US-CERT Bulletin (SB22-108)yokogawa — centum:Vulnerability Summary for the Week of April 11, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
dell — emc_unity_operating_environment | Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. | 2022-04-08 | 10 | CVE-2021-36287 MISC |
foscam — fi9805e_firmware | FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | 2022-04-08 | 10 | CVE-2021-43517 MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access | 2022-04-08 | 10 | CVE-2022-26854 MISC |
kevinlab — 4st_l-bems | An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. | 2022-04-11 | 9 | CVE-2021-37292 MISC MISC |
ritecms — ritecms | RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | 2022-04-08 | 9 | CVE-2021-46367 MISC MISC MISC MISC |
trendmicro — antivirus_for_mac | A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. | 2022-04-09 | 8.5 | CVE-2022-27883 N/A N/A |
zyxel — vmg3312-t20a_firmware | A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | 2022-04-11 | 7.7 | CVE-2022-26413 CONFIRM |
kevinlab — 4st_l-bems | An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | 2022-04-11 | 7.5 | CVE-2021-37291 MISC MISC |
laravel — laravel | A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php. | 2022-04-08 | 7.5 | CVE-2021-43503 MISC |
stopbadbots — block_and_stop_bad_bots | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | 2022-04-11 | 7.5 | CVE-2022-0949 MISC |
mruby — mruby | Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 2022-04-10 | 7.5 | CVE-2022-1276 MISC CONFIRM |
school_club_application_system_project — school_club_application_system | A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. | 2022-04-09 | 7.5 | CVE-2022-1287 N/A |
fullpage_project — fullpage | Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. | 2022-04-11 | 7.5 | CVE-2022-1295 CONFIRM MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. | 2022-04-08 | 7.5 | CVE-2022-26852 MISC |
moguit — mogu_blog_cms | mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | 2022-04-08 | 7.5 | CVE-2022-27047 MISC |
std42 — elfinder | In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | 2022-04-11 | 7.5 | CVE-2022-27115 MISC |
zbzcms — zbzcms | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. | 2022-04-10 | 7.5 | CVE-2022-27126 MISC |
zbzcms — zbzcms | An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. | 2022-04-10 | 7.5 | CVE-2022-27128 MISC |
zbzcms — zbzcms | An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-10 | 7.5 | CVE-2022-27129 MISC |
zbzcms — zbzcms | An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-10 | 7.5 | CVE-2022-27131 MISC |
zoo_management_system_project — zoo_management_system | Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 7.5 | CVE-2022-27351 MISC MISC MISC |
ecommerce-website_project — ecommerce-website | Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 7.5 | CVE-2022-27357 MISC MISC MISC |
newbee-mall_project — newbee-mall | Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | 2022-04-10 | 7.5 | CVE-2022-27477 MISC |
movie_seat_reservation_project — movie_seat_reservation | Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | 2022-04-08 | 7.5 | CVE-2022-28001 MISC MISC |
zyxel — zyxel_ap_configurator | A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | 2022-04-11 | 7.2 | CVE-2022-0556 CONFIRM |
google — android | In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418. | 2022-04-11 | 7.2 | CVE-2022-20062 MISC |
google — android | In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. | 2022-04-11 | 7.2 | CVE-2022-20064 MISC |
fujitsu — plugfree_network | In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | 2022-04-11 | 7.2 | CVE-2022-27089 MISC |
linux — linux_kernel | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | 2022-04-11 | 7.2 | CVE-2022-28893 MISC MLIST MLIST MLIST |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google — android | In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642. | 2022-04-11 | 6.9 | CVE-2022-20052 MISC |
google — android | In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715. | 2022-04-11 | 6.9 | CVE-2022-20063 MISC |
linux — linux_kernel | jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | 2022-04-08 | 6.9 | CVE-2022-28796 MISC MISC |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | 2022-04-08 | 6.8 | CVE-2020-4668 XF CONFIRM |
webmin — webmin | A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | 2022-04-11 | 6.8 | CVE-2021-32156 MISC |
webmin — webmin | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | 2022-04-11 | 6.8 | CVE-2021-32157 MISC |
webmin — webmin | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | 2022-04-11 | 6.8 | CVE-2021-32159 MISC |
webmin — webmin | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | 2022-04-11 | 6.8 | CVE-2021-32162 MISC |
libsixel_project — libsixel | libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. | 2022-04-08 | 6.8 | CVE-2021-40656 MISC |
libsixel_project — libsixel | libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. | 2022-04-08 | 6.8 | CVE-2021-41715 MISC |
kimai — kimai | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. | 2022-04-08 | 6.8 | CVE-2021-43515 MISC |
zzcms — zzcms | An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | 2022-04-08 | 6.8 | CVE-2021-46436 MISC |
qdpm — qdpm | qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | 2022-04-08 | 6.8 | CVE-2022-26180 MISC MISC |
libsixel_project — libsixel | libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. | 2022-04-08 | 6.8 | CVE-2022-27044 MISC |
libsixel_project — libsixel | libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. | 2022-04-08 | 6.8 | CVE-2022-27046 MISC |
bolt — bolt_cms | Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | 2022-04-11 | 6.5 | CVE-2021-40219 MISC MISC MISC MISC |
elbtide — advanced_booking_calendar | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | 2022-04-11 | 6.5 | CVE-2022-1006 MISC CONFIRM |
ocdi — one_click_demo_import | The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | 2022-04-11 | 6.5 | CVE-2022-1008 MISC CONFIRM |
secondlinethemes — podcast_importer_secondline | The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | 2022-04-11 | 6.5 | CVE-2022-1023 CONFIRM MISC |
ibm — planning_analytics | IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. | 2022-04-08 | 6.5 | CVE-2022-22339 XF CONFIRM |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | 2022-04-08 | 6.5 | CVE-2022-24428 MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 6.5 | CVE-2022-27061 MISC MISC MISC |
musical_world_project — musical_world | Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 6.5 | CVE-2022-27064 MISC MISC MISC |
ecommerce-website_project — ecommerce-website | Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 6.5 | CVE-2022-27346 MISC MISC MISC |
socialcodia — social_codia_sms | Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 6.5 | CVE-2022-27349 MISC MISC MISC |
simple_house_rental_system_project — simple_house_rental_system | Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-08 | 6.5 | CVE-2022-27352 MISC MISC MISC |
zoo_management_system_project — zoo_management_system | Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | 2022-04-08 | 6.5 | CVE-2022-27992 MISC MISC |
car_rental_system_project — car_rental_system | Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. | 2022-04-08 | 6.5 | CVE-2022-28000 MISC MISC |
dell — emc_unity_operating_environment | Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files | 2022-04-08 | 6.4 | CVE-2021-36288 MISC |
huawei — emui | The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. | 2022-04-11 | 6.4 | CVE-2021-46742 MISC MISC |
radare — radare2 | Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | 2022-04-11 | 6.4 | CVE-2022-1296 CONFIRM MISC |
radare — radare2 | Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | 2022-04-11 | 6.4 | CVE-2022-1297 MISC CONFIRM |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. | 2022-04-08 | 6.4 | CVE-2022-26851 MISC |
zbzcms — zbzcms | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. | 2022-04-10 | 6.4 | CVE-2022-27127 MISC |
zbzcms — zbzcms | zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. | 2022-04-10 | 6.4 | CVE-2022-27133 MISC |
lua — lua | singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | 2022-04-08 | 6.4 | CVE-2022-28805 MISC MISC MISC MISC |
xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There’s no easy workaround for this issue, administrators should upgrade their wiki. | 2022-04-08 | 5.5 | CVE-2022-24821 MISC CONFIRM |
febs-security_project — febs-security | Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users’ personal information. | 2022-04-10 | 5.5 | CVE-2022-27958 MISC |
ofcms_project — ofcms | Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users’ personal information. | 2022-04-10 | 5.5 | CVE-2022-27960 MISC |
claro — kaon_cg3000_firmware | An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | 2022-04-08 | 5.2 | CVE-2021-43483 MISC |
ibm — system_storage_ds8000_management_console_firmware | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. | 2022-04-11 | 5 | CVE-2021-38929 CONFIRM XF |
ibm — system_storage_ds8000_management_console_firmware | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. | 2022-04-11 | 5 | CVE-2021-38930 CONFIRM XF |
huawei — emui | The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 2022-04-11 | 5 | CVE-2021-40065 MISC MISC |
atutor — atutor | An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 2022-04-08 | 5 | CVE-2021-43498 MISC MISC |
zlog_project — zlog | A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. | 2022-04-08 | 5 | CVE-2021-43521 MISC MISC |
huawei — emui | The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. | 2022-04-11 | 5 | CVE-2021-46740 MISC MISC |
wpdownloadmanager — wordpress_download_manager | The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | 2022-04-11 | 5 | CVE-2022-0828 MISC |
salonbookingsystem — salon_booking_system | The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other’s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. | 2022-04-11 | 5 | CVE-2022-0919 MISC |
salonbookingsystem — salon_booking_system | The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer’s data | 2022-04-11 | 5 | CVE-2022-0920 MISC |
nsthemes — ns_watermark_for_woocommerce | An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | 2022-04-11 | 5 | CVE-2022-0989 MISC |
pimcore — pimcore | SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | 2022-04-08 | 5 | CVE-2022-1219 MISC CONFIRM |
gnuboard — gnuboard5 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the ‘Let others see my information.’ box is ticked off. | 2022-04-11 | 5 | CVE-2022-1252 CONFIRM MISC |
xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | 2022-04-08 | 5 | CVE-2022-24819 CONFIRM MISC |
os4ed — opensis | Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | 2022-04-11 | 5 | CVE-2022-27041 MISC |
movie_seat_reservation_project — movie_seat_reservation | Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | 2022-04-08 | 5 | CVE-2022-28002 MISC MISC |
reprisesoftware — reprise_license_manager | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | 2022-04-09 | 5 | CVE-2022-28365 MISC MISC MISC |
zyxel — vmg3312-t20a_firmware | A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. | 2022-04-11 | 4.9 | CVE-2022-26414 CONFIRM |
