US-CERT Bulletin (SB22-101):Vulnerability Summary for the Week of April 4, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
escanav — escan_anti-virus | An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. | 2022-04-01 | 10 | CVE-2021-26624 MISC |
pagekit — pagekit | pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | 2022-04-01 | 10 | CVE-2021-44135 MISC |
allmediaserver — allmediaserver | Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. | 2022-04-03 | 10 | CVE-2022-28381 MISC MISC |
qualcomm — apq8096au_firmware | An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-04-01 | 9.4 | CVE-2021-35117 CONFIRM |
dell — wyse_management_suite | Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | 2022-04-01 | 9 | CVE-2022-23155 CONFIRM |
hitrontech — chita_firmware | Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. | 2022-04-01 | 9 | CVE-2022-25017 MISC |
idearespa — reftree | An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. | 2022-04-03 | 9 | CVE-2022-27249 MISC MISC |
qualcomm — ar8035_firmware | Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-04-01 | 7.8 | CVE-2021-30328 CONFIRM |
qualcomm — ar8035_firmware | Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-04-01 | 7.8 | CVE-2021-30329 CONFIRM |
oppo — quick_app | A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | 2022-04-01 | 7.5 | CVE-2021-23247 MISC |
bandisoft — bandizip | A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. | 2022-04-01 | 7.5 | CVE-2021-26623 MISC |
philips — myvue | Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | 2022-04-01 | 7.5 | CVE-2021-27497 CONFIRM CONFIRM |
philips — myvue | Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | 2022-04-01 | 7.5 | CVE-2021-27501 CONFIRM CONFIRM |
auvesy-mdt — autosave | An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | 2022-04-01 | 7.5 | CVE-2021-32933 CONFIRM |
cocoapods — cocoapods-downloader | The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-01 | 7.5 | CVE-2022-21223 MISC MISC |
ui — ua_lite_firmware | A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later. | 2022-04-01 | 7.5 | CVE-2022-22570 MISC |
vmware — spring_cloud_function | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 2022-04-01 | 7.5 | CVE-2022-22963 MISC CISCO CONFIRM |
vmware — spring_framework | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | 2022-04-01 | 7.5 | CVE-2022-22965 MISC CISCO CONFIRM |
simple-git_project — simple-git | The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the –upload-pack feature of git is also supported for git clone, which the prior fix didn’t cover. | 2022-04-01 | 7.5 | CVE-2022-24066 CONFIRM CONFIRM CONFIRM CONFIRM |
cocoapods — cocoapods-downloader | The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-01 | 7.5 | CVE-2022-24440 MISC MISC MISC |
kopano — groupware_core | An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. | 2022-04-01 | 7.5 | CVE-2022-26562 MISC MISC |
kaspersky — anti-virus | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | 2022-04-01 | 7.5 | CVE-2022-27534 MISC |
qualcomm — aqt1000_firmware | Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | 7.2 | CVE-2021-1942 CONFIRM |
qualcomm — ar8035_firmware | Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | 7.2 | CVE-2021-1950 CONFIRM |
belden — tofino_xenon_security_appliance_firmware | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | 2022-04-03 | 7.2 | CVE-2021-30061 MISC CONFIRM |
belden — tofino_xenon_security_appliance_firmware | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400. | 2022-04-03 | 7.2 | CVE-2021-30066 MISC CONFIRM |
qualcomm — qca6696_firmware | Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto | 2022-04-01 | 7.2 | CVE-2021-35089 CONFIRM |
qualcomm — ar8035_firmware | Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | 7.2 | CVE-2021-35103 CONFIRM |
qualcomm — apq8009w_firmware | Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-04-01 | 7.2 | CVE-2021-35105 CONFIRM |
qualcomm — aqt1000_firmware | Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-04-01 | 7.2 | CVE-2021-35106 CONFIRM |
qualcomm — sd_8_gen1_5g_firmware | Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile | 2022-04-01 | 7.2 | CVE-2021-35110 CONFIRM |
dell — alienware_update | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | 2022-04-01 | 7.2 | CVE-2022-24426 CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
belden — tofino_xenon_security_appliance_firmware | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state). | 2022-04-03 | 6.8 | CVE-2021-30064 MISC CONFIRM |
google — chrome | Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0452 MISC MISC |
google — chrome | Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0453 MISC MISC |
google — chrome | Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0454 MISC MISC |
google — chrome | Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. | 2022-04-05 | 6.8 | CVE-2022-0456 MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0457 MISC MISC |
google — chrome | Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0458 MISC MISC |
google — chrome | Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0459 MISC MISC |
google — chrome | Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0460 MISC MISC |
google — chrome | Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 2022-04-05 | 6.8 | CVE-2022-0463 MISC MISC |
google — chrome | Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 2022-04-05 | 6.8 | CVE-2022-0464 MISC MISC |
google — chrome | Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. | 2022-04-05 | 6.8 | CVE-2022-0465 MISC MISC |
google — chrome | Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0468 MISC MISC |
google — chrome | Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0469 MISC MISC |
google — chrome | Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0470 MISC MISC |
google — chrome | Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0604 MISC MISC |
google — chrome | Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0605 MISC MISC |
google — chrome | Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0606 MISC MISC |
google — chrome | Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0607 MISC MISC |
google — chrome | Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0608 MISC MISC |
google — chrome | Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0609 MISC MISC |
google — chrome | Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0610 MISC MISC |
google — chrome | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0789 MISC MISC |
google — chrome | Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0790 MISC MISC |
google — chrome | Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. | 2022-04-05 | 6.8 | CVE-2022-0791 MISC MISC |
google — chrome | Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0794 MISC MISC |
google — chrome | Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0795 MISC MISC |
google — chrome | Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0796 MISC MISC |
google — chrome | Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0797 MISC MISC |
google — chrome | Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 2022-04-05 | 6.8 | CVE-2022-0798 MISC MISC |
google — chrome | Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. | 2022-04-05 | 6.8 | CVE-2022-0799 MISC MISC |
google — chrome | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 6.8 | CVE-2022-0800 MISC MISC |
google — chrome | Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 2022-04-05 | 6.8 | CVE-2022-0805 MISC MISC |
vcs_project — vcs | The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-01 | 6.8 | CVE-2022-21235 MISC MISC |
mitsubishielectric — fx5uc_firmware | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. | 2022-04-01 | 6.8 | CVE-2022-25155 MISC MISC MISC |
mitsubishielectric — fx5uc_firmware | Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. | 2022-04-01 | 6.8 | CVE-2022-25156 MISC MISC MISC |
mitsubishielectric — fx5uc_firmware | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. | 2022-04-01 | 6.8 | CVE-2022-25159 MISC MISC MISC |
omron — cx-position | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. | 2022-04-01 | 6.8 | CVE-2022-25959 CONFIRM MISC |
omron — cx-position | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. | 2022-04-01 | 6.8 | CVE-2022-26022 CONFIRM MISC |
omron — cx-position | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | 2022-04-01 | 6.8 | CVE-2022-26417 CONFIRM MISC |
omron — cx-position | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. | 2022-04-01 | 6.8 | CVE-2022-26419 CONFIRM MISC MISC MISC MISC |
rockwellautomation — controllogix_5580_firmware | Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 2022-04-01 | 6.5 | CVE-2022-1159 CONFIRM |
philips — myvue | Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | 2022-04-01 | 6.4 | CVE-2021-27493 CONFIRM CONFIRM |
