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. | 2022-03-30 | not yet calculated | CVE-2021-33208 MISC MISC |
blackarrow — mashzone_nextgen |
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController. | 2022-03-30 | not yet calculated | CVE-2021-33523 MISC MISC |
blackarrow — mashzone_nextgen | MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. | 2022-03-30 | not yet calculated | CVE-2021-33581 MISC MISC |
sdl — sdl |
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. | 2022-04-01 | not yet calculated | CVE-2021-33657 MISC |
splunk — splunk_enterprise |
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. | 2022-03-25 | not yet calculated | CVE-2021-3422 MISC MISC |
wordpress — wpanel |
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard’s Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. | 2022-03-31 | not yet calculated | CVE-2021-34257 MISC MISC |
foreman — salt_plugin |
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | 2022-03-30 | not yet calculated | CVE-2021-3456 MISC |
keycloak — keycloak |
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | 2022-04-01 | not yet calculated | CVE-2021-3461 MISC |
snapdragon — multple_products |
Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | not yet calculated | CVE-2021-35088 CONFIRM |
snapdragon — snapdragon_auto | Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto | 2022-04-01 | not yet calculated | CVE-2021-35089 CONFIRM |
snapdragon — multple_products | Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | not yet calculated | CVE-2021-35103 CONFIRM |
snapdragon — multple_products | Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-04-01 | not yet calculated | CVE-2021-35105 CONFIRM |
snapdragon — multple_products | Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-04-01 | not yet calculated | CVE-2021-35106 CONFIRM |
snapdragon — multple_products | Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile | 2022-04-01 | not yet calculated | CVE-2021-35110 CONFIRM |
snapdragon — multple_products | Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile | 2022-04-01 | not yet calculated | CVE-2021-35115 CONFIRM |
snapdragon — multple_products |
An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-04-01 | not yet calculated | CVE-2021-35117 CONFIRM |
dolibarr — erp_crm | An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | 2022-03-31 | not yet calculated | CVE-2021-36625 MISC |
dolibarr — erp_crm | An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | 2022-03-31 | not yet calculated | CVE-2021-37517 MISC |
mandiant — rsa_archer |
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. | 2022-03-30 | not yet calculated | CVE-2021-38362 MISC MISC MISC |
linux — linux_kernel |
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | 2022-04-01 | not yet calculated | CVE-2021-3847 MISC MISC |
android — arraymap |
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 | 2022-03-30 | not yet calculated | CVE-2021-39739 MISC |
android — messaging |
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 | 2022-03-30 | not yet calculated | CVE-2021-39740 MISC |
android — keymaster |
In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719 | 2022-03-30 | not yet calculated | CVE-2021-39741 MISC |
android — voicemail |
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602 | 2022-03-30 | not yet calculated | CVE-2021-39742 MISC |
android — packagemanager |
In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884 | 2022-03-30 | not yet calculated | CVE-2021-39743 MISC |
android — devicepolicymanager |
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136 | 2022-03-30 | not yet calculated | CVE-2021-39744 MISC |
android — devicepolicymanager |
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671 | 2022-03-30 | not yet calculated | CVE-2021-39745 MISC |
android — permissioncontroller |
In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395 | 2022-03-30 | not yet calculated | CVE-2021-39746 MISC |
android — settings_provider |
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208268457 | 2022-03-30 | not yet calculated | CVE-2021-39747 MISC |
android — inputmethodeditor |
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203777141 | 2022-03-30 | not yet calculated | CVE-2021-39748 MISC |
android — windowsmanager |
In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 | 2022-03-30 | not yet calculated | CVE-2021-39749 MISC |
android — packagemanager |
In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016 | 2022-03-30 | not yet calculated | CVE-2021-39750 MISC |
android — settings |
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 | 2022-03-30 | not yet calculated | CVE-2021-39751 MISC |
android — bubbles |
In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848 | 2022-03-30 | not yet calculated | CVE-2021-39752 MISC |
android — domainverificationservice |
In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185 | 2022-03-30 | not yet calculated | CVE-2021-39753 MISC |
android — contextlmpl |
In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709 | 2022-03-30 | not yet calculated | CVE-2021-39754 MISC |
android — devicepolicymanager |
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407 | 2022-03-30 | not yet calculated | CVE-2021-39755 MISC |
android — framework |
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287 | 2022-03-30 | not yet calculated | CVE-2021-39756 MISC |
android — permissionconroller |
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 | 2022-03-30 | not yet calculated | CVE-2021-39757 MISC |
android — windowmanager |
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886 | 2022-03-30 | not yet calculated | CVE-2021-39758 MISC |
android — libstagefright |
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830 | 2022-03-30 | not yet calculated | CVE-2021-39759 MISC |
android — audioservice |
In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526 | 2022-03-30 | not yet calculated | CVE-2021-39760 MISC |
android — media |
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181 | 2022-03-30 | not yet calculated | CVE-2021-39761 MISC |
android — tremolo |
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 | 2022-03-30 | not yet calculated | CVE-2021-39762 MISC |
android — settings |
In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115 | 2022-03-30 | not yet calculated | CVE-2021-39763 MISC |
android — settings |
In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995 | 2022-03-30 | not yet calculated | CVE-2021-39764 MISC |
android — gallery |
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427 | 2022-03-30 | not yet calculated | CVE-2021-39765 MISC |
android — settings |
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421 | 2022-03-30 | not yet calculated | CVE-2021-39766 MISC |
android — miniadb |
In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 | 2022-03-30 | not yet calculated | CVE-2021-39767 MISC |
android — settings |
In Settings, there is a possible way to add an auto-connect WiFi network without the user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876 | 2022-03-30 | not yet calculated | CVE-2021-39768 MISC |