dell — emc_unity_operating_environment | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | 2022-04-08 | 4.6 | CVE-2021-36290 MISC |
dell — emc_unity_operating_environment | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. | 2022-04-08 | 4.6 | CVE-2021-36293 MISC |
ivanti — dsm_remote | Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | 2022-04-11 | 4.6 | CVE-2022-27088 MISC |
pickplugins — post_grid | The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form | 2022-04-11 | 4.3 | CVE-2021-24986 MISC |
heateor — super_socializer | The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. | 2022-04-11 | 4.3 | CVE-2021-24987 MISC |
webmin — webmin | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | 2022-04-11 | 4.3 | CVE-2021-32158 MISC |
webmin — webmin | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | 2022-04-11 | 4.3 | CVE-2021-32160 MISC |
webmin — webmin | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | 2022-04-11 | 4.3 | CVE-2021-32161 MISC |
baijiacms_project — baijiacms | An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password. | 2022-04-11 | 4.3 | CVE-2021-34250 MISC |
opservices — opmon | A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. | 2022-04-08 | 4.3 | CVE-2021-43009 MISC MISC |
thimpress — learnpress | The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | 2022-04-11 | 4.3 | CVE-2022-0271 MISC |
presscustomizr — nimble_page_builder | The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-04-11 | 4.3 | CVE-2022-0314 MISC |
realfavicongenerator — favicon_by_realfavicongenerator | The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue | 2022-04-11 | 4.3 | CVE-2022-0471 MISC CONFIRM |
wpvivid — migration\,_backup\,_staging | The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting | 2022-04-11 | 4.3 | CVE-2022-0531 MISC |
atlasgondal — export_all_urls | The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-04-11 | 4.3 | CVE-2022-0892 MISC |
atlasgondal — export_all_urls | The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example | 2022-04-11 | 4.3 | CVE-2022-0914 MISC |
elbtide — advanced_booking_calendar | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | 2022-04-11 | 4.3 | CVE-2022-1007 MISC CONFIRM |
radare — radare2 | NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash). | 2022-04-08 | 4.3 | CVE-2022-1283 CONFIRM MISC |
radare — radare2 | heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | 2022-04-08 | 4.3 | CVE-2022-1284 CONFIRM MISC |
school_club_application_system_project — school_club_application_system | A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. | 2022-04-09 | 4.3 | CVE-2022-1288 N/A |
onlyoffice — document_server | A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | 2022-04-08 | 4.3 | CVE-2022-24229 MISC MISC MISC |
icehrm — icehrm | A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. | 2022-04-08 | 4.3 | CVE-2022-26588 MISC MISC |
getbootstrap — bootstrap | Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. | 2022-04-08 | 4.3 | CVE-2022-26624 MISC MISC |
asana — desktop | Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | 2022-04-09 | 4.3 | CVE-2022-26877 MISC CONFIRM |
aerocms_project — aerocms | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | 2022-04-08 | 4.3 | CVE-2022-27063 MISC MISC MISC |
zbzcms — zbzcms | zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. | 2022-04-10 | 4.3 | CVE-2022-27125 MISC |
gpac — gpac | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | 2022-04-08 | 4.3 | CVE-2022-27145 MISC |
gpac — gpac | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | 2022-04-08 | 4.3 | CVE-2022-27146 MISC |
gpac — gpac | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. | 2022-04-08 | 4.3 | CVE-2022-27147 MISC |
gpac — gpac | GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | 2022-04-08 | 4.3 | CVE-2022-27148 MISC |
reprisesoftware — reprise_license_manager | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | 2022-04-09 | 4.3 | CVE-2022-28363 MISC MISC MISC |
kevinlab — 4st_l-bems | A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. | 2022-04-11 | 4 | CVE-2021-37293 MISC MISC |
webence — iq_block_country | The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to “Zip Slip” vulnerability. | 2022-04-11 | 4 | CVE-2022-0246 MISC |
online_banking_system_project — online_banking_system | Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. | 2022-04-08 | 4 | CVE-2022-27991 MISC |
jetbrains — ktor | In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren’t using SecureRandom implementations | 2022-04-11 | 4 | CVE-2022-29035 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wpsofts — portfolio_gallery\,_product_catalog_-_grid_kit_portfolio | The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed | 2022-04-11 | 3.5 | CVE-2021-25090 MISC |
premio — chaty | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | 2022-04-11 | 3.5 | CVE-2021-36846 CONFIRM CONFIRM |
sharethis — social_media_feather | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 2022-04-11 | 3.5 | CVE-2021-36848 CONFIRM CONFIRM |
wpdarko — responsive_tabs | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | 2022-04-11 | 3.5 | CVE-2021-36893 CONFIRM CONFIRM |
w3eden — pricing_table | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | 2022-04-11 | 3.5 | CVE-2021-36896 CONFIRM CONFIRM |
wp-appbox_project — wp-appbox | Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | 2022-04-11 | 3.5 | CVE-2021-36910 CONFIRM CONFIRM |
ibm — curam_social_program_management | IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. | 2022-04-11 | 3.5 | CVE-2021-39068 XF CONFIRM |
zzcms — zzcms | An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | 2022-04-08 | 3.5 | CVE-2021-46437 MISC |
pickplugins — post_grid | The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting | 2022-04-11 | 3.5 | CVE-2022-0447 MISC |
pootlepress — easy_smooth_scroll_links | The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-04-11 | 3.5 | CVE-2022-0728 MISC |
cybernetikz — easy_social_icons | The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | 2022-04-11 | 3.5 | CVE-2022-0840 MISC |
autolabproject — autolab | Cross-site Scripting (XSS) – Stored in GitHub repository autolab/autolab prior to 2.8.0. | 2022-04-11 | 3.5 | CVE-2022-0936 MISC CONFIRM |
vertistudio — image_optimization_\&_lazy_load_by_optimole | The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its “Lazyload background images for selectors” settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | 2022-04-11 | 3.5 | CVE-2022-0969 CONFIRM MISC |
trudesk_project — trudesk | Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | 2022-04-11 | 3.5 | CVE-2022-1045 CONFIRM MISC |
tableexport.jquery.plugin_project — tableexport.jquery.plugin | XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers | 2022-04-10 | 3.5 | CVE-2022-1291 CONFIRM MISC |
ivanti — incapptic_connect | An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | 2022-04-11 | 3.5 | CVE-2022-22571 MISC MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | 2022-04-08 | 3.5 | CVE-2022-27062 MISC MISC MISC |
jflyfox — jfinal_cms | Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | 2022-04-11 | 3.5 | CVE-2022-27111 MISC |
thedaylightstudio — fuel_cms | Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | 2022-04-11 | 3.5 | CVE-2022-27156 MISC |
socialcodia — social_codia_sms | Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | 2022-04-08 | 3.5 | CVE-2022-27348 MISC MISC MISC |
ofcms_project — ofcms | A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. | 2022-04-10 | 3.5 | CVE-2022-27961 MISC |
reprisesoftware — reprise_license_manager | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | 2022-04-09 | 3.5 | CVE-2022-28364 MISC MISC MISC |
roku — roku_os | Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | 2022-04-08 | 2.7 | CVE-2022-27152 MISC |
dell — emc_powerscale_onefs | Dell EMC Powerscale OneFS 8.2.x – 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. | 2022-04-08 | 2.1 | CVE-2022-22563 MISC MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. | 2022-04-08 | 2.1 | CVE-2022-26855 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
python — python |
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). | 2022-04-13 | not yet calculated | CVE-2015-20107 MISC MISC |
scheider_electric — sut_service |
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0) | 2022-04-13 | not yet calculated | CVE-2019-6834 MISC |
bbraun — melsungen_ag_spacecom |
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | 2022-04-14 | not yet calculated | CVE-2020-16238 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | 2022-04-14 | not yet calculated | CVE-2020-25150 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. | 2022-04-14 | not yet calculated | CVE-2020-25152 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | 2022-04-14 | not yet calculated | CVE-2020-25154 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. | 2022-04-14 | not yet calculated | CVE-2020-25156 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | 2022-04-14 | not yet calculated | CVE-2020-25158 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. | 2022-04-14 | not yet calculated | CVE-2020-25160 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. | 2022-04-14 | not yet calculated | CVE-2020-25162 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. | 2022-04-14 | not yet calculated | CVE-2020-25164 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. | 2022-04-14 | not yet calculated | CVE-2020-25166 CONFIRM CONFIRM |
bbraun — melsungen_ag_spacecom |
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. | 2022-04-14 | not yet calculated | CVE-2020-25168 CONFIRM CONFIRM |
fossies — froxlor |
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. | 2022-04-13 | not yet calculated | CVE-2020-29653 MISC MISC MISC |
android — android |
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114 | 2022-04-12 | not yet calculated | CVE-2021-0694 MISC |
android — android |
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel | 2022-04-12 | not yet calculated | CVE-2021-0707 MISC |
accusoft — imagegear |
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21914 MISC |
accusoft — imagegear |
A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21938 MISC |
accusoft — imagegear |
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21939 MISC |
accusoft — imagegear |
An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21942 MISC |
accusoft — imagegear |
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21943 MISC |
accusoft — imagegear |
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder | 2022-04-14 | not yet calculated | CVE-2021-21944 MISC |
accusoft — imagegear |
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder | 2022-04-14 | not yet calculated | CVE-2021-21945 MISC |
accusoft — imagegear |
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder | 2022-04-14 | not yet calculated | CVE-2021-21946 MISC |
accusoft — imagegear |
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder | 2022-04-14 | not yet calculated | CVE-2021-21947 MISC |
anycubic — chitubox_anycubic_plugin |
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21948 MISC |
accusoft — imagegear |
An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21949 MISC |
cloudlinux_inc — imunify360 |
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21956 MISC |
sealevel_systems — seaconnect_370w |
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-21967 MISC |