qualcomm — aqt1000_firmware | Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-04-01 | 6.4 | CVE-2021-35088 CONFIRM |
mitsubishielectric — fx5uc_firmware | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash. | 2022-04-01 | 6.4 | CVE-2022-25157 MISC MISC MISC |
mitsubishielectric — fx5uc_firmware | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. | 2022-04-01 | 6.4 | CVE-2022-25158 MISC MISC MISC |
redhat — business-central | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | 2022-04-01 | 5 | CVE-2019-14839 MISC |
inductiveautomation — ignition | Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server | 2022-04-01 | 5 | CVE-2020-14479 MISC |
darkhttpd_project — darkhttpd | A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. | 2022-04-01 | 5 | CVE-2020-25691 MISC |
belden — tofino_xenon_security_appliance_firmware | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | 2022-04-03 | 5 | CVE-2021-30062 MISC CONFIRM |
belden — tofino_xenon_security_appliance_firmware | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | 2022-04-03 | 5 | CVE-2021-30063 MISC CONFIRM |
belden — tofino_xenon_security_appliance_firmware | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401. | 2022-04-03 | 5 | CVE-2021-30065 MISC CONFIRM |
qualcomm — ar8035_firmware | Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-04-01 | 5 | CVE-2021-30332 CONFIRM |
auvesy-mdt — autosave | An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. | 2022-04-01 | 5 | CVE-2021-32937 CONFIRM |
auvesy-mdt — autosave | A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. | 2022-04-01 | 5 | CVE-2021-32961 CONFIRM |
philips — myvue | The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | 2022-04-01 | 5 | CVE-2021-33018 CONFIRM CONFIRM |
philips — myvue | Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | 2022-04-01 | 5 | CVE-2021-33020 CONFIRM CONFIRM |
philips — myvue | Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 2022-04-01 | 5 | CVE-2021-33022 CONFIRM CONFIRM |
philips — myvue | Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | 2022-04-01 | 5 | CVE-2021-33024 CONFIRM CONFIRM |
gitlab — gitlab | In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 2022-04-01 | 5 | CVE-2021-39908 MISC CONFIRM MISC |
linux — linux_kernel | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | 2022-04-02 | 5 | CVE-2022-28356 MISC MISC MLIST |
qualcomm — apq8009w_firmware | Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-04-01 | 4.6 | CVE-2021-30333 CONFIRM |
qualcomm — apq8096au_firmware | Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile | 2022-04-01 | 4.6 | CVE-2021-35115 CONFIRM |
dell — wyse_device_agent | Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | 2022-04-01 | 4.6 | CVE-2022-23156 CONFIRM |
linux — linux_kernel | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | 2022-04-03 | 4.6 | CVE-2022-28388 MISC FEDORA |
linux — linux_kernel | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | 2022-04-03 | 4.6 | CVE-2022-28389 MISC FEDORA |
linux — linux_kernel | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | 2022-04-03 | 4.6 | CVE-2022-28390 MISC FEDORA |
deltaww — diaenergie | Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | 2022-04-01 | 4.4 | CVE-2022-1098 CONFIRM |
yourls — yourls | Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | 2022-04-03 | 4.3 | CVE-2022-0088 CONFIRM MISC |
google — chrome | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0455 MISC MISC |
google — chrome | Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0792 MISC MISC |
google — chrome | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0802 MISC MISC |
google — chrome | Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0803 MISC MISC |
google — chrome | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0804 MISC MISC |
google — chrome | Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0806 MISC MISC |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2022-04-05 | 4.3 | CVE-2022-0807 MISC MISC |
radare — radare2 | Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. | 2022-04-01 | 4.3 | CVE-2022-1207 MISC CONFIRM |
rocket.chat — livechat | A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. | 2022-04-01 | 4.3 | CVE-2022-21830 MISC |
public_knowledge_project — open_journal_systems | Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | 2022-04-01 | 4.3 | CVE-2022-24181 MISC |
mitsubishielectric — fx5uc_firmware | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user’s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. | 2022-04-01 | 4.3 | CVE-2022-25160 MISC MISC MISC |
sick — ftmg | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | 2022-04-01 | 4 | CVE-2021-32503 MISC |
calibre-web_project — calibre-web | Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | 2022-04-03 | 4 | CVE-2022-0406 MISC CONFIRM |
ibm — app_connect_enterprise_certified_container | IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. | 2022-04-01 | 4 | CVE-2022-22404 XF CONFIRM |
pivotal_software — spring_framework | n Spring Framework versions 5.3.0 – 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | 2022-04-01 | 4 | CVE-2022-22950 MISC |
idearespa — reftree | A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg. | 2022-04-03 | 4 | CVE-2022-27248 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
eaton — intelligent_power_manager | The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. | 2022-04-01 | 3.5 | CVE-2021-23287 MISC |
wedevs — wp_project_manager | Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions <= 2.4.13. | 2022-04-04 | 3.5 | CVE-2021-36826 CONFIRM MISC CONFIRM |
rumble_mail_server_project — rumble_mail_server | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | 2022-04-04 | 3.5 | CVE-2021-43459 MISC |
rumble_mail_server_project — rumble_mail_server | Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. | 2022-04-04 | 3.5 | CVE-2021-43461 MISC |
rumble_mail_server_project — rumble_mail_server | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. | 2022-04-04 | 3.5 | CVE-2021-43462 MISC |
totaljs — content_management_system | A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. | 2022-04-01 | 3.5 | CVE-2022-26565 MISC |
eaton — intelligent_power_protector | The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. | 2022-04-01 | 2.3 | CVE-2021-23288 MISC |
qemu — qemu | It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756. | 2022-04-01 | 2.1 | CVE-2021-20295 MISC MISC |
qualcomm — ar8035_firmware | Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-04-01 | 2.1 | CVE-2021-30331 CONFIRM |
dell — wyse_device_agent | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. | 2022-04-01 | 2.1 | CVE-2022-23157 CONFIRM |
dell — wyse_device_agent | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 2022-04-01 | 2.1 | CVE-2022-23158 CONFIRM |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
jeesite — jeesite |
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. | 2022-04-05 | not yet calculated | CVE-2020-19229 MISC |
xiongmai_technology_co — multiple_products |
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device. | 2022-04-06 | not yet calculated | CVE-2020-22253 MISC |
sina — weibo_android_sdk |
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | 2022-04-05 | not yet calculated | CVE-2020-23349 MISC |
drtrustusa — icheck_connect_bp_monitor_bp_testing_118 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE. | 2022-04-07 | not yet calculated | CVE-2020-27373 MISC MISC MISC |
drtrustusa — icheck_connect_bp_monitor_bp_testing_118 |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. | 2022-04-07 | not yet calculated | CVE-2020-27374 MISC MISC MISC |
drtrustusa — icheck_connect_bp_monitor_bp_testing_118 |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. | 2022-04-07 | not yet calculated | CVE-2020-27375 MISC MISC MISC |
drtrustusa — icheck_connect_bp_monitor_bp_testing_118 |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. | 2022-04-07 | not yet calculated | CVE-2020-27376 MISC MISC MISC |
hisiphp — hisiphp |
An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. ‘/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. | 2022-04-04 | not yet calculated | CVE-2020-28062 MISC |
xcxx_valine — xcss_valine |
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. | 2022-04-05 | not yet calculated | CVE-2020-28847 MISC |
fortiguard_labs — fortisandbox |
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | 2022-04-06 | not yet calculated | CVE-2020-29013 CONFIRM |
ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | 2022-04-08 | not yet calculated | CVE-2020-4668 XF CONFIRM |
fortinet — forticlient_for_linux |
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name. | 2022-04-06 | not yet calculated | CVE-2021-22127 CONFIRM |
fortinetguru — fortiwan |
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system’s shell via specifically crafted HTTP requests. | 2022-04-06 | not yet calculated | CVE-2021-24009 CONFIRM |