android — device_policy | In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193663287 | 2022-03-30 | not yet calculated | CVE-2021-39769 MISC |
android — framework |
In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193033501 | 2022-03-30 | not yet calculated | CVE-2021-39770 MISC |
android — settings |
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 | 2022-03-30 | not yet calculated | CVE-2021-39771 MISC |
android — bluetooth |
In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 | 2022-03-30 | not yet calculated | CVE-2021-39772 MISC |
android — vpnmanagerservice |
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656 | 2022-03-30 | not yet calculated | CVE-2021-39773 MISC |
android — bluetooth |
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472 | 2022-03-30 | not yet calculated | CVE-2021-39774 MISC |
android — people |
In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854 | 2022-03-30 | not yet calculated | CVE-2021-39775 MISC |
android — nfc |
In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125 | 2022-03-30 | not yet calculated | CVE-2021-39776 MISC |
android — telephony |
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 | 2022-03-30 | not yet calculated | CVE-2021-39777 MISC |
android — telecomm |
In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138 | 2022-03-30 | not yet calculated | CVE-2021-39778 MISC |
android — getcallstateusingpackage_of_telecom_service |
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974 | 2022-03-30 | not yet calculated | CVE-2021-39779 MISC |
android — traceur |
In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293 | 2022-03-30 | not yet calculated | CVE-2021-39780 MISC |
android — smscontroller |
In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502 | 2022-03-30 | not yet calculated | CVE-2021-39781 MISC |
android — telephony |
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 | 2022-03-30 | not yet calculated | CVE-2021-39782 MISC |
android — rcsservice |
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 | 2022-03-30 | not yet calculated | CVE-2021-39783 MISC |
android — cellbroadcastreceiver |
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 | 2022-03-30 | not yet calculated | CVE-2021-39784 MISC |
android — nfc |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247 | 2022-03-30 | not yet calculated | CVE-2021-39786 MISC |
android — systemui |
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934 | 2022-03-30 | not yet calculated | CVE-2021-39787 MISC |
android — telecommanager |
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014 | 2022-03-30 | not yet calculated | CVE-2021-39788 MISC |
android — telecom |
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 | 2022-03-30 | not yet calculated | CVE-2021-39789 MISC |
android — dialer |
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146 | 2022-03-30 | not yet calculated | CVE-2021-39790 MISC |
android — wallpapermanagerservice |
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606 | 2022-03-30 | not yet calculated | CVE-2021-39791 MISC |
gitlab — gitlab |
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. | 2022-03-28 | not yet calculated | CVE-2021-39876 MISC CONFIRM MISC |
gitlab — gitlab |
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 2022-04-01 | not yet calculated | CVE-2021-39908 MISC CONFIRM MISC |
oasys — oa_system |
An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. | 2022-03-30 | not yet calculated | CVE-2021-40644 MISC MISC |
glorylion — jfinaloa |
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. | 2022-03-30 | not yet calculated | CVE-2021-40645 MISC MISC |
rsa — archer |
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. | 2022-03-30 | not yet calculated | CVE-2021-41594 MISC MISC |
gitlab — gitlab_ce_ee |
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | 2022-03-28 | not yet calculated | CVE-2021-4191 MISC MISC CONFIRM |
pixelimity — pixelimity |
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php | 2022-03-31 | not yet calculated | CVE-2021-42866 MISC |
danpros — htmly |
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. | 2022-03-31 | not yet calculated | CVE-2021-42867 MISC MISC |
chikista — patient_management_software |
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . | 2022-03-31 | not yet calculated | CVE-2021-42868 MISC MISC |
chikista — patient_management_software |
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. | 2022-03-31 | not yet calculated | CVE-2021-42869 MISC MISC |
draytek — vigor |
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. | 2022-03-29 | not yet calculated | CVE-2021-42911 MISC |
htmly — htmly |
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. | 2022-03-31 | not yet calculated | CVE-2021-42946 MISC |
cbkhwx — cxuucms | Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | 2022-03-29 | not yet calculated | CVE-2021-42970 MISC |
diyhi — bbs |
An Archive Extraction (AKA “Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). | 2022-03-28 | not yet calculated | CVE-2021-43099 MISC |
diyhi — bbs | A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | 2022-03-28 | not yet calculated | CVE-2021-43100 MISC |
technitium — dns_server |
A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. | 2022-03-28 | not yet calculated | CVE-2021-43105 MISC |
online_shopping_system — online_shopping_system | An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. | 2022-03-29 | not yet calculated | CVE-2021-43109 MISC |
online_shopping_system — online_shopping_system | An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. | 2022-03-29 | not yet calculated | CVE-2021-43110 MISC |
draytek — vigor |
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. | 2022-03-29 | not yet calculated | CVE-2021-43118 MISC |
joxsaxbeaninput — joxsaxbeaninput |
An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. | 2022-03-30 | not yet calculated | CVE-2021-43142 MISC |
hoosk — hoosk |
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. | 2022-03-31 | not yet calculated | CVE-2021-43478 MISC |
secretary — secretary |
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. | 2022-03-31 | not yet calculated | CVE-2021-43479 MISC |
simple_client_management_system — simple_client_management_system |
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | 2022-03-31 | not yet calculated | CVE-2021-43484 MISC |
ssocourcecodester — simple_client_management_system |
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. | 2022-03-31 | not yet calculated | CVE-2021-43505 MISC |
ssocourcecodester — simple_client_management_system |
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | 2022-03-31 | not yet calculated | CVE-2021-43506 MISC |
totolink — ex300 |
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | 2022-03-31 | not yet calculated | CVE-2021-43661 MISC |
totolink — ex300 | totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | 2022-03-31 | not yet calculated | CVE-2021-43662 MISC |