vmware — photon |
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. | 2022-04-11 | not yet calculated | CVE-2021-22055 MISC |
schneider_electric — struxureware_data_center_expert |
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | 2022-04-13 | not yet calculated | CVE-2021-22794 MISC |
schneider_electric — struxureware_data_center_expert |
A CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | 2022-04-13 | not yet calculated | CVE-2021-22795 MISC |
schneider_electric — ecostruxure_control_expert |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions) | 2022-04-13 | not yet calculated | CVE-2021-22797 MISC |
arista — eos |
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | 2022-04-14 | not yet calculated | CVE-2021-28505 MISC |
apache — subversion_svn |
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal ‘copyfrom’ paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the ‘copyfrom’ path of the original. This also reveals the fact that the node was copied. Only the ‘copyfrom’ path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. | 2022-04-12 | not yet calculated | CVE-2021-28544 MISC DEBIAN |
apache — struts |
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{…} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. | 2022-04-12 | not yet calculated | CVE-2021-31805 MISC MLIST |
mongodb — mongodb |
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16. | 2022-04-12 | not yet calculated | CVE-2021-32040 MISC MISC MISC |
johnson_controls — metasys |
Under certain circumstances the session token is not cleared on logout. | 2022-04-15 | not yet calculated | CVE-2021-36205 CERT CONFIRM |
wordpress — wp_maintenance_(wordpress_plugin) |
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs. | 2022-04-15 | not yet calculated | CVE-2021-36828 CONFIRM CONFIRM |
caldera — calderalwp_license_manager_(wordpress_plugin) |
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | 2022-04-12 | not yet calculated | CVE-2021-36914 CONFIRM CONFIRM |
microfocus — operations_bridge |
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. | 2022-04-11 | not yet calculated | CVE-2021-38125 MISC |
android — android |
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 | 2022-04-12 | not yet calculated | CVE-2021-39794 MISC |
android — android |
In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app’s dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-201667614 | 2022-04-12 | not yet calculated | CVE-2021-39795 MISC |
android — android |
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 | 2022-04-12 | not yet calculated | CVE-2021-39796 MISC |
android — android |
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 | 2022-04-12 | not yet calculated | CVE-2021-39797 MISC |
android — android |
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612 | 2022-04-12 | not yet calculated | CVE-2021-39798 MISC |
android — android |
In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 | 2022-04-12 | not yet calculated | CVE-2021-39799 MISC |
android — android |
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel | 2022-04-12 | not yet calculated | CVE-2021-39800 MISC |
android — android |
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel | 2022-04-12 | not yet calculated | CVE-2021-39801 MISC |
android — android |
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel | 2022-04-12 | not yet calculated | CVE-2021-39802 MISC |
android — android |
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350 | 2022-04-12 | not yet calculated | CVE-2021-39803 MISC |
android — android |
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587 | 2022-04-12 | not yet calculated | CVE-2021-39804 MISC |
android — android |
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559 | 2022-04-12 | not yet calculated | CVE-2021-39805 MISC |
android — android |
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496 | 2022-04-12 | not yet calculated | CVE-2021-39807 MISC |
android — android |
In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 | 2022-04-12 | not yet calculated | CVE-2021-39808 MISC |
android — android |
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 | 2022-04-12 | not yet calculated | CVE-2021-39809 MISC |
android — android |
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A | 2022-04-12 | not yet calculated | CVE-2021-39812 MISC |
android — android |
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A | 2022-04-12 | not yet calculated | CVE-2021-39814 MISC |
simatic — s7-400_h |
A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. | 2022-04-12 | not yet calculated | CVE-2021-40368 CONFIRM |
kaseya_unitrends — client/agent |
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | 2022-04-15 | not yet calculated | CVE-2021-40386 MISC |
moxa — mxview_series | An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40390 MISC |
moxa — mxview_series |
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40392 MISC |
accusoft — imagegear |
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40398 MISC |
gerbv — gerbv |
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40400 MISC |
gerbv — gerbv |
An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40402 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40405 MISC |
swiftsensors — gateway_sg3-1010 |
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40422 MISC |
webroot –secure_anywhere |
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40424 MISC |
webroot_secure_anywhere |
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40425 MISC |
soundexchange — libsox |
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-40426 MISC |
redhat– openshift |
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | 2022-04-11 | not yet calculated | CVE-2021-4047 MISC |
arubanetworks — instant_on_1930_switch_series |
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 2022-04-12 | not yet calculated | CVE-2021-41004 MISC |
arubanetworks — instant_on_1930_switch_series |
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 2022-04-12 | not yet calculated | CVE-2021-41005 MISC |
wire — wire_server |
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service for a heavily used server. The issue has been fixed in wire-server 2022-03-01 and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to 2022-03-01, so that their backends are no longer affected. There are no known workarounds for this issue. | 2022-04-13 | not yet calculated | CVE-2021-41119 MISC CONFIRM |
siemens — simatic_step_7 |
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | 2022-04-12 | not yet calculated | CVE-2021-42029 CONFIRM |
redcap — redcap |
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client’s browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. | 2022-04-13 | not yet calculated | CVE-2021-42136 MISC MISC MISC |
seowon — seowon_130_slc_router | Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. | 2022-04-15 | not yet calculated | CVE-2021-42230 MISC |
appguard — appguard_enterprise |
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | 2022-04-12 | not yet calculated | CVE-2021-42255 MISC MISC |
cms_made_simple — cms_made_simple |
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | 2022-04-13 | not yet calculated | CVE-2021-43154 MISC |
github — one_time_password |
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) | 2022-04-11 | not yet calculated | CVE-2021-43177 MISC |
mantisbt — mantisbt |
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | 2022-04-14 | not yet calculated | CVE-2021-43257 MISC MISC |
gocd — thoughtworks_gocd |
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL “Test Connection” feature to execute arbitrary code. | 2022-04-14 | not yet calculated | CVE-2021-43286 MISC MISC MISC MISC |
gocd — thoughtworks_gocd |
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | 2022-04-14 | not yet calculated | CVE-2021-43287 MISC MISC MISC |
gocd — thoughtworks_gocd |
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. | 2022-04-14 | not yet calculated | CVE-2021-43288 MISC MISC MISC |
gocd — thoughtworks_gocd |
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename. | 2022-04-14 | not yet calculated | CVE-2021-43289 MISC MISC MISC MISC |
gocd — thoughtworks_gocd |
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can’t control. | 2022-04-14 | not yet calculated | CVE-2021-43290 MISC MISC MISC MISC |
annexxus — i3_international_inc_annexxus_camera |
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the ‘UserPermission’ endpoint with the ID of created account and set it to ‘admin’ userType, successfully adding a second administrative account. | 2022-04-11 | not yet calculated | CVE-2021-43442 MISC |
sourcecodetester — sourcecodester_messaging_web_application |
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. | 2022-04-14 | not yet calculated | CVE-2021-43633 MISC MISC |
cmsimple — cms_made_simple_5.4 | CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. | 2022-04-13 | not yet calculated | CVE-2021-43741 MISC MISC |
cmsimple — cms_made_simple_5.4 | CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. | 2022-04-13 | not yet calculated | CVE-2021-43742 MISC MISC |
reolink — reolink_rlc_410W | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44354 MISC |
reolink — reolink_rlc_410W |
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44355 MISC |
reolink — reolink_rlc_410W | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44356 MISC |
reolink — reolink_rlc_410W | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44357 MISC |
reolink — reolink_rlc_410W | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44366 MISC |
reolink — reolink_rlc_410W | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44375 MISC |
reolink — reolink_rlc_410W | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2021-44394 MISC |
yottadb — yottadb |
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. | 2022-04-15 | not yet calculated | CVE-2021-44481 MISC |
yottadb — yottadb |
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. | 2022-04-15 | not yet calculated | CVE-2021-44482 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. | 2022-04-15 | not yet calculated | CVE-2021-44483 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. | 2022-04-15 | not yet calculated | CVE-2021-44484 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. | 2022-04-15 | not yet calculated | CVE-2021-44485 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. | 2022-04-15 | not yet calculated | CVE-2021-44486 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. | 2022-04-15 | not yet calculated | CVE-2021-44487 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. | 2022-04-15 | not yet calculated | CVE-2021-44488 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a “- digs” subtraction. | 2022-04-15 | not yet calculated | CVE-2021-44489 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a “- (digs < 1 ? 1 : digs)” subtraction. | 2022-04-15 | not yet calculated | CVE-2021-44490 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs– calculation. | 2022-04-15 | not yet calculated | CVE-2021-44491 MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. | 2022-04-15 | not yet calculated | CVE-2021-44492 MISC MISC MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. | 2022-04-15 | not yet calculated | CVE-2021-44493 MISC MISC MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. | 2022-04-15 | not yet calculated | CVE-2021-44494 MISC MISC MISC |