kingcomposer — kingcomposer |
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them | 2022-04-04 | not yet calculated | CVE-2021-25048 MISC |
wpscan — dropdown_menu_widget_wordpress_plugin |
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | 2022-04-04 | not yet calculated | CVE-2021-25113 MISC |
fortinet — fortimanager |
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. | 2022-04-06 | not yet calculated | CVE-2021-26104 CONFIRM |
fortinet — fortiwan |
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests. | 2022-04-06 | not yet calculated | CVE-2021-26112 CONFIRM |
fortinet — fortiwan |
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | 2022-04-06 | not yet calculated | CVE-2021-26113 CONFIRM |
fortinet — fortiwan |
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 2022-04-06 | not yet calculated | CVE-2021-26114 CONFIRM |
fortinet — fortiauthenticator |
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 2022-04-06 | not yet calculated | CVE-2021-26116 CONFIRM |
beego — beego |
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | 2022-04-05 | not yet calculated | CVE-2021-27116 MISC |
beego — beego |
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. | 2022-04-05 | not yet calculated | CVE-2021-27117 MISC |
horizontcms — horizontcms |
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. | 2022-04-05 | not yet calculated | CVE-2021-28428 MISC MISC |
beego — beego |
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control. | 2022-04-05 | not yet calculated | CVE-2021-30080 MISC |
ivanti — avalanche_(premise) |
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | 2022-04-06 | not yet calculated | CVE-2021-30497 MISC MISC MISC |
fortinet — fortiwan |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. | 2022-04-06 | not yet calculated | CVE-2021-32585 CONFIRM |
fortinet — fortiwan |
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages. | 2022-04-06 | not yet calculated | CVE-2021-32593 CONFIRM |
aveva — system_platform |
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. | 2022-04-04 | not yet calculated | CVE-2021-32977 CONFIRM CONFIRM |
automationdirect — click_plc_cpu_modules |
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. | 2022-04-04 | not yet calculated | CVE-2021-32978 CONFIRM |
automationdirect — click_plc_cpu_modules |
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active. | 2022-04-04 | not yet calculated | CVE-2021-32980 CONFIRM |
aveva — system_platform |
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | 2022-04-04 | not yet calculated | CVE-2021-32981 CONFIRM CONFIRM |
automationdirect — click_plc_cpu_modules |
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange. | 2022-04-04 | not yet calculated | CVE-2021-32982 CONFIRM |
automationdirect — click_plc_cpu_modules |
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization. | 2022-04-04 | not yet calculated | CVE-2021-32984 CONFIRM |
aveva — system_platform |
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | 2022-04-04 | not yet calculated | CVE-2021-32985 CONFIRM CONFIRM |
automationdirect — click_plc_cpu_modules |
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly. | 2022-04-04 | not yet calculated | CVE-2021-32986 CONFIRM |
softing — opc_ua_c++_sdk |
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don’t properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. | 2022-04-04 | not yet calculated | CVE-2021-32994 CONFIRM |
aveva — system_platform |
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. | 2022-04-04 | not yet calculated | CVE-2021-33008 CONFIRM CONFIRM |
aveva — system_platform |
An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | 2022-04-04 | not yet calculated | CVE-2021-33010 CONFIRM CONFIRM |
software_ag — mashzone_nextgen |
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code. | 2022-04-05 | not yet calculated | CVE-2021-33207 MISC MISC |
rsa — archer |
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. | 2022-04-04 | not yet calculated | CVE-2021-33616 MISC MISC MISC MISC |
johnson_controls — metasys |
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | 2022-04-07 | not yet calculated | CVE-2021-36202 CONFIRM CERT |
dell — vnx2_for_file |
Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. | 2022-04-08 | not yet calculated | CVE-2021-36287 MISC |
dell — vnx2_for_file |
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files | 2022-04-08 | not yet calculated | CVE-2021-36288 MISC |
dell — vnx2_for_file |
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | 2022-04-08 | not yet calculated | CVE-2021-36290 MISC |
dell — vnx2_for_file |
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. | 2022-04-08 | not yet calculated | CVE-2021-36293 MISC |
suse — rancher |
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | 2022-04-04 | not yet calculated | CVE-2021-36775 CONFIRM |
suse — rancher |
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. | 2022-04-04 | not yet calculated | CVE-2021-36776 CONFIRM |
wpscan — web_settler_testimonial_slider_free_testimonials_slider_plugin |
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | 2022-04-04 | not yet calculated | CVE-2021-36851 CONFIRM CONFIRM |
exploit_database — easy-mock |
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code. | 2022-04-05 | not yet calculated | CVE-2021-38834 MISC |
atlassian — confluence_server_and_data_center |
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | 2022-04-05 | not yet calculated | CVE-2021-39114 MISC |
apperta_foundation — openeyes |
A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient’s details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack. | 2022-04-06 | not yet calculated | CVE-2021-40374 MISC MISC |
apperta_foundation — openeyes |
Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient’s profile are still returned in the server response. This response can be read in an intercepting proxy or by viewing the page source. Sensitive information returned in responses includes patient PII and medication records or history. | 2022-04-06 | not yet calculated | CVE-2021-40375 MISC MISC |
github — libsixel |
libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. | 2022-04-08 | not yet calculated | CVE-2021-40656 MISC |
fortinet — fortiweb |
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 2022-04-06 | not yet calculated | CVE-2021-41026 CONFIRM |
combo — itop |
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren’t properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file. | 2022-04-05 | not yet calculated | CVE-2021-41245 CONFIRM MISC MISC |
libsixel — libsixel |
libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. | 2022-04-08 | not yet calculated | CVE-2021-41715 MISC |
jerryscript — ecma_builtin_array_prototype_object_slice |
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021. | 2022-04-05 | not yet calculated | CVE-2021-41751 MISC |
jerryscript — jerryscript |
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | 2022-04-05 | not yet calculated | CVE-2021-41752 MISC |
digital_china_ networks — S4600_10P_SI_ devices |
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access. | 2022-04-05 | not yet calculated | CVE-2021-42324 MISC MISC |
adminer — adminer | Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database. | 2022-04-05 | not yet calculated | CVE-2021-43008 MISC MISC MISC MISC |
opservices — opmon |
A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. | 2022-04-08 | not yet calculated | CVE-2021-43009 MISC |
async — async |
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method. | 2022-04-06 | not yet calculated | CVE-2021-43138 MISC MISC MISC MISC |
linux — forticlient |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. | 2022-04-06 | not yet calculated | CVE-2021-43205 CONFIRM |
studio_42 — elfinder |
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. | 2022-04-07 | not yet calculated | CVE-2021-43421 MISC MISC |
seagate — cortex |
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. | 2022-04-07 | not yet calculated | CVE-2021-43429 MISC MISC |
bigantsoft — im_webserver |
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | 2022-04-07 | not yet calculated | CVE-2021-43430 MISC |
exrick — product_add.jsp |
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. | 2022-04-07 | not yet calculated | CVE-2021-43432 MISC MISC MISC MISC |
jerryscript — js_parser_statm.c_file |
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657. | 2022-04-07 | not yet calculated | CVE-2021-43453 MISC |
anytxt — anytxt |
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . | 2022-04-04 | not yet calculated | CVE-2021-43454 MISC MISC MISC |
freelan — freelan |
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | 2022-04-04 | not yet calculated | CVE-2021-43455 MISC MISC MISC |