totolink — ex300 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | 2022-03-31 | not yet calculated | CVE-2021-43663 MISC |
totolink — ex300 |
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | 2022-03-30 | not yet calculated | CVE-2021-43664 MISC |
cszcms — cszcms | CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | 2022-03-29 | not yet calculated | CVE-2021-43701 MISC MISC MISC |
maccmspro — maccms |
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | 2022-03-31 | not yet calculated | CVE-2021-43707 MISC |
dlink — dir_645 |
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | 2022-03-31 | not yet calculated | CVE-2021-43722 MISC MISC |
open5gs — open5gs |
A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. | 2022-03-29 | not yet calculated | CVE-2021-44081 MISC |
pentest — pentest |
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | 2022-03-29 | not yet calculated | CVE-2021-44082 MISC MISC MISC |
konga — konga |
Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter. | 2022-03-28 | not yet calculated | CVE-2021-44103 MISC MISC |
hiby — hiby |
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device’s File System over HTTP. | 2022-03-28 | not yet calculated | CVE-2021-44124 MISC MISC |
pagekit — pagekit |
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | 2022-04-01 | not yet calculated | CVE-2021-44135 MISC |
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool |
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. | 2022-03-30 | not yet calculated | CVE-2021-44310 MISC |
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool |
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. | 2022-03-30 | not yet calculated | CVE-2021-44312 MISC |
kreado — kreasfero |
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. | 2022-03-29 | not yet calculated | CVE-2021-44581 MISC MISC |
mepsan — usc |
A vulnerability in MEPSAN’s USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | 2022-03-30 | not yet calculated | CVE-2021-45031 CONFIRM |
3cx — 3cx_client_for_windows | The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. | 2022-03-28 | not yet calculated | CVE-2021-45490 MISC MISC |
sourcecodester — student_attendance_manageent_system | A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. | 2022-03-29 | not yet calculated | CVE-2021-45865 MISC |
vivoh — webinar_manager |
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf. | 2022-03-30 | not yet calculated | CVE-2021-45900 MISC MISC |
totolink — a3100r |
In Totolink A3100R V5.9c.4577, “test.asp” contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. | 2022-03-30 | not yet calculated | CVE-2021-46006 MISC MISC MISC |
totolink — a3100r |
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the “ping” command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. | 2022-03-30 | not yet calculated | CVE-2021-46007 MISC MISC MISC |
totolink — a3100r |
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | 2022-03-30 | not yet calculated | CVE-2021-46008 MISC MISC MISC |
totolink — a3100r |
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. | 2022-03-30 | not yet calculated | CVE-2021-46009 MISC MISC MISC |
totolink — a3100r |
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. | 2022-03-30 | not yet calculated | CVE-2021-46010 MISC MISC MISC |
fenom_template — fenom |
In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true. | 2022-03-28 | not yet calculated | CVE-2021-46433 MISC |
emqx — dashboard |
** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the “/api /v3/auth” interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid. | 2022-03-28 | not yet calculated | CVE-2021-46434 MISC |
firebase — php |
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | 2022-03-29 | not yet calculated | CVE-2021-46743 MISC |
gitlab — gitlab |
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services. | 2022-03-28 | not yet calculated | CVE-2022-0123 CONFIRM MISC |
gitlab — gitlab |
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. | 2022-03-28 | not yet calculated | CVE-2022-0136 MISC CONFIRM MISC |
gitlab — gitlab |
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. | 2022-03-28 | not yet calculated | CVE-2022-0249 MISC MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. | 2022-03-28 | not yet calculated | CVE-2022-0283 MISC CONFIRM |
sophos — sophos_firewall |
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | 2022-03-29 | not yet calculated | CVE-2022-0331 CONFIRM |
zyxel — cgi_program |
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | 2022-03-28 | not yet calculated | CVE-2022-0342 CONFIRM |
android — android |
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2 | 2022-03-29 | not yet calculated | CVE-2022-0343 MISC |
gitlab– gitlab |
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project | 2022-03-28 | not yet calculated | CVE-2022-0344 MISC CONFIRM MISC |
github — github_repository |
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13. | 2022-03-31 | not yet calculated | CVE-2022-0350 MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. | 2022-03-28 | not yet calculated | CVE-2022-0371 MISC CONFIRM |
gitlab — gitlab | Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | 2022-04-01 | not yet calculated | CVE-2022-0373 MISC MISC CONFIRM |
wpscan — interactive_medical_drawing_of_human_body |
The Interactive Medical Drawing of Human Body WordPress plugin through 1.0 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-03-28 | not yet calculated | CVE-2022-0388 MISC |
gitlab — gitlab |
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | 2022-04-01 | not yet calculated | CVE-2022-0390 CONFIRM MISC MISC |
wpscan — wpc_smart_wishlist_for_woocommerce_ wordpress_plugin |
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action’s response (available to any authenticated user), leading to a Reflected Cross-Site Scripting | 2022-03-28 | not yet calculated | CVE-2022-0397 MISC |
irker — irc_gateway_integration |
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | 2022-04-01 | not yet calculated | CVE-2022-0425 MISC CONFIRM |
gitlab — jupyter_notebooks |
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user’s behalf leading to potential account takeover | 2022-03-28 | not yet calculated | CVE-2022-0427 MISC CONFIRM MISC |
wpscan — menu_image |
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend | 2022-03-28 | not yet calculated | CVE-2022-0450 MISC |
wpscan — popup_builder_wordpress_plugin |
The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link | 2022-03-28 | not yet calculated | CVE-2022-0479 CONFIRM MISC |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. | 2022-03-28 | not yet calculated | CVE-2022-0488 CONFIRM MISC |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. | 2022-04-01 | not yet calculated | CVE-2022-0489 MISC MISC CONFIRM |
wpscan — string_locator_wordpress_plugin | The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed. | 2022-03-28 | not yet calculated | CVE-2022-0493 MISC CONFIRM |
wpscan — sermon_browser_wordpress_plugin |