yottadb — yottadb | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. | 2022-04-15 | not yet calculated | CVE-2021-44495 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution. | 2022-04-15 | not yet calculated | CVE-2021-44496 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop. | 2022-04-15 | not yet calculated | CVE-2021-44497 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. | 2022-04-15 | not yet calculated | CVE-2021-44498 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. | 2022-04-15 | not yet calculated | CVE-2021-44499 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. | 2022-04-15 | not yet calculated | CVE-2021-44500 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. | 2022-04-15 | not yet calculated | CVE-2021-44501 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. | 2022-04-15 | not yet calculated | CVE-2021-44502 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault. | 2022-04-15 | not yet calculated | CVE-2021-44503 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault. | 2022-04-15 | not yet calculated | CVE-2021-44504 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. | 2022-04-15 | not yet calculated | CVE-2021-44505 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. | 2022-04-15 | not yet calculated | CVE-2021-44506 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. | 2022-04-15 | not yet calculated | CVE-2021-44507 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. | 2022-04-15 | not yet calculated | CVE-2021-44508 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. | 2022-04-15 | not yet calculated | CVE-2021-44509 MISC MISC MISC |
yottadb — fis_gtm | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. | 2022-04-15 | not yet calculated | CVE-2021-44510 MISC MISC MISC |
citrix — citrix_xenmobileserver |
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | 2022-04-13 | not yet calculated | CVE-2021-44520 MISC MISC MISC |
coins — coins_contruction_cloud | An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. | 2022-04-14 | not yet calculated | CVE-2021-45227 MISC MISC |
coins — coins_contruction_cloud | An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. | 2022-04-14 | not yet calculated | CVE-2021-45228 MISC MISC |
wizplat — wizplat_PD065 |
An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | 2022-04-13 | not yet calculated | CVE-2021-46167 MISC MISC MISC MISC |
palo_alto_networks — pan_os |
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2. | 2022-04-13 | not yet calculated | CVE-2022-0023 MISC |
wordpress — visual_form_ builder_wordpress |
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. | 2022-04-12 | not yet calculated | CVE-2022-0140 MISC |
wordpress — visual_form_ builder_wordpress | The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | 2022-04-12 | not yet calculated | CVE-2022-0141 MISC |
wordpress — visual_form_ builder_wordpress | The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 2022-04-12 | not yet calculated | CVE-2022-0142 MISC |
schneider_electric — scadapack_ workbench |
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior) | 2022-04-13 | not yet calculated | CVE-2022-0221 MISC |
github — grunt | Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | 2022-04-12 | not yet calculated | CVE-2022-0436 CONFIRM MISC |
netty — netty_codec_http_maven_package |
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11. | 2022-04-11 | not yet calculated | CVE-2022-0552 MISC MISC MISC |
aveva — aveva_system_platform | AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. | 2022-04-11 | not yet calculated | CVE-2022-0835 CONFIRM CONFIRM |
homeplug_green_phy — combined_charging_system |
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards. | 2022-04-12 | not yet calculated | CVE-2022-0878 CONFIRM |
windows — logitech_sync |
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. | 2022-04-12 | not yet calculated | CVE-2022-0915 MISC |
myscada — mypro | An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | 2022-04-11 | not yet calculated | CVE-2022-0999 CONFIRM |
lifepoint_informatics — patient_portal |
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. | 2022-04-11 | not yet calculated | CVE-2022-1067 MISC |
gitlab — ce/ee |
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged | 2022-04-11 | not yet calculated | CVE-2022-1157 MISC CONFIRM |
rockwell_automation — logix_controllers |
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. | 2022-04-11 | not yet calculated | CVE-2022-1161 MISC |
gitlab — ce/ee |
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 10.8 prior to 14.8.5, and 10.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | 2022-04-11 | not yet calculated | CVE-2022-1193 CONFIRM MISC MISC |
gitbug — plantuml |
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running). | 2022-04-15 | not yet calculated | CVE-2022-1231 MISC CONFIRM |
mcafee_agent — windows | A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user’s %TEMP% directory with System privileges through manipulation of symbolic links. | 2022-04-14 | not yet calculated | CVE-2022-1256 CONFIRM |
mcafee_agent — linux_macos_windows | Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. | 2022-04-14 | not yet calculated | CVE-2022-1257 CONFIRM |
mcafee_agent — epolicy_orchestrator | A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | 2022-04-14 | not yet calculated | CVE-2022-1258 CONFIRM |
tenable — d_link_routers | A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | 2022-04-11 | not yet calculated | CVE-2022-1262 MISC |
java_client — ebics |
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. | 2022-04-14 | not yet calculated | CVE-2022-1279 CONFIRM |
linux — drivers_gpu_drm_drm_lease.c | A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. | 2022-04-13 | not yet calculated | CVE-2022-1280 MISC MISC |
github — mruby_mruby | heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 2022-04-10 | not yet calculated | CVE-2022-1286 CONFIRM MISC |
tildearrow — furnace | A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. | 2022-04-10 | not yet calculated | CVE-2022-1289 MISC MISC MISC |
github — polonel_trudesk | Stored XSS in “Name”, “Group Name” & “Title” in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. | 2022-04-10 | not yet calculated | CVE-2022-1290 MISC CONFIRM |
mz_automation — liblec61850 | In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | 2022-04-12 | not yet calculated | CVE-2022-1302 CONFIRM |
e2sprogs — e2sprogs | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | 2022-04-14 | not yet calculated | CVE-2022-1304 MISC |
github — zerotierone |
ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | 2022-04-11 | not yet calculated | CVE-2022-1316 CONFIRM MISC |
mutt — uudecoder |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | 2022-04-14 | not yet calculated | CVE-2022-1328 MISC MISC CONFIRM MLIST |
github — alvarotrigo/fullpage.js | stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss . | 2022-04-12 | not yet calculated | CVE-2022-1330 MISC CONFIRM |
mattermost — api |
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | 2022-04-13 | not yet calculated | CVE-2022-1332 MISC |
mattermost _playbooks — webhooks |
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. | 2022-04-13 | not yet calculated | CVE-2022-1333 MISC |
mattermost — image_proxy_component | The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | 2022-04-13 | not yet calculated | CVE-2022-1337 MISC |
github — elementcontroller.php | SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | 2022-04-13 | not yet calculated | CVE-2022-1339 CONFIRM MISC |
github — stored_xss | Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. | 2022-04-13 | not yet calculated | CVE-2022-1344 CONFIRM MISC |
github — stored_xss | Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. | 2022-04-13 | not yet calculated | CVE-2022-1345 CONFIRM MISC |
github — stored_xss | Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. | 2022-04-13 | not yet calculated | CVE-2022-1346 CONFIRM MISC |
github — stored_xss | Stored XSS in the “Username” & “Email” input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation | 2022-04-13 | not yet calculated | CVE-2022-1347 MISC CONFIRM |
ghostpcl — gsmchunk.c | A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. | 2022-04-14 | not yet calculated | CVE-2022-1350 MISC MISC MISC |
github — stored_xss | Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. | 2022-04-14 | not yet calculated | CVE-2022-1351 CONFIRM MISC |
github — lquixada/cross_fetch | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | 2022-04-15 | not yet calculated | CVE-2022-1365 MISC CONFIRM |
github — snipe/snipe_it | Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie. | 2022-04-16 | not yet calculated | CVE-2022-1380 CONFIRM MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658. | 2022-04-11 | not yet calculated | CVE-2022-20065 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729. | 2022-04-11 | not yet calculated | CVE-2022-20066 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585. | 2022-04-11 | not yet calculated | CVE-2022-20067 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907. | 2022-04-11 | not yet calculated | CVE-2022-20068 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160425; Issue ID: ALPS06160425. | 2022-04-11 | not yet calculated | CVE-2022-20069 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID: ALPS06362920. | 2022-04-11 | not yet calculated | CVE-2022-20070 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315. | 2022-04-11 | not yet calculated | CVE-2022-20071 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. | 2022-04-11 | not yet calculated | CVE-2022-20072 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. | 2022-04-11 | not yet calculated | CVE-2022-20073 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301. | 2022-04-11 | not yet calculated | CVE-2022-20074 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808. | 2022-04-11 | not yet calculated | CVE-2022-20075 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. | 2022-04-11 | not yet calculated | CVE-2022-20076 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. | 2022-04-11 | not yet calculated | CVE-2022-20077 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. | 2022-04-11 | not yet calculated | CVE-2022-20078 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. | 2022-04-11 | not yet calculated | CVE-2022-20079 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. | 2022-04-11 | not yet calculated | CVE-2022-20080 MISC |
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets | In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919. | 2022-04-11 | not yet calculated | CVE-2022-20081 MISC |
cisco — embedded_wireless_controller |
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. | 2022-04-15 | not yet calculated | CVE-2022-20622 CISCO |
cisco — catalyst_digital_building_series_and_catalyst_micro_switches | Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20661 CISCO |
cisco — tool_command_language |
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. | 2022-04-15 | not yet calculated | CVE-2022-20676 CISCO |
cisco — iox_application_hosting_environment |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20677 CISCO |
cisco — appnav_xe |