rumble_mail_server — rumbleservice |
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. | 2022-04-04 | not yet calculated | CVE-2021-43456 MISC MISC MISC |
bvpn — waselvpnserv |
An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. | 2022-04-04 | not yet calculated | CVE-2021-43457 MISC MISC MISC |
vembu — vembu |
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | 2022-04-04 | not yet calculated | CVE-2021-43458 MISC MISC MISC |
system_explorer_7.0.0 — systemexplorerhelpservice |
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. | 2022-04-04 | not yet calculated | CVE-2021-43460 MISC MISC MISC |
ext2fsd — ext2srv service |
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. | 2022-04-04 | not yet calculated | CVE-2021-43463 MISC MISC MISC |
subrioncms — intelliants | A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). | 2022-04-04 | not yet calculated | CVE-2021-43464 MISC |
d-link — dir-823g |
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | 2022-04-07 | not yet calculated | CVE-2021-43474 MISC MISC |
claro — kaon_CG3000 |
An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | 2022-04-08 | not yet calculated | CVE-2021-43483 MISC |
atutor — atutor |
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 2022-04-08 | not yet calculated | CVE-2021-43498 MISC MISC |
h_laravel — h_laravel |
A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php. | 2022-04-08 | not yet calculated | CVE-2021-43503 MISC |
kimai_kimai — new_timesheet |
A CSV Injection vulnerablity exists in Kimai Kimai 2 > 1.14 via a description in a new timesheet. | 2022-04-08 | not yet calculated | CVE-2021-43515 MISC |
foscam — foscam_camera |
FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | 2022-04-08 | not yet calculated | CVE-2021-43517 MISC |
zlog — zlog |
A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. | 2022-04-08 | not yet calculated | CVE-2021-43521 MISC MISC |
open5gs — open5gs |
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. | 2022-04-05 | not yet calculated | CVE-2021-44108 MISC MISC |
open5gs — open5gs |
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. | 2022-04-05 | not yet calculated | CVE-2021-44109 MISC MISC |
cauchoresin — resin |
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 – 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. | 2022-04-04 | not yet calculated | CVE-2021-44138 MISC |
fortinet — forticlient |
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer’s directory. | 2022-04-06 | not yet calculated | CVE-2021-44169 CONFIRM |
htcondor — htcondor |
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer. | 2022-04-06 | not yet calculated | CVE-2021-45103 MISC MISC |
htcondor — htcondor |
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users’ jobs and data. | 2022-04-06 | not yet calculated | CVE-2021-45104 MISC MISC |
softwarebuero_zauner_ arc — softwarebuero_zauner_ arc |
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. | 2022-04-05 | not yet calculated | CVE-2021-45891 MISC MISC |
softwarebuero_zauner_ arc — softwarebuero_zauner_ arc | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. | 2022-04-05 | not yet calculated | CVE-2021-45892 MISC MISC |
softwarebuero_zauner_ arc — softwarebuero_zauner_ arc | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. | 2022-04-05 | not yet calculated | CVE-2021-45893 MISC MISC |
softwarebuero_zauner_ arc — softwarebuero_zauner_ arc | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. | 2022-04-05 | not yet calculated | CVE-2021-45894 MISC MISC |
ritecms — ritecms |
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | 2022-04-08 | not yet calculated | CVE-2021-46367 MISC MISC MISC MISC |
sma — sunny_tripower |
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | 2022-04-07 | not yet calculated | CVE-2021-46416 MISC MISC |
franklin_fueling_systems — franklin_fueling_ Systems_colibri_ controller |
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | 2022-04-07 | not yet calculated | CVE-2021-46417 MISC MISC |
telesquare — telesquare_tlr_2855KS6 |
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | 2022-04-07 | not yet calculated | CVE-2021-46418 MISC |
telesquare — telesquare_tlr_2855KS6 |
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. | 2022-04-07 | not yet calculated | CVE-2021-46419 MISC |
zzcms — zzcms_2021 |
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | 2022-04-08 | not yet calculated | CVE-2021-46436 MISC |
zzcms — zzcms_2021 |
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | 2022-04-08 | not yet calculated | CVE-2021-46437 MISC |
wordpress — elfinder | The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders. | 2022-04-04 | not yet calculated | CVE-2022-0403 MISC |
worpress — contact_ form_7 |
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. | 2022-04-04 | not yet calculated | CVE-2022-0404 MISC |
github — janeczku/calibre_web |
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | 2022-04-03 | not yet calculated | CVE-2022-0405 CONFIRM MISC |
google — pagespeed |
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin’s settings dashboard, leading to Reflected Cross-Site Scripting | 2022-04-04 | not yet calculated | CVE-2022-0431 MISC CONFIRM |
google_chrome — coop |
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. | 2022-04-05 | not yet calculated | CVE-2022-0461 MISC MISC |
google_chrome — scroll |
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2022-04-05 | not yet calculated | CVE-2022-0462 MISC MISC |
google_chrome — extensions_platform |
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | 2022-04-05 | not yet calculated | CVE-2022-0466 MISC MISC |
google_chrome — pointer_lock |
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2022-04-05 | not yet calculated | CVE-2022-0467 MISC MISC |
wordpress — mappress_maps |
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the “ajax_save” function. The file is written relative to the current ‘s stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access. | 2022-04-04 | not yet calculated | CVE-2022-0537 MISC |
github — xss |
Cross-site Scripting (XSS) – DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. | 2022-04-05 | not yet calculated | CVE-2022-0602 MISC CONFIRM |
google_chrome — file_manager |
Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | not yet calculated | CVE-2022-0603 MISC MISC |
bitdefender_update_ serve — gravityzone |
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. | 2022-04-07 | not yet calculated | CVE-2022-0677 MISC |
wordpress — booking_package_ |
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it’s booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. | 2022-04-04 | not yet calculated | CVE-2022-0709 MISC |
gitlab — asana |
Incorrect authorization in the Asana integration’s branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | 2022-04-04 | not yet calculated | CVE-2022-0740 CONFIRM MISC MISC |
google_chrome — cast |
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. | 2022-04-05 | not yet calculated | CVE-2022-0793 MISC MISC |
google_chrome — chrome_os_shell |
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. | 2022-04-05 | not yet calculated | CVE-2022-0808 MISC MISC |
google_chrome — webxr |
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-04-05 | not yet calculated | CVE-2022-0809 MISC MISC |
wordpress — amelia |
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other’s booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | 2022-04-04 | not yet calculated | CVE-2022-0825 MISC CONFIRM |
wordpress — formbuilder |
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them. | 2022-04-04 | not yet calculated | CVE-2022-0830 MISC |
wordpress — amelia |
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification. | 2022-04-04 | not yet calculated | CVE-2022-0837 MISC |
wordpress — updraftplus | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | 2022-04-04 | not yet calculated | CVE-2022-0864 MISC MISC |
wordpress — profile_builder |
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed | 2022-04-04 | not yet calculated | CVE-2022-0884 MISC CONFIRM |
wordpress — easy_social_icons |
The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | 2022-04-04 | not yet calculated | CVE-2022-0887 MISC |
wordpress — ad_inserter_free_and_pro |
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | 2022-04-04 | not yet calculated | CVE-2022-0901 MISC MISC |
github — livehelperchat |
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | 2022-04-07 | not yet calculated | CVE-2022-0935 CONFIRM MISC |
github — server_side_request_forgery |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | 2022-04-04 | not yet calculated | CVE-2022-0939 CONFIRM MISC |
wordpress — mark_posts |
The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-04-04 | not yet calculated | CVE-2022-0958 MISC CONFIRM |