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. | 2022-03-28 | not yet calculated | CVE-2022-0499 MISC |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. | 2022-03-28 | not yet calculated | CVE-2022-0549 MISC CONFIRM |
wpscan — narnoo_distributor_wordpress_plugin |
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it’s configuration. | 2022-03-28 | not yet calculated | CVE-2022-0679 MISC |
wpscan — plezi_wordpress_plugin |
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue | 2022-03-28 | not yet calculated | CVE-2022-0680 MISC |
wpscan — amelia_wordpress_plugin |
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other’s booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | 2022-03-28 | not yet calculated | CVE-2022-0720 MISC |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. | 2022-03-28 | not yet calculated | CVE-2022-0735 CONFIRM MISC |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. | 2022-03-28 | not yet calculated | CVE-2022-0738 MISC CONFIRM |
gitlab — gitlab |
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | 2022-04-01 | not yet calculated | CVE-2022-0741 MISC MISC CONFIRM |
gitlab — gitlab |
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands | 2022-03-28 | not yet calculated | CVE-2022-0751 MISC CONFIRM MISC |
wpscan — translate_wordpress_with_gtranslate_wordpress_plugin |
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user’s cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page | 2022-03-28 | not yet calculated | CVE-2022-0770 MISC |
wpscan — title_experiements_free_wordpress_plugin |
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | 2022-03-28 | not yet calculated | CVE-2022-0784 MISC |
wpscan — limit_login_attempts_wordpress_plugin |
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections | 2022-03-28 | not yet calculated | CVE-2022-0787 MISC |
wpscan — woocommerce_affiliate_plugin_wordpress_plugin |
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | 2022-03-28 | not yet calculated | CVE-2022-0818 MISC |
wpscan — church_admin_wordpress_plugin |
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the “refresh-backup” action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin’s DB data | 2022-03-28 | not yet calculated | CVE-2022-0833 MISC |
wpscan — speakout!_email_petitions_wordpress_plugin |
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users | 2022-03-28 | not yet calculated | CVE-2022-0846 MISC |
phillips — e_alert |
The software does not perform any authentication for critical system functionality. | 2022-04-01 | not yet calculated | CVE-2022-0922 MISC |
deltaww — diaenergie |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-03-29 | not yet calculated | CVE-2022-0923 CONFIRM |
linux — linux_kernel |
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-03-30 | not yet calculated | CVE-2022-0998 MISC MLIST |
rockwell_automation — isagraf |
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. | 2022-04-01 | not yet calculated | CVE-2022-1018 MISC |
crater_invoice — crater |
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. | 2022-03-29 | not yet calculated | CVE-2022-1032 MISC CONFIRM |
archive — archive |
Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. | 2022-03-29 | not yet calculated | CVE-2022-1050 MISC |
linux — linux_kernel |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | 2022-03-29 | not yet calculated | CVE-2022-1055 CONFIRM CONFIRM CONFIRM |
libtiff — libtiff |
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. | 2022-03-28 | not yet calculated | CVE-2022-1056 MISC CONFIRM MISC |
modbus_tools — modbus_slave |
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. | 2022-04-01 | not yet calculated | CVE-2022-1068 CONFIRM |
automatic_question_paper_generator — automatic_question_paper_generator |
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. | 2022-03-29 | not yet calculated | CVE-2022-1073 MISC |
tem — flex |
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. | 2022-03-29 | not yet calculated | CVE-2022-1074 MISC |
college_website_management_system — college_website_management_system |
A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. | 2022-03-29 | not yet calculated | CVE-2022-1075 MISC MISC |
automatic_question_paper_generator — automatic_question_paper_generator |
A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. | 2022-03-29 | not yet calculated | CVE-2022-1076 MISC |
tem — flex |
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | 2022-03-29 | not yet calculated | CVE-2022-1077 MISC |
sourcecodester — college_website_management_system |
A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | 2022-03-29 | not yet calculated | CVE-2022-1078 MISC |
sourcecodester — one_church_management_system |
A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. | 2022-03-29 | not yet calculated | CVE-2022-1079 MISC |
sourcecodester — one_church_management_system |
A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | 2022-03-29 | not yet calculated | CVE-2022-1080 MISC |
sourcecodester — microfinance_management_system |
A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely. | 2022-03-29 | not yet calculated | CVE-2022-1081 MISC |
sourcecodester — microfinance_management_system |
A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input ‘||1=1# leads to sql injection. The attack may be initiated remotely. | 2022-03-29 | not yet calculated | CVE-2022-1082 MISC |
sourcecodester — microfinance_management_system |
A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc leads to sql injection in multiple files. It is possible to launch the attack remotely. | 2022-03-29 | not yet calculated | CVE-2022-1083 MISC |
sourcecodester — one_church_management_system |
A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. | 2022-03-29 | not yet calculated | CVE-2022-1084 MISC |
cltphp — cltphp |
A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-03-29 | not yet calculated | CVE-2022-1085 MISC |
dolphinphp — dolphinphp |
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-03-29 | not yet calculated | CVE-2022-1086 MISC MISC |
htmly — htmly |
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. | 2022-03-29 | not yet calculated | CVE-2022-1087 MISC MISC MISC |
deltaww — diaenergie |
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | 2022-04-01 | not yet calculated | CVE-2022-1098 CONFIRM |
openjpeg2 — fedora |
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. | 2022-03-29 | not yet calculated | CVE-2022-1122 MISC FEDORA |
vim — vim |
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | 2022-03-30 | not yet calculated | CVE-2022-1154 CONFIRM MISC |
snipe — snipe |
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | 2022-03-30 | not yet calculated | CVE-2022-1155 MISC CONFIRM |
rockwell — automation_studio_5000_logix_designer |
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 2022-04-01 | not yet calculated | CVE-2022-1159 CONFIRM |
vim — vim |
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | 2022-03-30 | not yet calculated | CVE-2022-1160 CONFIRM MISC |
minewebs — minewebcms |