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. | 2022-04-15 | not yet calculated | CVE-2022-20678 CISCO |
cisco — ipsec_decryption_routine |
A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit. | 2022-04-15 | not yet calculated | CVE-2022-20679 CISCO |
cisco — catalyst_9000_family_switches_and_catalyst_9000_family_wireless_controllers |
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device. | 2022-04-15 | not yet calculated | CVE-2022-20681 CISCO |
cisco — control_and_provisioning_of_wireless_access_points |
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. | 2022-04-15 | not yet calculated | CVE-2022-20682 CISCO |
cisco — application_visibility_and_control |
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition. | 2022-04-15 | not yet calculated | CVE-2022-20683 CISCO |
cisco — simple_network_management_protocol |
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-04-15 | not yet calculated | CVE-2022-20684 CISCO |
cisco — netconf | A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device. | 2022-04-15 | not yet calculated | CVE-2022-20692 CISCO |
cisco — ui | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | 2022-04-15 | not yet calculated | CVE-2022-20693 CISCO |
cisco — resource_public_key_infrastructure | A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. | 2022-04-15 | not yet calculated | CVE-2022-20694 CISCO |
cisco — wireless_lan_controller | A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20695 CISCO |
cisco — web_services_interface | A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-04-15 | not yet calculated | CVE-2022-20697 CISCO |
cisco — data_plane_microcode_of_lightspeed_plus_line_cards | A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card. | 2022-04-15 | not yet calculated | CVE-2022-20714 CISCO |
cisco — cli_of_cisco_sd_wan_software |
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | 2022-04-15 | not yet calculated | CVE-2022-20716 CISCO |
cisco — netconf_process_of_ cisco_sd_wan_vedge_ routers | A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. | 2022-04-15 | not yet calculated | CVE-2022-20717 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20718 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20719 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20720 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20721 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20722 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20723 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20724 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20725 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20726 CISCO |
cisco — iox_application_hosting_environment | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20727 CISCO |
cisco — catalyst_digital_building_series_switches_and_cisco_catalyst_micro_switches |
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-04-15 | not yet calculated | CVE-2022-20731 CISCO |
cisco — sd_wan_vmanage_software | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. | 2022-04-15 | not yet calculated | CVE-2022-20735 CISCO |
cisco — sd_wan_vmanage_software | A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. | 2022-04-15 | not yet calculated | CVE-2022-20739 CISCO |
cisco — history_api_of_cisco_sd_wan_vmanage_software | A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. | 2022-04-15 | not yet calculated | CVE-2022-20747 CISCO |
cisco — border_gateway_protocol_ethernet_vpn |
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP updates only from explicitly defined peers. For this vulnerability to be exploited, the malicious BGP update message must either come from a configured, valid BGP peer or be injected by the attacker into the affected BGP network on an existing, valid TCP connection to a BGP peer. | 2022-04-15 | not yet calculated | CVE-2022-20758 CISCO |
cisco — 1000_series_connected_grid_router |
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. | 2022-04-15 | not yet calculated | CVE-2022-20761 CISCO |
lansweeper — webuseractions.aspx |
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2022-21145 MISC CONFIRM |
leadtools — fltsavecmp |
An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2022-21154 MISC CONFIRM |
fernhill_scada_server_version — fhsvrservice.exe | A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. | 2022-04-12 | not yet calculated | CVE-2022-21155 MISC |
mz_automation_gmbh_libiec61850 — parsenormalmodeparameters | A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-21159 MISC CONFIRM MISC |
fuji_electric — alpha5 | The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. | 2022-04-12 | not yet calculated | CVE-2022-21168 MISC |
fuji_electric — alpha5 | The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. | 2022-04-12 | not yet calculated | CVE-2022-21202 MISC |
lansweeper — assetactions.aspx |
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2022-21210 MISC CONFIRM |
fuji_electric — alpha5 | The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. | 2022-04-12 | not yet calculated | CVE-2022-21214 MISC |
fuji_electric — alpha5 | The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 2022-04-12 | not yet calculated | CVE-2022-21228 MISC |
lansweeper — echoassets.aspx | An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2022-21234 MISC CONFIRM |
nconf — json |
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype. | 2022-04-12 | not yet calculated | CVE-2022-21803 MISC MISC MISC MISC |
microsoft — windows | Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. | 2022-04-15 | not yet calculated | CVE-2022-21983 N/A |
microsoft — windows | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. | 2022-04-15 | not yet calculated | CVE-2022-22008 N/A |
microsoft — windows | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. | 2022-04-15 | not yet calculated | CVE-2022-22009 N/A |
lansweeper — lansweeper |
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2022-22149 MISC CONFIRM |
junos — web_juniper_networks | A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim’s browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | 2022-04-14 | not yet calculated | CVE-2022-22181 CONFIRM |
junos — web_juniper_networks | A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. | 2022-04-14 | not yet calculated | CVE-2022-22182 CONFIRM |
junos — web_juniper_networks | An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | 2022-04-14 | not yet calculated | CVE-2022-22183 CONFIRM |
junos — web_juniper_networks | A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when ‘preserve-incoming-fragment-size’ feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1. | 2022-04-14 | not yet calculated | CVE-2022-22185 CONFIRM |
junos — web_juniper_networks | Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1. | 2022-04-14 | not yet calculated | CVE-2022-22186 CONFIRM |
windows_installer — improper_privilege_management_vulnerability |
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. | 2022-04-14 | not yet calculated | CVE-2022-22187 CONFIRM |
junos_os — packet_forwarding_engine |
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1. | 2022-04-14 | not yet calculated | CVE-2022-22188 CONFIRM |
junos_os — juniper_networks_ contrail_service_ orchestration |
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. | 2022-04-14 | not yet calculated | CVE-2022-22189 CONFIRM |
junos_os — juniper_networks_paragon_active_assurance_ control_center |
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0. | 2022-04-14 | not yet calculated | CVE-2022-22190 CONFIRM |
junos_os — juniper_networks_junosos |
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. | 2022-04-14 | not yet calculated | CVE-2022-22191 CONFIRM |
junos_os — routing_protocol_daemon | An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO. | 2022-04-14 | not yet calculated | CVE-2022-22193 CONFIRM |
junos_os — packetio_daemon | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS. | 2022-04-14 | not yet calculated | CVE-2022-22194 CONFIRM |
junos_os — juniper_networks | An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. | 2022-04-14 | not yet calculated | CVE-2022-22195 CONFIRM |
junos_os — routing_protocol_daemon | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. | 2022-04-14 | not yet calculated | CVE-2022-22196 CONFIRM |
junos_os — routing_protocol_daemon | An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO. | 2022-04-14 | not yet calculated | CVE-2022-22197 CONFIRM |
junos_os — sip_alg | An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1. | 2022-04-14 | not yet calculated | CVE-2022-22198 CONFIRM |
huawei — android | The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. | 2022-04-11 | not yet calculated | CVE-2022-22253 MISC MISC |
huawei — android | A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | 2022-04-11 | not yet calculated | CVE-2022-22254 MISC MISC |
huawei — android |
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. | 2022-04-11 | not yet calculated | CVE-2022-22255 MISC MISC |
huawei — android | The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 2022-04-11 | not yet calculated | CVE-2022-22256 MISC MISC |
huawei — android | The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | 2022-04-11 | not yet calculated | CVE-2022-22257 MISC MISC |
huawei — android | The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. | 2022-04-11 | not yet calculated | CVE-2022-22258 MISC MISC |
SMA — SMA |
** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. | 2022-04-13 | not yet calculated | CVE-2022-22279 CONFIRM |
IBM — aspera_high_speed_ transfer | IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. | 2022-04-14 | not yet calculated | CVE-2022-22391 XF CONFIRM |
sap — business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform – versions 420, 430, may allow legitimate users to access information they shouldn’t see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn’t or don’t need to have access. | 2022-04-12 | not yet calculated | CVE-2022-22541 MISC MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. | 2022-04-12 | not yet calculated | CVE-2022-22549 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. | 2022-04-12 | not yet calculated | CVE-2022-22550 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. | 2022-04-12 | not yet calculated | CVE-2022-22559 MISC |
dell — powerscale_onefs | Dell EMC PowerScale OneFS 8.1.x – 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. | 2022-04-12 | not yet calculated | CVE-2022-22560 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | 2022-04-12 | not yet calculated | CVE-2022-22561 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. | 2022-04-12 | not yet calculated | CVE-2022-22562 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. | 2022-04-12 | not yet calculated | CVE-2022-22565 MISC |
ivanti — incapptic_connect |
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. | 2022-04-11 | not yet calculated | CVE-2022-22572 MISC MISC |
vmware — workspace_one_access_and_ identity_manager | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | 2022-04-11 | not yet calculated | CVE-2022-22954 MISC |
vmware — workspace_one_access | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | 2022-04-13 | not yet calculated | CVE-2022-22955 MISC |
vmware — workspace_one_access | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | 2022-04-13 | not yet calculated | CVE-2022-22956 MISC |