github — server_side_ request_forgery |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | 2022-04-04 | not yet calculated | CVE-2022-0990 MISC CONFIRM |
kyocera — net_view |
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | 2022-04-04 | not yet calculated | CVE-2022-1026 CONFIRM MISC |
gitlab — ce/ee |
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab | 2022-04-04 | not yet calculated | CVE-2022-1099 CONFIRM MISC |
gitlab — ce/ee |
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | 2022-04-04 | not yet calculated | CVE-2022-1100 CONFIRM MISC |
gitlab — ce/ee |
An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled | 2022-04-04 | not yet calculated | CVE-2022-1105 CONFIRM MISC |
gitlab — project_import |
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the ‘Access Granted’ column in the project membership pages | 2022-04-04 | not yet calculated | CVE-2022-1111 MISC CONFIRM |
gitlab — ce/ee |
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | 2022-04-04 | not yet calculated | CVE-2022-1120 MISC MISC CONFIRM |
gitlab — gitlab_pages |
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | 2022-04-04 | not yet calculated | CVE-2022-1121 CONFIRM MISC |
gitlab — gitlab_pages |
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user’s access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim’s other private websites | 2022-04-04 | not yet calculated | CVE-2022-1148 MISC MISC CONFIRM |
gitlab — ce/ee |
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | 2022-04-04 | not yet calculated | CVE-2022-1162 CONFIRM MISC |
wyzi_theme — wyzi_business_finder |
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature | 2022-04-04 | not yet calculated | CVE-2022-1164 MISC |
wordpress — baclhole_for_bad_bots |
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abused by competitors to cause damage related to visibility in search engines, can be used to bypass arbitrary blocks caused by this plugin, block any visitor or even the administrator and even more. | 2022-04-04 | not yet calculated | CVE-2022-1165 CONFIRM MISC |
jobmonster — jobmonster |
The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people’s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. | 2022-04-04 | not yet calculated | CVE-2022-1166 MISC MISC |
wordpress — careerup |
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. | 2022-04-04 | not yet calculated | CVE-2022-1167 MISC MISC MISC |
wordpress — jobsearch |
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. | 2022-04-04 | not yet calculated | CVE-2022-1168 MISC MISC |
careerfy — careerfy |
There is a XSS vulnerability in Careerfy. | 2022-04-04 | not yet calculated | CVE-2022-1169 MISC MISC |
wordpress — jobmonster |
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. | 2022-04-04 | not yet calculated | CVE-2022-1170 MISC MISC |
gitlab — gitlab |
A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | 2022-04-04 | not yet calculated | CVE-2022-1174 CONFIRM MISC MISC |
gitlab — gitlab |
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | 2022-04-04 | not yet calculated | CVE-2022-1175 CONFIRM MISC MISC |
gitlab — gitlab |
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file | 2022-04-04 | not yet calculated | CVE-2022-1185 MISC MISC CONFIRM |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | 2022-04-04 | not yet calculated | CVE-2022-1188 MISC CONFIRM MISC |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | 2022-04-04 | not yet calculated | CVE-2022-1189 CONFIRM MISC |
gitlab — gitlab | Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | 2022-04-04 | not yet calculated | CVE-2022-1190 CONFIRM MISC MISC |
mruby — mruby |
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. | 2022-04-02 | not yet calculated | CVE-2022-1201 CONFIRM MISC |
libtiff — libtiff |
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | 2022-04-03 | not yet calculated | CVE-2022-1210 MISC MISC MISC |
tildearrow — tildearrow_furnace_dev73 |
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. | 2022-04-03 | not yet calculated | CVE-2022-1211 N/A N/A N/A |
mruby — mruby |
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 2022-04-05 | not yet calculated | CVE-2022-1212 MISC CONFIRM |
livehelperchat — livehelperchat |
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | 2022-04-05 | not yet calculated | CVE-2022-1213 MISC CONFIRM |
pimcore — pimcore |
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | 2022-04-08 | not yet calculated | CVE-2022-1219 MISC CONFIRM |
gpac — gpac |
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 2022-04-04 | not yet calculated | CVE-2022-1222 MISC CONFIRM |
phpipam — phpipam |
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6. | 2022-04-04 | not yet calculated | CVE-2022-1223 CONFIRM MISC |
phpipam — phpipam |
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | 2022-04-04 | not yet calculated | CVE-2022-1224 MISC CONFIRM |
phpipam — phpipam |
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | 2022-04-04 | not yet calculated | CVE-2022-1225 MISC CONFIRM |
github — uri.js |
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. | 2022-04-04 | not yet calculated | CVE-2022-1233 MISC CONFIRM |
livehelperchat — livehelperchat |
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device. | 2022-04-06 | not yet calculated | CVE-2022-1234 MISC CONFIRM |
livehelperchat — livehelperchat |
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | 2022-04-05 | not yet calculated | CVE-2022-1235 MISC CONFIRM |
weseek — growi |
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0. | 2022-04-05 | not yet calculated | CVE-2022-1236 MISC CONFIRM |
radareorg — radare2 |
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | 2022-04-06 | not yet calculated | CVE-2022-1237 CONFIRM MISC |
radareorg — radare2 |
Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | 2022-04-06 | not yet calculated | CVE-2022-1238 MISC CONFIRM |
radareorg — radare2 |
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | 2022-04-06 | not yet calculated | CVE-2022-1240 CONFIRM MISC |
medalize — uri.js |
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. | 2022-04-05 | not yet calculated | CVE-2022-1243 CONFIRM MISC |
radareorg — radare2 |
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | 2022-04-05 | not yet calculated | CVE-2022-1244 MISC CONFIRM |
sap — sap_information_sysystem |
A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed. | 2022-04-06 | not yet calculated | CVE-2022-1248 N/A MISC |
strukturag — strukturag |
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1.0.8. | 2022-04-06 | not yet calculated | CVE-2022-1253 CONFIRM MISC |
radareorg — radare2 | NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash). | 2022-04-08 | not yet calculated | CVE-2022-1283 CONFIRM MISC |
radareorg — radare2 | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | 2022-04-08 | not yet calculated | CVE-2022-1284 CONFIRM MISC |
school_club_application_system — school_club_application_system |
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. | 2022-04-09 | not yet calculated | CVE-2022-1287 N/A |
school_club_application_system — school_club_application_system |
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. | 2022-04-09 | not yet calculated | CVE-2022-1288 N/A |
cisco — staros |
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device. | 2022-04-06 | not yet calculated | CVE-2022-20665 CISCO |
cisco — email_security_appliance |
A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition. | 2022-04-06 | not yet calculated | CVE-2022-20675 CISCO |
cisco — network_diagrams_application |
A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2022-04-06 | not yet calculated | CVE-2022-20741 CISCO |
cisco — multiple_products |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-06 | not yet calculated | CVE-2022-20754 CISCO |
cisco — multiple_products |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-06 | not yet calculated | CVE-2022-20755 CISCO |
cisco — identity_services_engine |
A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information. | 2022-04-06 | not yet calculated | CVE-2022-20756 CISCO |
cisco — ultra_cloud_core |
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges. | 2022-04-06 | not yet calculated | CVE-2022-20762 CISCO |
cisco — webex |
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application. | 2022-04-06 | not yet calculated | CVE-2022-20763 CISCO |
cisco — ip_phone |
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition. | 2022-04-06 | not yet calculated | CVE-2022-20774 CISCO |
cisco — asyncos |
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. | 2022-04-06 | not yet calculated | CVE-2022-20781 CISCO |
cisco — identity_services_engine |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | 2022-04-06 | not yet calculated | CVE-2022-20782 CISCO |
cisco — asyncos |
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy. | 2022-04-06 | not yet calculated | CVE-2022-20784 CISCO |