Cross-site Scripting (XSS) – Stored in GitHub repository mineweb/minewebcms prior to next. | 2022-03-30 | not yet calculated | CVE-2022-1163 MISC CONFIRM |
gpac — gpac |
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 2022-03-30 | not yet calculated | CVE-2022-1172 MISC CONFIRM |
livehelperchat — livehelperchat |
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. | 2022-03-31 | not yet calculated | CVE-2022-1176 CONFIRM MISC |
openemr — openemr |
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. | 2022-03-30 | not yet calculated | CVE-2022-1177 CONFIRM MISC |
openemr — openemr |
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 2022-03-30 | not yet calculated | CVE-2022-1178 CONFIRM MISC |
openemr — openemr |
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 2022-03-30 | not yet calculated | CVE-2022-1179 MISC CONFIRM |
openemr — openemr |
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 2022-03-30 | not yet calculated | CVE-2022-1180 MISC CONFIRM |
openemr — openemr |
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | 2022-03-30 | not yet calculated | CVE-2022-1181 MISC CONFIRM |
livehelperchat — livehelperchat |
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. | 2022-03-31 | not yet calculated | CVE-2022-1191 CONFIRM MISC |
mruby — mruby |
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. | 2022-04-02 | not yet calculated | CVE-2022-1201 CONFIRM MISC |
radareorg — radare2 |
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. | 2022-04-01 | not yet calculated | CVE-2022-1207 MISC CONFIRM |
android — incfs |
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 | 2022-03-30 | not yet calculated | CVE-2022-20002 MISC |
cocoapods — cocoapods |
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-01 | not yet calculated | CVE-2022-21223 MISC MISC |
mastermind — vcs |
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-01 | not yet calculated | CVE-2022-21235 MISC MISC |
nvidia — cuda_toolkit_sdk |
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity. | 2022-03-29 | not yet calculated | CVE-2022-21821 CONFIRM |
rocketchat — livechat |
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. | 2022-04-01 | not yet calculated | CVE-2022-21830 MISC |
rancher_desktop — suse_security_incidents |
A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | 2022-04-01 | not yet calculated | CVE-2022-21947 CONFIRM |
ibm — ibm_security_vertify_access |
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. | 2022-03-31 | not yet calculated | CVE-2022-22311 CONFIRM XF |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. | 2022-04-01 | not yet calculated | CVE-2022-22327 CONFIRM XF |
ibm — sterlingpartner_engagement_manager |
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. | 2022-04-01 | not yet calculated | CVE-2022-22328 CONFIRM XF |
ibm — sterlingpartner_engagement_manager |
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | 2022-04-01 | not yet calculated | CVE-2022-22331 CONFIRM XF |
ibm — sterlingpartner_engagement_manager |
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. | 2022-04-01 | not yet calculated | CVE-2022-22332 XF CONFIRM |
app_connect_enterprise_certified_container_dashboard | IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. | 2022-04-01 | not yet calculated | CVE-2022-22404 XF CONFIRM |
unifi — door_access_reader_lite |
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later. | 2022-04-01 | not yet calculated | CVE-2022-22570 MISC |
tibco — managed_file_transfer_platform_server |
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. | 2022-03-30 | not yet calculated | CVE-2022-22772 CONFIRM CONFIRM |
saltstack — salt |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. | 2022-03-29 | not yet calculated | CVE-2022-22934 MISC MISC MISC |
saltstack — salt |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | 2022-03-29 | not yet calculated | CVE-2022-22935 MISC MISC MISC |
saltstack — salt |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. | 2022-03-29 | not yet calculated | CVE-2022-22936 MISC MISC MISC |
saltstack — salt |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. | 2022-03-29 | not yet calculated | CVE-2022-22941 MISC MISC MISC |
vmware — vcenter_server |
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | 2022-03-29 | not yet calculated | CVE-2022-22948 MISC |
spring_by_vmware — spring_framework |
n Spring Framework versions 5.3.0 – 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | 2022-04-01 | not yet calculated | CVE-2022-22950 MISC |
spring_by_vmware — spring_cloud_function |
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 2022-04-01 | not yet calculated | CVE-2022-22963 MISC CISCO CONFIRM |
spring_by_vmware — spring_framework |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | 2022-04-01 | not yet calculated | CVE-2022-22965 MISC CISCO CONFIRM |
link — nippon_telegraph_and_telephone_east_corporation |
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. | 2022-03-31 | not yet calculated | CVE-2022-22986 MISC MISC MISC |
westerndigital — g_raid |
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. | 2022-03-30 | not yet calculated | CVE-2022-22996 MISC |
zte — home_gateway |
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. | 2022-03-30 | not yet calculated | CVE-2022-23136 MISC |
dell — wyse_management_suite |
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | 2022-04-01 | not yet calculated | CVE-2022-23155 CONFIRM |
dell — wyse_device_agent |
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | 2022-04-01 | not yet calculated | CVE-2022-23156 CONFIRM |
dell — wyse_device_agent |
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. | 2022-04-01 | not yet calculated | CVE-2022-23157 CONFIRM |
dell — wyse_device_agent |
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 2022-04-01 | not yet calculated | CVE-2022-23158 CONFIRM |
link — advanced_custom_fields |
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. | 2022-03-31 | not yet calculated | CVE-2022-23183 MISC MISC MISC |
joomla — joomla |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | 2022-03-30 | not yet calculated | CVE-2022-23793 MISC MISC |
joomla — joomla |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | 2022-03-30 | not yet calculated | CVE-2022-23794 MISC |
joomla — joomla |
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. | 2022-03-30 | not yet calculated | CVE-2022-23795 MISC |
joomla — joomla |
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | 2022-03-30 | not yet calculated | CVE-2022-23796 MISC |
joomla — joomla |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | 2022-03-30 | not yet calculated | CVE-2022-23797 MISC |
joomla — joomla |
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | 2022-03-30 | not yet calculated | CVE-2022-23798 MISC |
joomla — joomla |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | 2022-03-30 | not yet calculated | CVE-2022-23799 MISC |
joomla — joomla |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | 2022-03-30 | not yet calculated | CVE-2022-23800 MISC |
joomla — joomla |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | 2022-03-30 | not yet calculated | CVE-2022-23801 MISC |