vmware — workspace_one_access_identity_manager_and_vrealize_automation | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | 2022-04-13 | not yet calculated | CVE-2022-22957 MISC |
vmware — workspace_one_access_identity_manager_and_vrealize_automation | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | 2022-04-13 | not yet calculated | CVE-2022-22958 MISC |
vmware — workspace_one_access_identity_manager_and_vrealize_automation | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. | 2022-04-13 | not yet calculated | CVE-2022-22959 MISC |
vmware — workspace_one_access_identity_manager_and_vrealize_automation | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to ‘root’. | 2022-04-13 | not yet calculated | CVE-2022-22960 MISC |
vmware — workspace_one_access_identity_manager_and_vrealize_automation | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. | 2022-04-13 | not yet calculated | CVE-2022-22961 MISC |
vmware — horizon_client_for_linux |
VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. | 2022-04-11 | not yet calculated | CVE-2022-22962 MISC |
vmware — horizon_client_for_linux | VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | 2022-04-11 | not yet calculated | CVE-2022-22964 MISC |
vmware — cloud_director |
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. | 2022-04-14 | not yet calculated | CVE-2022-22966 MISC |
vmware — spring_framework |
In Spring Framework versions 5.3.0 – 5.3.18, 5.2.0 – 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. | 2022-04-14 | not yet calculated | CVE-2022-22968 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, 8.2.2 – 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. | 2022-04-12 | not yet calculated | CVE-2022-23159 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. | 2022-04-12 | not yet calculated | CVE-2022-23160 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.x – 9.3.0.x contains a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. (of course this is temporary and will need to be adapted/reviewed as we determine the CWE with Srisimha Tummala ‘s help) | 2022-04-12 | not yet calculated | CVE-2022-23161 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | 2022-04-12 | not yet calculated | CVE-2022-23163 MISC |
spring_by_vmware — spring_framework | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537. | 2022-04-15 | not yet calculated | CVE-2022-23257 N/A |
microsoft — windows | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-23259 N/A |
microsoft — windows | Windows Hyper-V Denial of Service Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-23268 N/A |
microsoft — windows | Microsoft Power BI Spoofing Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-23292 N/A |
simatic — energy_manager_basic_and_manager_pro |
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. | 2022-04-12 | not yet calculated | CVE-2022-23448 CONFIRM |
simatic — energy_manager_basic_and_manager_pro | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | 2022-04-12 | not yet calculated | CVE-2022-23449 CONFIRM |
simatic — energy_manager_basic_and_manager_pro | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. | 2022-04-12 | not yet calculated | CVE-2022-23450 CONFIRM |
hpe_superdome_flex — servers |
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. | 2022-04-12 | not yet calculated | CVE-2022-23702 MISC |
hpe — flash_arrays |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 | 2022-04-12 | not yet calculated | CVE-2022-23703 MISC |
nyron — nyron_1.0 |
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject ‘”> on the thes1 parameter. | 2022-04-15 | not yet calculated | CVE-2022-23865 MISC |
subversion — mod_dav_svn | Subversion’s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. | 2022-04-12 | not yet calculated | CVE-2022-24070 MISC MISC MISC DEBIAN |
ritecms — admin_panel | RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution. | 2022-04-12 | not yet calculated | CVE-2022-24247 MISC MISC |
ritecms — admin_panel | RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. | 2022-04-12 | not yet calculated | CVE-2022-24248 MISC MISC |
madlib_object — madlib_object_utils |
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676) | 2022-04-15 | not yet calculated | CVE-2022-24279 CONFIRM CONFIRM |
automox_agent — windows_and_linux_and version_36_on_osx | Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | 2022-04-13 | not yet calculated | CVE-2022-24308 MISC MISC |
fuji_electric — alpha_5 | The affected product is vulnerable to an out-of-bounds read, which may result in code execution | 2022-04-12 | not yet calculated | CVE-2022-24383 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. | 2022-04-12 | not yet calculated | CVE-2022-24411 MISC |
dell — powerscale_onefs |
Dell EMC PowerScale OneFS 8.2.x – 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. | 2022-04-12 | not yet calculated | CVE-2022-24412 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. | 2022-04-12 | not yet calculated | CVE-2022-24413 MISC |
microsoft — shaprepoint |
Microsoft SharePoint Server Spoofing Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24472 N/A |
microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901. | 2022-04-15 | not yet calculated | CVE-2022-24473 N/A |
windows — win32k |
Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. | 2022-04-15 | not yet calculated | CVE-2022-24474 N/A |
microsoft — windows |
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24479 N/A |
microsoft — windows | Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. | 2022-04-15 | not yet calculated | CVE-2022-24481 N/A |
microsoft — windows | Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540. | 2022-04-15 | not yet calculated | CVE-2022-24482 N/A |
microsoft — windows | Windows Kernel Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24483 N/A |
microsoft — windows | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24538, CVE-2022-26784. | 2022-04-15 | not yet calculated | CVE-2022-24484 N/A |
microsoft — windows | Win32 File Enumeration Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24485 N/A |
microsoft — windows | Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544. | 2022-04-15 | not yet calculated | CVE-2022-24486 N/A |
microsoft — windows | Windows Local Security Authority (LSA) Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24487 N/A |
microsoft — windows | Windows Desktop Bridge Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24488 N/A |
microsoft — windows | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24489 N/A |
microsoft — windows | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785. | 2022-04-15 | not yet calculated | CVE-2022-24490 N/A |
microsoft — windows | Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497. | 2022-04-15 | not yet calculated | CVE-2022-24491 N/A |
microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809. | 2022-04-15 | not yet calculated | CVE-2022-24492 N/A |
microsoft — windows | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24493 N/A |
microsoft — windows | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24494 N/A |
microsoft — windows | Windows Direct Show – Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24495 N/A |
microsoft — windows | Local Security Authority (LSA) Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24496 N/A |
microsoft — windows | Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491. | 2022-04-15 | not yet calculated | CVE-2022-24497 N/A |
microsoft — windows | Windows iSCSI Target Service Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24498 N/A |
microsoft — windows | Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530. | 2022-04-15 | not yet calculated | CVE-2022-24499 N/A |
microsoft — windows | Windows SMB Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24500 N/A |
microsoft — windows | Visual Studio Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24513 N/A |
microsoft — windows | Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481. | 2022-04-15 | not yet calculated | CVE-2022-24521 N/A |
microsoft — windows | Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24527 N/A |
microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809. | 2022-04-15 | not yet calculated | CVE-2022-24528 N/A |
microsoft — windows | Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499. | 2022-04-15 | not yet calculated | CVE-2022-24530 N/A |
microsoft — windows | HEVC Video Extensions Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24532 N/A |
microsoft — windows | Remote Desktop Protocol Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24533 N/A |
microsoft — windows | Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. | 2022-04-15 | not yet calculated | CVE-2022-24534 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-24536 N/A |
microsoft — windows | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257. | 2022-04-15 | not yet calculated | CVE-2022-24537 N/A |
microsoft — windows | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-26784. | 2022-04-15 | not yet calculated | CVE-2022-24538 N/A |
microsoft — windows | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785. | 2022-04-15 | not yet calculated | CVE-2022-24539 N/A |
microsoft — windows | Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24482. | 2022-04-15 | not yet calculated | CVE-2022-24540 N/A |
microsoft — windows | Windows Server Service Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24541 N/A |
microsoft — windows | Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474. | 2022-04-15 | not yet calculated | CVE-2022-24542 N/A |
microsoft — windows | Windows Upgrade Assistant Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24543 N/A |
microsoft — windows | Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486. | 2022-04-15 | not yet calculated | CVE-2022-24544 N/A |
microsoft — windows | Windows Kerberos Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24545 N/A |
microsoft — windows | Windows DWM Core Library Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24546 N/A |
microsoft — windows | Windows Digital Media Receiver Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24547 N/A |
microsoft — windows | Microsoft Defender Denial of Service Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24548 N/A |
microsoft — windows | Windows AppX Package Manager Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24549 N/A |
microsoft — windows | Windows Telephony Server Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-24550 N/A |
microsoft — got_for_windws | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | 2022-04-12 | not yet calculated | CVE-2022-24765 CONFIRM MISC MISC MLIST |
gitbub — git_for_windows |
GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | 2022-04-12 | not yet calculated | CVE-2022-24767 N/A |
ethereum — vyper |
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-04-13 | not yet calculated | CVE-2022-24788 MISC CONFIRM |
discourse — discourse |
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category’s permissions setting. | 2022-04-11 | not yet calculated | CVE-2022-24804 CONFIRM MISC |
grafana — grafana_enterprise |
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability. | 2022-04-12 | not yet calculated | CVE-2022-24812 CONFIRM MISC MISC |
jhipster — jhipster |