ibm — planning_analytics |
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. | 2022-04-08 | not yet calculated | CVE-2022-22339 XF CONFIRM |
ibm — mq_appliance |
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. | 2022-04-05 | not yet calculated | CVE-2022-22355 CONFIRM XF |
ibm — mq_appliance |
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. | 2022-04-05 | not yet calculated | CVE-2022-22356 CONFIRM XF |
ibm — watson_query |
IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763. | 2022-04-06 | not yet calculated | CVE-2022-22410 XF CONFIRM |
codesys — codesys |
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 2022-04-07 | not yet calculated | CVE-2022-22513 MISC |
codesys — codesys |
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. This causes a null pointer dereference in the CmpSettings component of the affected CODESYS products and leads to a crash. | 2022-04-07 | not yet calculated | CVE-2022-22514 MISC |
codesys — control_runtime_system |
A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | 2022-04-07 | not yet calculated | CVE-2022-22515 MISC |
codesys — control_runtime_system |
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | 2022-04-07 | not yet calculated | CVE-2022-22516 MISC |
codesys — codesys |
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. | 2022-04-07 | not yet calculated | CVE-2022-22517 MISC |
codesys — codesys |
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy. | 2022-04-07 | not yet calculated | CVE-2022-22518 MISC |
codesys — codesys |
A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system. | 2022-04-07 | not yet calculated | CVE-2022-22519 MISC |
dell — emc_powerscale_onefs |
Dell EMC Powerscale OneFS 8.2.x – 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. | 2022-04-08 | not yet calculated | CVE-2022-22563 MISC |
fortiedr — multiple_products |
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | 2022-04-06 | not yet calculated | CVE-2022-23440 CONFIRM |
fortiedr — multiple_products |
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | 2022-04-06 | not yet calculated | CVE-2022-23441 CONFIRM |
fortiedr — multiple_products | A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. | 2022-04-06 | not yet calculated | CVE-2022-23446 CONFIRM |
hpe — oneview |
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 2022-04-04 | not yet calculated | CVE-2022-23697 MISC |
hpe — oneview |
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 2022-04-04 | not yet calculated | CVE-2022-23698 MISC |
hpe — oneview |
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 2022-04-04 | not yet calculated | CVE-2022-23699 MISC |
hpe — oneview |
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 2022-04-04 | not yet calculated | CVE-2022-23700 MISC |
enterprise_server_management — enterprise_server_management |
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-04-05 | not yet calculated | CVE-2022-23732 CONFIRM CONFIRM CONFIRM CONFIRM |
wavlink — wl-wn531p3_router |
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi. | 2022-04-07 | not yet calculated | CVE-2022-23900 MISC MISC |
sherpa — connector_service |
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a “C:\Program Files\Sherpa Software\Sherpa.exe” file. | 2022-04-05 | not yet calculated | CVE-2022-23909 MISC MISC |
asus — asus |
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | 2022-04-07 | not yet calculated | CVE-2022-23970 MISC |
asus — asus | ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | 2022-04-07 | not yet calculated | CVE-2022-23971 MISC |
asus — asus |
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. | 2022-04-07 | not yet calculated | CVE-2022-23972 MISC |
asus — asus |
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | 2022-04-07 | not yet calculated | CVE-2022-23973 MISC |
apache — pinot |
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0 | 2022-04-05 | not yet calculated | CVE-2022-23974 MISC |
htmldoc — htmldoc |
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. | 2022-04-04 | not yet calculated | CVE-2022-24191 MISC |
onlyoffice — document_server |
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | 2022-04-08 | not yet calculated | CVE-2022-24229 MISC MISC MISC |
simple_student_information_system — simple_student_information_system |
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. | 2022-04-05 | not yet calculated | CVE-2022-24231 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | 2022-04-08 | not yet calculated | CVE-2022-24428 MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-24475 N/A |
microsoft — edge |
Microsoft Edge (Chromium-based) Spoofing Vulnerability. | 2022-04-05 | not yet calculated | CVE-2022-24523 N/A |
zoho — manageengine_adselfservice |
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | 2022-04-07 | not yet calculated | CVE-2022-24681 MISC CONFIRM |
combodo — itop |
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. | 2022-04-05 | not yet calculated | CVE-2022-24780 MISC MISC MISC CONFIRM MISC |
moment — moment | Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | 2022-04-04 | not yet calculated | CVE-2022-24785 MISC CONFIRM |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. | 2022-04-06 | not yet calculated | CVE-2022-24786 CONFIRM MISC |
vyper — vyper |
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `”\x00″` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. | 2022-04-04 | not yet calculated | CVE-2022-24787 MISC CONFIRM |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn’t affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. | 2022-04-06 | not yet calculated | CVE-2022-24793 MISC CONFIRM |
yajl-ruby — yajl-ruby |
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. | 2022-04-05 | not yet calculated | CVE-2022-24795 CONFIRM MISC MISC |
twisted — twisted |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web’s HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. | 2022-04-04 | not yet calculated | CVE-2022-24801 MISC MISC CONFIRM |
combodi — itop |
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. | 2022-04-05 | not yet calculated | CVE-2022-24811 MISC MISC CONFIRM |
createwiki — createwiki |
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki’s GitHub repository. | 2022-04-04 | not yet calculated | CVE-2022-24813 CONFIRM MISC MISC |
directus — directus |
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ “media_live_embeds”: false }` to the _Options Overrides_ option of the Rich Text HTML interface. | 2022-04-04 | not yet calculated | CVE-2022-24814 CONFIRM MISC MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | 2022-04-08 | not yet calculated | CVE-2022-24819 CONFIRM MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | 2022-04-08 | not yet calculated | CVE-2022-24820 CONFIRM MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There’s no easy workaround for this issue, administrators should upgrade their wiki. | 2022-04-08 | not yet calculated | CVE-2022-24821 MISC CONFIRM |
podium — podium |
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading. | 2022-04-06 | not yet calculated | CVE-2022-24822 CONFIRM MISC MISC MISC MISC |
zoho — manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | 2022-04-05 | not yet calculated | CVE-2022-24978 MISC CONFIRM |
samsung — ssd_t5 |
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) | 2022-04-05 | not yet calculated | CVE-2022-25154 CONFIRM |
zoho — manageengine_servicedesk_plus |
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation’s default currency name. | 2022-04-05 | not yet calculated | CVE-2022-25245 MISC CONFIRM |
owncloud — owncloud |
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | 2022-04-07 | not yet calculated | CVE-2022-25338 MISC |
owncloud — owncloud | ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | 2022-04-07 | not yet calculated | CVE-2022-25339 MISC |
alt-n — mdaemon_security_gateway |
Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. | 2022-04-05 | not yet calculated | CVE-2022-25356 MISC MISC MISC |
zoho — manageengine_supportcenter_plus |
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | 2022-04-05 | not yet calculated | CVE-2022-25373 MISC CONFIRM |
gams — gams |
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. | 2022-04-04 | not yet calculated | CVE-2022-25569 MISC |
seyeon_tech_co.,_ltd — flexwatch |
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. | 2022-04-05 | not yet calculated | CVE-2022-25584 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
microprogram — parking_lot_management_system |
Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information. | 2022-04-07 | not yet calculated | CVE-2022-25594 MISC |
asus — rt_ac86u |
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | 2022-04-07 | not yet calculated | CVE-2022-25595 MISC |
asus — rt_ac56u |