ruoyi — ruoyi |
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | 2022-03-30 | not yet calculated | CVE-2022-23868 MISC |
ruoyi — ruoyi |
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | 2022-03-30 | not yet calculated | CVE-2022-23869 MISC |
mojang — bedrock_dedicated_server |
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer). | 2022-03-28 | not yet calculated | CVE-2022-23884 MISC |
src/dfa/dead_rules.cc — src/dfa/dead_rules.cc |
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. | 2022-03-29 | not yet calculated | CVE-2022-23901 MISC |
wind_riverr — vxworks |
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. | 2022-03-29 | not yet calculated | CVE-2022-23937 MISC MISC |
snyk — snyk |
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the –upload-pack feature of git is also supported for git clone, which the prior fix didn’t cover. | 2022-04-01 | not yet calculated | CVE-2022-24066 CONFIRM CONFIRM CONFIRM CONFIRM |
douphp — douphp |
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | 2022-03-30 | not yet calculated | CVE-2022-24131 MISC |
phpshe — phpshe |
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry’s verification code, which can paralyze the target service. | 2022-03-30 | not yet calculated | CVE-2022-24132 MISC |
qingscan — qingscan |
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. | 2022-03-30 | not yet calculated | CVE-2022-24135 MISC |
hospital_management_system — hospital_management_system |
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | 2022-03-31 | not yet calculated | CVE-2022-24136 MISC |
pkp — pkp_lib |
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | 2022-04-01 | not yet calculated | CVE-2022-24181 MISC |
pfsense — pfsense |
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. | 2022-03-31 | not yet calculated | CVE-2022-24299 MISC MISC |
dell — command |
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | 2022-04-01 | not yet calculated | CVE-2022-24426 CONFIRM |
cocoapods-downloader — cocoapods-downloader |
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-01 | not yet calculated | CVE-2022-24440 MISC MISC MISC |
baicells — nova436 |
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | 2022-03-30 | not yet calculated | CVE-2022-24693 MISC MISC MISC |
jupyter — notebook |
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds. | 2022-03-31 | not yet calculated | CVE-2022-24758 CONFIRM |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP’s XML parsing in their apps. Users are advised to update. There are no known workarounds. | 2022-03-30 | not yet calculated | CVE-2022-24763 CONFIRM MISC |
orckestra — cms_foundation |
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist. | 2022-03-28 | not yet calculated | CVE-2022-24789 MISC CONFIRM |
puma — puma |
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. | 2022-03-30 | not yet calculated | CVE-2022-24790 MISC CONFIRM |
bytecodealliance — wasmtime |
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false). | 2022-03-31 | not yet calculated | CVE-2022-24791 CONFIRM MISC |
express_openid — express_openid |
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds. | 2022-03-31 | not yet calculated | CVE-2022-24794 MISC CONFIRM |
raspberrymatic — raspberrymatic |
RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input validation/sanitization in the file upload mechanism allows remote, unauthenticated attackers with network access to the WebUI interface to achieve arbitrary operating system command execution via shell metacharacters in the HTTP query string. Injected commands are executed as root, thus leading to a full compromise of the underlying system and all its components. Versions after `2.31.25.20180428` and prior to `3.63.8.20220330` are affected. Users are advised to update to version `3.63.8.20220330` or newer. There are currently no known workarounds to mitigate the security impact and users are advised to update to the latest version available. | 2022-03-31 | not yet calculated | CVE-2022-24796 CONFIRM MISC |
pomerium — pomerium |
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium’s Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This issue is patched in version v0.17.1 Workarounds: Block access to `/debug` and `/metrics` paths on the authenticate service. This can be done with any L7 proxy, including Pomerium’s own proxy service. | 2022-03-31 | not yet calculated | CVE-2022-24797 CONFIRM MISC MISC |
irrdnet — irrd |
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. This has been fixed in IRRd 4.2.3 and the main branch. Versions in the 4.1.x series never were affected. Users of the 4.2.x series are strongly recommended to upgrade. There are no known workarounds for this issue. | 2022-03-31 | not yet calculated | CVE-2022-24798 MISC CONFIRM MISC |
deepmerge-ts — deepmerge-ts |
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue. | 2022-04-01 | not yet calculated | CVE-2022-24802 CONFIRM MISC MISC |
asciidoctor — asciidoctor |
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits. | 2022-04-01 | not yet calculated | CVE-2022-24803 MISC MISC CONFIRM |
shopware — b2b_suite |
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. | 2022-03-29 | not yet calculated | CVE-2022-24956 MISC MISC |
dhc — vision_eqms |
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object’s version or history tab will be attacked. | 2022-03-29 | not yet calculated | CVE-2022-24957 MISC MISC |
totolink — ex300 |
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. | 2022-03-30 | not yet calculated | CVE-2022-25008 MISC |
hitron — chita | Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. | 2022-04-01 | not yet calculated | CVE-2022-25017 MISC |
mitsubishi — electric_melsec |
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. | 2022-04-01 | not yet calculated | CVE-2022-25155 MISC MISC MISC |
mitsubishi — electric_melsec |
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. | 2022-04-01 | not yet calculated | CVE-2022-25156 MISC MISC MISC |
mitsubishi — electric_melsec |
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash. | 2022-04-01 | not yet calculated | CVE-2022-25157 MISC MISC MISC |
mitsubishi — electric_melsec |
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. | 2022-04-01 | not yet calculated | CVE-2022-25158 MISC MISC MISC |
mitsubishi — electric_melsec |
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. | 2022-04-01 | not yet calculated | CVE-2022-25159 MISC MISC MISC |
mitsubishi — electric_melsec |
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user’s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. | 2022-04-01 | not yet calculated | CVE-2022-25160 MISC MISC MISC |
deltaww — diaenergie |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | 2022-03-29 | not yet calculated | CVE-2022-25347 CONFIRM |
hibara — attachecase |
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | 2022-03-31 | not yet calculated | CVE-2022-25348 MISC MISC |
ntt — resonate_incorporated_goo_blog_app_web_application |