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option “reactive with Spring WebFlux” enabled and an SQL database using r2dbc. Applications created without “reactive with Spring WebFlux” and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reactive by default. Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria. This issue has been patched in v7.8.1. Users unable to upgrade should be careful when combining criterias and conditions as the root of the issue lies in the `EntityManager.java` class when creating the where clause via `Conditions.just(criteria.toString())`. `just` accepts the literal string provided. Criteria’s `toString` method returns a plain string and this combination is vulnerable to sql injection as the string is not sanitized and will contain whatever used passed as input using any plain SQL. | 2022-04-11 | not yet calculated | CVE-2022-24815 MISC MISC CONFIRM |
jai_ext — jai_api |
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath. | 2022-04-13 | not yet calculated | CVE-2022-24816 CONFIRM MISC |
geotools — geotools |
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings. | 2022-04-13 | not yet calculated | CVE-2022-24818 CONFIRM MISC |
xwiki_platform — xwiki |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | 2022-04-08 | not yet calculated | CVE-2022-24820 CONFIRM MISC |
discourse — discourse |
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. | 2022-04-14 | not yet calculated | CVE-2022-24824 MISC CONFIRM |
elide — elide |
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the ‘-‘ character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments (‘–‘) and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns. | 2022-04-11 | not yet calculated | CVE-2022-24827 CONFIRM MISC MISC |
composer — composer |
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json’s `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | 2022-04-13 | not yet calculated | CVE-2022-24828 MISC CONFIRM |
garden — garden | Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for serving the Garden dashboard. At the moment, this server is accessible to 0.0.0.0 which makes it accessible to anyone on the same network (or anyone on the internet if they are on a public, static IP). This may lead to the ability to compromise credentials, secrets or environment variables. Users are advised to upgrade to version 0.12.39 as soon as possible. Users unable to upgrade should use a firewall blocking access to port 9777 from all untrusted network machines. | 2022-04-11 | not yet calculated | CVE-2022-24829 CONFIRM MISC |
gocd — gocd | GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144. | 2022-04-11 | not yet calculated | CVE-2022-24832 MISC MISC MISC MISC MISC CONFIRM MISC MISC |
privatebin — provatenbin | PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called ZeroBin. The issue is caused by the fact that SVGs can contain JavaScript. This can allow an attacker to execute code, if the user opens a paste with a specifically crafted SVG attachment, and interacts with the preview image and the instance isn’t protected by an appropriate content security policy. Users are advised to either upgrade to version 1.4.0 or to ensure the content security policy of their instance is set correctly. | 2022-04-11 | not yet calculated | CVE-2022-24833 MISC CONFIRM |
nokogiri — nokogiri | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. | 2022-04-11 | not yet calculated | CVE-2022-24836 CONFIRM MISC |
hedgedoc — hedgedoc | HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads. | 2022-04-11 | not yet calculated | CVE-2022-24837 CONFIRM MISC MISC |
nextcloud — nextcloud_calendar | Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the `RCPT TO:<BOOKING USER’S EMAIL> ` SMTP command and begin injecting arbitrary SMTP commands. It is recommended that Calendar is upgraded to 3.2.2. There are no workaround available. | 2022-04-11 | not yet calculated | CVE-2022-24838 MISC CONFIRM MISC |
org.cyberneko.html — org.cyberneko.html | org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability. | 2022-04-11 | not yet calculated | CVE-2022-24839 MISC CONFIRM |
minio — minio | MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. This in turn allows the user to escalate privilege to that of the root user. This vulnerability has been resolved in pull request #14729 and is included in `RELEASE.2022-04-12T06-55-35Z`. Users unable to upgrade may workaround this issue by explicitly adding a `admin:CreateServiceAccount` deny policy, however, this, in turn, denies the user the ability to create their own service accounts as well. | 2022-04-12 | not yet calculated | CVE-2022-24842 CONFIRM MISC MISC |
gin_vue_admin — gin_vue_admin |
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue. | 2022-04-13 | not yet calculated | CVE-2022-24843 MISC CONFIRM MISC |
gin_vue_admin — gin_vue_admin |
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. | 2022-04-13 | not yet calculated | CVE-2022-24844 MISC CONFIRM |
ethereum — vyper |
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue. | 2022-04-13 | not yet calculated | CVE-2022-24845 CONFIRM MISC |
geowebcache — geowebcache | GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code execution. The lookups are going to be restricted in GeoWebCache 1.21.0, 1.20.2, 1.19.3. | 2022-04-14 | not yet calculated | CVE-2022-24846 CONFIRM |
geoserver — geoserver |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible. | 2022-04-13 | not yet calculated | CVE-2022-24847 CONFIRM |
discord — discatsharp |
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp’s development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`. | 2022-04-14 | not yet calculated | CVE-2022-24849 CONFIRM |
discourse — discourse |
Discourse is an open source platform for community discussion. A category’s group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem. | 2022-04-14 | not yet calculated | CVE-2022-24850 CONFIRM |
ldap_account_manager — ldap_account_manager |
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48×48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1. | 2022-04-15 | not yet calculated | CVE-2022-24851 MISC MISC CONFIRM |
metabase — metabase |
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. | 2022-04-14 | not yet calculated | CVE-2022-24853 MISC CONFIRM |
metabase — metabase |
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you’re unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected. | 2022-04-14 | not yet calculated | CVE-2022-24854 CONFIRM MISC |
metabase — metabase |
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. | 2022-04-14 | not yet calculated | CVE-2022-24855 CONFIRM MISC |
django_mfa — django_mfa | django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be bypassed. Users are affected if they have activated both django-mfa3 (< 0.5.0) and django.contrib.admin and have not taken any other measures to prevent users from accessing the admin login view. The issue has been fixed in django-mfa3 0.5.0. It is possible to work around the issue by overwriting the admin login route, e.g. by adding the following URL definition *before* the admin routes: url(‘admin/login/’, lambda request: redirect(settings.LOGIN_URL) | 2022-04-15 | not yet calculated | CVE-2022-24857 MISC MISC CONFIRM |
amazon — amazon_aws |
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service. | 2022-04-14 | not yet calculated | CVE-2022-25165 MISC MISC |
amazon — amazon_aws |
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user’s Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file. | 2022-04-14 | not yet calculated | CVE-2022-25166 MISC MISC |
wordpress — eroom_plugroom | Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | 2022-04-11 | not yet calculated | CVE-2022-25614 CONFIRM CONFIRM |
wordpress — eroom_plugroom | Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | 2022-04-11 | not yet calculated | CVE-2022-25615 CONFIRM CONFIRM |
seimens — simatic |
A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. | 2022-04-12 | not yet calculated | CVE-2022-25622 CONFIRM |
seimens — mendix |
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field. | 2022-04-12 | not yet calculated | CVE-2022-25650 CONFIRM |
seimens — scalance | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices. | 2022-04-12 | not yet calculated | CVE-2022-25751 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. | 2022-04-12 | not yet calculated | CVE-2022-25752 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device. | 2022-04-12 | not yet calculated | CVE-2022-25753 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | 2022-04-12 | not yet calculated | CVE-2022-25754 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. | 2022-04-12 | not yet calculated | CVE-2022-25755 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. | 2022-04-12 | not yet calculated | CVE-2022-25756 CONFIRM |
autodesk — autocad | A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 2022-04-11 | not yet calculated | CVE-2022-25789 MISC |
autodesk — autocad | A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution. | 2022-04-11 | not yet calculated | CVE-2022-25790 MISC |
autodesk — autocad | A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. | 2022-04-11 | not yet calculated | CVE-2022-25791 MISC |
autodesk — autocad | A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code. | 2022-04-11 | not yet calculated | CVE-2022-25792 MISC |
autodesk — fbx_review | An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-04-11 | not yet calculated | CVE-2022-25794 MISC |
pdftron — pdftron |
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code | 2022-04-13 | not yet calculated | CVE-2022-25795 MISC |
autodesk — navisworks | A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2022-04-11 | not yet calculated | CVE-2022-25796 MISC |
autodesk — trueview | A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. | 2022-04-13 | not yet calculated | CVE-2022-25797 MISC |
samsung — s_secure |
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | 2022-04-11 | not yet calculated | CVE-2022-25831 MISC |
samsung — s_secure | Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | 2022-04-11 | not yet calculated | CVE-2022-25832 MISC |
samsung — imsservice | Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. | 2022-04-11 | not yet calculated | CVE-2022-25833 MISC |
centrum — automation_design |
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server. | 2022-04-15 | not yet calculated | CVE-2022-26034 MISC MISC |
samsung — samsungcontacts |
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. | 2022-04-11 | not yet calculated | CVE-2022-26090 MISC |
samsung — samsungcontacts | Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. | 2022-04-11 | not yet calculated | CVE-2022-26091 MISC |
samsung — quram_agif | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | 2022-04-11 | not yet calculated | CVE-2022-26092 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-26093 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-26094 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-26095 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-26096 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-26097 MISC |
samsung — google_and_samsung | Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | 2022-04-11 | not yet calculated | CVE-2022-26098 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. | 2022-04-11 | not yet calculated | CVE-2022-26099 MISC |