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | 2022-04-07 | not yet calculated | CVE-2022-25596 MISC |
asus — asus |
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. | 2022-04-07 | not yet calculated | CVE-2022-25597 MISC |
fv — flowplayer_video_player |
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | 2022-04-04 | not yet calculated | CVE-2022-25613 CONFIRM CONFIRM |
wordpress — wpdatatables |
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | 2022-04-04 | not yet calculated | CVE-2022-25618 CONFIRM CONFIRM |
htcondor — htcondor |
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. | 2022-04-06 | not yet calculated | CVE-2022-26110 MISC |
qdpm — qdpm |
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | 2022-04-08 | not yet calculated | CVE-2022-26180 MISC |
barco — control_room_management |
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the “GET /..\..” substring. | 2022-04-03 | not yet calculated | CVE-2022-26233 MISC MISC |
synaman — synaman |
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | 2022-04-06 | not yet calculated | CVE-2022-26250 MISC MISC MISC |
synaman — synaman |
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | 2022-04-06 | not yet calculated | CVE-2022-26251 MISC MISC MISC |
bigant — bigant |
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. | 2022-04-05 | not yet calculated | CVE-2022-26281 MISC MISC |
xenbits — xenbits |
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak. | 2022-04-05 | not yet calculated | CVE-2022-26356 MISC CONFIRM MLIST |
vt-d — domain_id_clelanup |
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. | 2022-04-05 | not yet calculated | CVE-2022-26357 MISC CONFIRM MLIST |
vt-d — vt-d |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”) for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 2022-04-05 | not yet calculated | CVE-2022-26358 MISC CONFIRM MLIST |
vt-d — vt-d |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”) for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 2022-04-05 | not yet calculated | CVE-2022-26359 MISC CONFIRM MLIST |
vt-d — vt-d |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”) for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 2022-04-05 | not yet calculated | CVE-2022-26360 MISC CONFIRM MLIST |
vt-d — vt-d |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”) for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 2022-04-05 | not yet calculated | CVE-2022-26361 MISC CONFIRM MLIST |
swaylock — swaylock |
swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. | 2022-04-03 | not yet calculated | CVE-2022-26530 CONFIRM MISC MISC |
xerox — colorqube_8580 |
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. | 2022-04-04 | not yet calculated | CVE-2022-26572 MISC |
mingsoft — mcms |
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | 2022-04-05 | not yet calculated | CVE-2022-26585 MISC |
icehrm — icehrm |
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. | 2022-04-08 | not yet calculated | CVE-2022-26588 MISC |
fantech — gmbh_mwid25-ds_firmware |
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. | 2022-04-06 | not yet calculated | CVE-2022-26591 MISC |
eziosuite — eziosuite | eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | 2022-04-06 | not yet calculated | CVE-2022-26605 MISC |
baigo — baigo_cms |
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | 2022-04-06 | not yet calculated | CVE-2022-26607 MISC MISC MISC |
apache — hadoop |
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn’t resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 | 2022-04-07 | not yet calculated | CVE-2022-26612 MISC |
php-cms — php-cms |
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. | 2022-04-06 | not yet calculated | CVE-2022-26613 MISC |
college_website_content_management_system — college_website_content_management |
A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. | 2022-04-05 | not yet calculated | CVE-2022-26615 MISC |
pkp_vendor_open_jornal_system — pkp_vendor_open_journal_system |
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. | 2022-04-04 | not yet calculated | CVE-2022-26616 MISC MISC |
halo_blog_cms — halo_blog_cms |
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | 2022-04-05 | not yet calculated | CVE-2022-26619 MISC |
bootstrap — bootstrap |
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. | 2022-04-08 | not yet calculated | CVE-2022-26624 MISC MISC |
online_project_time_management — online_project_time_management |
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. | 2022-04-07 | not yet calculated | CVE-2022-26627 MISC |
matrimony — matrimony |
Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | 2022-04-05 | not yet calculated | CVE-2022-26628 MISC |
jellycms — jellycms |
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. | 2022-04-05 | not yet calculated | CVE-2022-26630 MISC |
php-memcached — php-memcached |
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. | 2022-04-05 | not yet calculated | CVE-2022-26635 MISC |
dlink — dlink |
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | 2022-04-07 | not yet calculated | CVE-2022-26670 MISC |
secom — secom | Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | 2022-04-07 | not yet calculated | CVE-2022-26671 MISC |
aenrich — aenrich | aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | 2022-04-07 | not yet calculated | CVE-2022-26675 MISC |
aenrich — aenrich |
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | 2022-04-07 | not yet calculated | CVE-2022-26676 MISC |
apache — nifi |
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory. | 2022-04-06 | not yet calculated | CVE-2022-26850 MISC MLIST |
dell — powerscale_onefs | Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. | 2022-04-08 | not yet calculated | CVE-2022-26851 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. | 2022-04-08 | not yet calculated | CVE-2022-26852 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access | 2022-04-08 | not yet calculated | CVE-2022-26854 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. | 2022-04-08 | not yet calculated | CVE-2022-26855 MISC |
asana — asanda_desktop |
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | 2022-04-09 | not yet calculated | CVE-2022-26877 MISC CONFIRM |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-26891 N/A |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-26894 N/A |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-26895 N/A |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-26900 N/A |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-26908 N/A |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. | 2022-04-05 | not yet calculated | CVE-2022-26909 N/A |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909. | 2022-04-05 | not yet calculated | CVE-2022-26912 N/A |
digi — passport_firmware | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | 2022-04-06 | not yet calculated | CVE-2022-26952 MISC MISC MISC |
digi — passport_firmware |
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. | 2022-04-06 | not yet calculated | CVE-2022-26953 MISC MISC MISC |
simplemachinesforum –simplemachinesforum |
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 2022-04-05 | not yet calculated | CVE-2022-26982 MISC |
impresscms — impresscms |
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system. | 2022-04-05 | not yet calculated | CVE-2022-26986 MISC |
tenda — tenda | There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. | 2022-04-07 | not yet calculated | CVE-2022-27016 MISC |
tenda — tenda |
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload. | 2022-04-07 | not yet calculated | CVE-2022-27022 MISC |
libsixel — libsixel | libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. | 2022-04-08 | not yet calculated | CVE-2022-27044 MISC |
libsixel — libsixel |
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. | 2022-04-08 | not yet calculated | CVE-2022-27046 MISC |
mogu_blog_cms — mogu_blog_cms |
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | 2022-04-08 | not yet calculated | CVE-2022-27047 MISC |
aerocms — aerocms | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27061 MISC MISC MISC |
aerocms — aerocms |
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | 2022-04-08 | not yet calculated | CVE-2022-27062 MISC MISC MISC |
aerocms — aerocms |
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | 2022-04-08 | not yet calculated | CVE-2022-27063 MISC MISC MISC |
musical_world — musical_world |
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27064 MISC MISC MISC |
orangehrm — orangehrm |
OrangeHRM 4.10 is vulnerable to Stored XSS in the “Share Video” section under “OrangeBuzz” via the GET/POST “createVideo[linkAddress]” parameter | 2022-04-06 | not yet calculated | CVE-2022-27107 MISC |
orangehrm — orangehrm |
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user’s account. | 2022-04-06 | not yet calculated | CVE-2022-27108 MISC |