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. | 2022-03-29 | not yet calculated | CVE-2022-25420 MISC |
unno — unno |
UNNO v03.11.00 was discovered to contain access control issue. | 2022-03-29 | not yet calculated | CVE-2022-25521 MISC MISC |
apache — dolphinscheduler |
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | 2022-03-30 | not yet calculated | CVE-2022-25598 MISC |
sambabox — sambabox |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | 2022-03-30 | not yet calculated | CVE-2022-25619 CONFIRM |
sambabox — sambabox |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | 2022-03-30 | not yet calculated | CVE-2022-25620 CONFIRM |
apache — apisix |
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{“string_payload”:”bad”,”string_payload”:”good”}` can be used to hide the “bad” input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions. | 2022-03-28 | not yet calculated | CVE-2022-25757 CONFIRM MLIST |
elecom — lan_routers |
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. | 2022-03-31 | not yet calculated | CVE-2022-25915 MISC MISC |
omcron — cx_position |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. | 2022-04-01 | not yet calculated | CVE-2022-25959 CONFIRM |
pfsense — pfsense |
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | 2022-03-31 | not yet calculated | CVE-2022-26019 MISC MISC |
omron — cx_position |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. | 2022-04-01 | not yet calculated | CVE-2022-26022 CONFIRM |
hms — hms |
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the “special” field. | 2022-03-30 | not yet calculated | CVE-2022-26244 MISC MISC |
falcon — falcon_pulse |
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. | 2022-03-27 | not yet calculated | CVE-2022-26245 MISC |
wowonder — ultimate_php_social_network_platform |
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. | 2022-03-27 | not yet calculated | CVE-2022-26254 MISC |
microsoft — clash |
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. | 2022-03-28 | not yet calculated | CVE-2022-26255 MISC |
xiongmai — dvr_devices |
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. | 2022-03-28 | not yet calculated | CVE-2022-26259 MISC MISC |
suzuki– connect |
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. | 2022-03-29 | not yet calculated | CVE-2022-26269 MISC MISC MISC |
tenda — ac9 |
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | 2022-03-28 | not yet calculated | CVE-2022-26278 MISC |
libarchive — libarchive |
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | 2022-03-28 | not yet calculated | CVE-2022-26280 MISC |
lrzip — lrzip |
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. | 2022-03-28 | not yet calculated | CVE-2022-26291 MISC |
riscv-boom — riscv-boom |
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 2022-03-28 | not yet calculated | CVE-2022-26296 MISC |
omron — cx-position |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | 2022-04-01 | not yet calculated | CVE-2022-26417 CONFIRM |
omron — cx-position |
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. | 2022-04-01 | not yet calculated | CVE-2022-26419 CONFIRM |
hms — hms |
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | 2022-03-31 | not yet calculated | CVE-2022-26546 MISC MISC |
kopano — core |
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. | 2022-04-01 | not yet calculated | CVE-2022-26562 MISC MISC |
totaljs — totaljs |
A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. | 2022-04-01 | not yet calculated | CVE-2022-26565 MISC |
tp-link — tp-link | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | 2022-03-28 | not yet calculated | CVE-2022-26639 MISC |
tp-link — tp-link | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | 2022-03-28 | not yet calculated | CVE-2022-26640 MISC |
tp-link — tp-link |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. | 2022-03-28 | not yet calculated | CVE-2022-26641 MISC |
tp-link — tp-link |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | 2022-03-28 | not yet calculated | CVE-2022-26642 MISC |
sourcecodester — online_banking_system_protect | Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. | 2022-03-30 | not yet calculated | CVE-2022-26644 MISC MISC |
sourcecodester — online_banking_system_protect | A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | 2022-03-30 | not yet calculated | CVE-2022-26645 MISC MISC |
sourcecodester — online_banking_system_protect | Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. | 2022-03-30 | not yet calculated | CVE-2022-26646 MISC MISC |
deltaww — diaenergie |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | 2022-03-29 | not yet calculated | CVE-2022-26839 CONFIRM |
trend_micro — apex_central |
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. | 2022-03-29 | not yet calculated | CVE-2022-26871 MISC MISC MISC MISC MISC |
archerirm_community — archer |
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | 2022-03-30 | not yet calculated | CVE-2022-26947 MISC MISC |
archerirm_community — rss_feed |
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | 2022-03-30 | not yet calculated | CVE-2022-26948 MISC MISC |
archerirm_community — archer |
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. | 2022-03-30 | not yet calculated | CVE-2022-26949 MISC MISC |
archerirm_community — archer |
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | 2022-03-30 | not yet calculated | CVE-2022-26950 MISC MISC |
archerirm_community — archer |
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | 2022-03-30 | not yet calculated | CVE-2022-26951 MISC MISC |
teampass — teampass |
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. | 2022-03-28 | not yet calculated | CVE-2022-26980 MISC MISC |
raidrive — raidrive |
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. | 2022-03-31 | not yet calculated | CVE-2022-27049 MISC |
bitcomet — bitcomet |
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. | 2022-03-31 | not yet calculated | CVE-2022-27050 MISC |
freeftpd — freetpd |
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | 2022-03-31 | not yet calculated | CVE-2022-27052 MISC |
netflix — security_bulletins |
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | 2022-04-01 | not yet calculated | CVE-2022-27177 MISC |
icehrm — pluck_cms |
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | 2022-03-30 | not yet calculated | CVE-2022-27432 MISC MISC |
zero-channel_bbs_plus — zero-channel_bbs_plus | Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. | 2022-03-31 | not yet calculated | CVE-2022-27496 MISC MISC |
kaspersky — anti-virus |
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | 2022-04-01 | not yet calculated | CVE-2022-27534 MISC |
sap — innovation_management |
Under certain conditions, SAP Innovation management – version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | 2022-03-28 | not yet calculated | CVE-2022-27658 MISC MISC |
springframework — springframework |
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. | 2022-03-30 | not yet calculated | CVE-2022-27772 MISC |