orangehrm — orangehrm | OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. | 2022-04-06 | not yet calculated | CVE-2022-27109 MISC |
orangehrm — orangehrm | OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. | 2022-04-06 | not yet calculated | CVE-2022-27110 MISC |
employee_performance_evaluation — employee_performance_evaluation |
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | 2022-04-05 | not yet calculated | CVE-2022-27123 MISC |
insurance_management_system — insurance_management_system |
Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 2022-04-05 | not yet calculated | CVE-2022-27124 MISC |
gpac — mp4box |
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | 2022-04-08 | not yet calculated | CVE-2022-27145 MISC |
gpac — mp4box |
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | 2022-04-08 | not yet calculated | CVE-2022-27146 MISC |
gpac — mp4box |
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. | 2022-04-08 | not yet calculated | CVE-2022-27147 MISC |
gpac — mp4box |
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | 2022-04-08 | not yet calculated | CVE-2022-27148 MISC |
roku — roku |
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | 2022-04-08 | not yet calculated | CVE-2022-27152 MISC |
student_grading_system — student_grading_system |
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | 2022-04-05 | not yet calculated | CVE-2022-27304 MISC |
ecommerce-website — ecommerce-website |
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27346 MISC MISC MISC |
social_codia_sms — social_codia_sms |
Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | 2022-04-08 | not yet calculated | CVE-2022-27348 MISC MISC MISC |
social_codia_sms — social_codia_sms |
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27349 MISC MISC MISC |
zoo_management_system — zoo_management_system |
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27351 MISC MISC MISC |
simple_house_rental_system — simple_house_rental_system |
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27352 MISC MISC MISC |
ecommerce-website — ecommerce-website |
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | not yet calculated | CVE-2022-27357 MISC MISC MISC |
e-commerce_website — e-commerce_website |
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | 2022-04-04 | not yet calculated | CVE-2022-27435 MISC MISC |
e-commerce_website — e-commerce_website |
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field. | 2022-04-04 | not yet calculated | CVE-2022-27436 MISC MISC |
tpcms — tpcms |
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. | 2022-04-04 | not yet calculated | CVE-2022-27441 MISC |
tpcms — tpcms |
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator’s user name and password. | 2022-04-04 | not yet calculated | CVE-2022-27442 MISC |
wwbn — avideo | Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | 2022-04-05 | not yet calculated | CVE-2022-27462 MISC MISC |
wwbn — avideo |
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | 2022-04-05 | not yet calculated | CVE-2022-27463 MISC MISC |
forcepoint — one_endpoint |
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it. | 2022-04-04 | not yet calculated | CVE-2022-27608 MISC |
forcepoint — one_endpoint |
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it. | 2022-04-04 | not yet calculated | CVE-2022-27609 MISC |
podman — moby_docker_engine |
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | 2022-04-04 | not yet calculated | CVE-2022-27649 MISC MISC MISC |
moby — moby_docker_engine |
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | 2022-04-04 | not yet calculated | CVE-2022-27650 MISC MISC MISC FEDORA |
moby — moby_docker_engine |
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | 2022-04-04 | not yet calculated | CVE-2022-27651 MISC MISC MISC FEDORA FEDORA |
waycrate — swhkd | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | 2022-04-07 | not yet calculated | CVE-2022-27818 MISC MISC |
waycrate — swhkd |
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). | 2022-04-07 | not yet calculated | CVE-2022-27819 MISC MISC |
trend_micro — antivirus_for_mac |
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. | 2022-04-09 | not yet calculated | CVE-2022-27883 N/A N/A |
online_banking_system — online_banking_system |
Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. | 2022-04-08 | not yet calculated | CVE-2022-27991 MISC |
zoo_management_system — zoo_management_system |
Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | 2022-04-08 | not yet calculated | CVE-2022-27992 MISC MISC |
car_rental_system — car_rental_system |
Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. | 2022-04-08 | not yet calculated | CVE-2022-28000 MISC MISC |
movie_seat_reservation — movie_seat_reservation | Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | 2022-04-08 | not yet calculated | CVE-2022-28001 MISC MISC |
movie_seat_reservation — movie_seat_reservation | Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | 2022-04-08 | not yet calculated | CVE-2022-28002 MISC MISC |
car_rental_system — car_rental_system |
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | 2022-04-04 | not yet calculated | CVE-2022-28062 MISC |
simple_bakery_shop_management_system — simple_bakery_shop_management_system |
Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products. | 2022-04-04 | not yet calculated | CVE-2022-28063 MISC |
online_sports_complex_booking — online_sports_complex_booking | Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | 2022-04-05 | not yet calculated | CVE-2022-28115 MISC |
online_banking_system — online_banking_system |
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | 2022-04-05 | not yet calculated | CVE-2022-28116 MISC |
zoho — manageengine |
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 2022-04-05 | not yet calculated | CVE-2022-28219 MISC CONFIRM |
weechat — weechat |
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart. | 2022-04-02 | not yet calculated | CVE-2022-28352 MISC MISC |
scala.js — scala.js |
randomUUID in Scala.js before 1.10.0 generates predictable values. | 2022-04-02 | not yet calculated | CVE-2022-28355 MISC MISC CONFIRM CONFIRM |
reprise_software — reprise_license_manager | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | 2022-04-09 | not yet calculated | CVE-2022-28363 MISC MISC |
reprise_software — reprise_license_manager | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | 2022-04-09 | not yet calculated | CVE-2022-28364 MISC MISC |
reprise_software — reprise_license_manager |
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | 2022-04-09 | not yet calculated | CVE-2022-28365 MISC MISC |
synk_labs — php_goof |
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | 2022-04-03 | not yet calculated | CVE-2022-28368 MISC MISC MISC MISC MISC MISC |
verizon — lvskihp_5g |
Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device’s serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. | 2022-04-03 | not yet calculated | CVE-2022-28376 MISC |
craft_cms — craft |
Craft CMS before 3.7.29 allows XSS. | 2022-04-03 | not yet calculated | CVE-2022-28378 MISC |
nginx_proxy_manager — nginx_proxy_manager |
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. | 2022-04-03 | not yet calculated | CVE-2022-28379 MISC MISC |
rc-httpd — rc-httpd |
The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. | 2022-04-03 | not yet calculated | CVE-2022-28380 MISC CONFIRM |
alpine — busybox |
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record’s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal’s colors. | 2022-04-03 | not yet calculated | CVE-2022-28391 MISC MISC MISC |
online_student_admission — online_student_admission |
Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. | 2022-04-05 | not yet calculated | CVE-2022-28467 MISC |
payroll_management_system — payroll_management_system |
Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 2022-04-05 | not yet calculated | CVE-2022-28468 MISC |
jetbrains — youtrack |
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered | 2022-04-05 | not yet calculated | CVE-2022-28648 MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description | 2022-04-05 | not yet calculated | CVE-2022-28649 MISC |
jetbrains — youtrack |
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI | 2022-04-05 | not yet calculated | CVE-2022-28650 MISC |
jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | 2022-04-05 | not yet calculated | CVE-2022-28651 MISC |
linux — linux_kernel |
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | 2022-04-08 | not yet calculated | CVE-2022-28796 MISC MISC |
lua — lua |
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | 2022-04-08 | not yet calculated | CVE-2022-28805 MISC MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.