waycrate — swhkd |
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. | 2022-03-30 | not yet calculated | CVE-2022-27815 MISC MISC |
waycrate — swhkd |
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. | 2022-03-30 | not yet calculated | CVE-2022-27816 MISC MISC |
sonatype — nexus_repository_manager |
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | 2022-03-30 | not yet calculated | CVE-2022-27907 MISC MISC |
tesla — tesla |
** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor’s perspective is that the behavior is as intended. | 2022-03-27 | not yet calculated | CVE-2022-27948 MISC MISC MISC |
linux — linux_kernel |
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | 2022-03-28 | not yet calculated | CVE-2022-27950 MISC MISC MISC MISC |
netsarang — xftp |
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 2022-03-31 | not yet calculated | CVE-2022-27963 MISC MISC |
netsarang — xmanager |
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 2022-03-31 | not yet calculated | CVE-2022-27964 MISC MISC |
netsarang — xlpd |
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 2022-03-31 | not yet calculated | CVE-2022-27965 MISC MISC |
netsarang — xshell | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 2022-03-31 | not yet calculated | CVE-2022-27966 MISC MISC |
hibara_software — attachecase | Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | 2022-03-31 | not yet calculated | CVE-2022-28128 MISC MISC |
jenkins — bitbucket_server_integration_plugin |
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. | 2022-03-29 | not yet calculated | CVE-2022-28133 CONFIRM MLIST |
jenkins — bitbucket_server_integration_plugin |
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | 2022-03-29 | not yet calculated | CVE-2022-28134 CONFIRM MLIST |
jenkins — instant-messaging_plugin |
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 2022-03-29 | not yet calculated | CVE-2022-28135 CONFIRM MLIST |
jenkins — jiratestresultreporter_plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 2022-03-29 | not yet calculated | CVE-2022-28136 CONFIRM MLIST |
jenkins — jiratestresultreporter_plugin |
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 2022-03-29 | not yet calculated | CVE-2022-28137 CONFIRM MLIST |
jenkins — rocketchat_notifier_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. | 2022-03-29 | not yet calculated | CVE-2022-28138 CONFIRM MLIST |
jenkins — rocketchat_notifier_plugin |
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 2022-03-29 | not yet calculated | CVE-2022-28139 CONFIRM MLIST |
jenkins — flaky_test_handler_plugin |
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-03-29 | not yet calculated | CVE-2022-28140 CONFIRM MLIST |
jenkins — proxmos_plugin | Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-03-29 | not yet calculated | CVE-2022-28141 CONFIRM MLIST |
jenkins — proxmos_plugin | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. | 2022-03-29 | not yet calculated | CVE-2022-28142 CONFIRM MLIST |
jenkins — proxmos_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 2022-03-29 | not yet calculated | CVE-2022-28143 CONFIRM MLIST |
jenkins — proxmos_plugin |
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 2022-03-29 | not yet calculated | CVE-2022-28144 CONFIRM MLIST |
jenkins — continuous_integration_with_toad_edge_plugin |
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | 2022-03-29 | not yet calculated | CVE-2022-28145 CONFIRM MLIST |
jenkins — continuous_integration_with_toad_edge_plugin |
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | 2022-03-29 | not yet calculated | CVE-2022-28146 CONFIRM MLIST |
jenkins — continuous_integration_with_toad_edge_plugin |
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 2022-03-29 | not yet calculated | CVE-2022-28147 CONFIRM MLIST |
jenkins — continuous_integration_with_toad_edge_plugin | The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | 2022-03-29 | not yet calculated | CVE-2022-28148 CONFIRM MLIST |
jenkins — job_and_node_ownership_plugin |
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-03-29 | not yet calculated | CVE-2022-28149 CONFIRM MLIST |
jenkins — job_and_node_ownership_plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | 2022-03-29 | not yet calculated | CVE-2022-28150 CONFIRM MLIST |
jenkins — job_and_node_ownership_plugin |
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | 2022-03-29 | not yet calculated | CVE-2022-28151 CONFIRM MLIST |
jenkins — job_and_node_ownership_plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | 2022-03-29 | not yet calculated | CVE-2022-28152 CONFIRM MLIST |
jenkins — sitemonitor_plugin |
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-03-29 | not yet calculated | CVE-2022-28153 CONFIRM MLIST |
jenkins — coverage_complexity_scatter_plot_plugin | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-03-29 | not yet calculated | CVE-2022-28154 CONFIRM MLIST |
jenkins — pipeline_phonenix_autotest_plugin |
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-03-29 | not yet calculated | CVE-2022-28155 CONFIRM MLIST |
jenkins — pipeline_phonenix_autotest_plugin |
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | 2022-03-29 | not yet calculated | CVE-2022-28156 CONFIRM MLIST |
jenkins — pipeline_phonenix_autotest_plugin |
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | 2022-03-29 | not yet calculated | CVE-2022-28157 CONFIRM MLIST |
jenkins — pipeline_phonenix_autotest_plugin |
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2022-03-29 | not yet calculated | CVE-2022-28158 CONFIRM MLIST |
jenkins — tests_selector_plugin |
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-03-29 | not yet calculated | CVE-2022-28159 CONFIRM MLIST |
jenkins — tests_selector_plugin |
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | 2022-03-29 | not yet calculated | CVE-2022-28160 CONFIRM MLIST |
mediawiki — mediawiki |
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | 2022-03-30 | not yet calculated | CVE-2022-28202 MISC |
mediawiki — mediawiki | An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | 2022-03-30 | not yet calculated | CVE-2022-28205 MISC CONFIRM |
mediawiki — mediawiki | An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | 2022-03-30 | not yet calculated | CVE-2022-28206 MISC MISC |
mediawiki — mediawiki |
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | 2022-03-30 | not yet calculated | CVE-2022-28209 MISC MISC |
tekon — kio |
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. | 2022-03-30 | not yet calculated | CVE-2022-28223 MISC |
weechat — weechat |
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart. | 2022-04-02 | not yet calculated | CVE-2022-28352 MISC MISC |
scala.js — scala.js |
randomUUID in Scala.js before 1.10.0 generates predictable values. | 2022-04-02 | not yet calculated | CVE-2022-28355 MISC MISC |
linux — linux_kernel |
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | 2022-04-02 | not yet calculated | CVE-2022-28356 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.