sap — netweaver_enterprise_portal | SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2022-04-12 | not yet calculated | CVE-2022-26105 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-04-12 | not yet calculated | CVE-2022-26106 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-04-12 | not yet calculated | CVE-2022-26107 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-04-12 | not yet calculated | CVE-2022-26108 MISC MISC |
sap — 3d_visual_enterprise_viewer |
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-04-12 | not yet calculated | CVE-2022-26109 MISC MISC |
mantisbt — plugin |
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. | 2022-04-13 | not yet calculated | CVE-2022-26144 MISC |
citrix — xenmobile |
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10.14 through RP4 allows Command Injection. | 2022-04-13 | not yet calculated | CVE-2022-26151 MISC MISC |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices. | 2022-04-12 | not yet calculated | CVE-2022-26334 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices. | 2022-04-12 | not yet calculated | CVE-2022-26335 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device. | 2022-04-12 | not yet calculated | CVE-2022-26380 CONFIRM |
asterisk — asterisk |
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | 2022-04-15 | not yet calculated | CVE-2022-26498 MISC MISC MISC |
asterisk — asterisk |
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it’s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | 2022-04-15 | not yet calculated | CVE-2022-26499 MISC MISC MISC |
schneider_electric — ecostruxure |
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-04-14 | not yet calculated | CVE-2022-26507 MISC MISC |
pluck_cms — pluck_cms |
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | 2022-04-13 | not yet calculated | CVE-2022-26589 MISC MISC |
liferay — portal |
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field’s help text to (1) Forms module’s form builder, or (2) App Builder module’s object form view’s form builder. | 2022-04-15 | not yet calculated | CVE-2022-26594 MISC MISC |
easyio — cpt_graphics |
An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. | 2022-04-13 | not yet calculated | CVE-2022-26643 MISC MISC MISC |
asterisk — asterisk |
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. | 2022-04-15 | not yet calculated | CVE-2022-26651 MISC MISC MISC |
zoho — manageengine_remote_access_plus | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | 2022-04-16 | not yet calculated | CVE-2022-26653 CONFIRM |
zoho — manageengine_remote_access_plus | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | 2022-04-16 | not yet calculated | CVE-2022-26777 CONFIRM |
microsoft — windows | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26785. | 2022-04-15 | not yet calculated | CVE-2022-26783 N/A |
microsoft — windows | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-24538. | 2022-04-15 | not yet calculated | CVE-2022-26784 N/A |
microsoft — windows | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26783. | 2022-04-15 | not yet calculated | CVE-2022-26785 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26786 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26787 N/A |
microsoft — powershell |
PowerShell Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26788 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26789 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26790 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26791 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26792 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26793 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26794 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26795 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26796 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26797 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26798 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26802, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26801 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26803. | 2022-04-15 | not yet calculated | CVE-2022-26802 N/A |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802. | 2022-04-15 | not yet calculated | CVE-2022-26803 N/A |
microsoft — windows | Windows Work Folder Service Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26807 N/A |
microsoft — windows | Windows File Explorer Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26808 N/A |
microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. | 2022-04-15 | not yet calculated | CVE-2022-26809 N/A |
microsoft — windows | Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827. | 2022-04-15 | not yet calculated | CVE-2022-26810 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26811 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26812 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26813 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26814 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26815 N/A |
microsoft — windows | Windows DNS Server Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26816 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26817 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26818 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26819 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26820 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26821 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26822 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26823 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26824 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26825 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829. | 2022-04-15 | not yet calculated | CVE-2022-26826 N/A |
microsoft — windows | Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26810. | 2022-04-15 | not yet calculated | CVE-2022-26827 N/A |
microsoft — windows | Windows Bluetooth Driver Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26828 N/A |
microsoft — windows | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826. | 2022-04-15 | not yet calculated | CVE-2022-26829 N/A |
microsoft — windows | DiskUsage.exe Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26830 N/A |
microsoft — windows | Windows LDAP Denial of Service Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26831 N/A |
microsoft — windows | .NET Framework Denial of Service Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26832 N/A |
microsoft — windows | Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26897. | 2022-04-15 | not yet calculated | CVE-2022-26896 N/A |
microsoft — windows | Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26896. | 2022-04-15 | not yet calculated | CVE-2022-26897 N/A |
microsoft — windows | Azure Site Recovery Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26898 N/A |
microsoft — windows | Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473. | 2022-04-15 | not yet calculated | CVE-2022-26901 N/A |
microsoft — windows | Windows Graphics Component Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26903 N/A |
microsoft — windows | Windows User Profile Service Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26904 N/A |
microsoft — windows | Azure SDK for .NET Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26907 N/A |
microsoft — skype | Skype for Business and Lync Spoofing Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26910 N/A |
microsoft — skype | Skype for Business Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26911 N/A |
microsoft — windows | Win32k Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26914 N/A |
microsoft — windows | Windows Secure Channel Denial of Service Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26915 N/A |
microsoft — windows | Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918. | 2022-04-15 | not yet calculated | CVE-2022-26916 N/A |
microsoft — windows | Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918. | 2022-04-15 | not yet calculated | CVE-2022-26917 N/A |
microsoft — windows | Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917. | 2022-04-15 | not yet calculated | CVE-2022-26918 N/A |
microsoft — windows | Windows LDAP Remote Code Execution Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26919 N/A |
microsoft — windows | Windows Graphics Component Information Disclosure Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26920 N/A |
microsoft — windows | Visual Studio Code Elevation of Privilege Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26921 N/A |
microsoft — windows | YARP Denial of Service Vulnerability. | 2022-04-15 | not yet calculated | CVE-2022-26924 N/A |
microsoft — windows | nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | 2022-04-14 | not yet calculated | CVE-2022-27007 MISC MISC |
microsoft — windows | nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. | 2022-04-14 | not yet calculated | CVE-2022-27008 MISC MISC |
microsoft — windows | Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 – 2.3.6 Neptune is vulnerable to Directory Traversal. | 2022-04-15 | not yet calculated | CVE-2022-27043 MISC |
moxa — mgate | A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. | 2022-04-15 | not yet calculated | CVE-2022-27048 MISC |
github — ghost | An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. | 2022-04-12 | not yet calculated | CVE-2022-27139 MISC |
github — express_fileupload | An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-12 | not yet calculated | CVE-2022-27140 MISC |
pearweb — pearweb | pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. | 2022-04-15 | not yet calculated | CVE-2022-27157 MISC |
pearweb — pearweb | pearweb < 1.32 suffers from Deserialization of Untrusted Data. | 2022-04-15 | not yet calculated | CVE-2022-27158 MISC |
csz — cms | Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers | 2022-04-12 | not yet calculated | CVE-2022-27161 MISC |
csz — cms | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser | 2022-04-12 | not yet calculated | CVE-2022-27162 MISC |
csz — cms | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser | 2022-04-12 | not yet calculated | CVE-2022-27163 MISC |
csz — cms | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers | 2022-04-12 | not yet calculated | CVE-2022-27164 MISC |
csz — cms | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus | 2022-04-12 | not yet calculated | CVE-2022-27165 MISC |
yokogawa — centum |
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | 2022-04-15 | not yet calculated | CVE-2022-27188 MISC MISC |
seimens — simatic | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. | 2022-04-12 | not yet calculated | CVE-2022-27194 CONFIRM |
seimens — mendix |
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. | 2022-04-12 | not yet calculated | CVE-2022-27241 CONFIRM |
hubzilla — hubzilla |
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | 2022-04-13 | not yet calculated | CVE-2022-27256 MISC MISC MISC |
hubzilla — hubzilla |
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | 2022-04-15 | not yet calculated | CVE-2022-27257 MISC MISC |
hubzilla — hubzilla |
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | 2022-04-15 | not yet calculated | CVE-2022-27258 MISC MISC |
buttercms — buttercms |
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. | 2022-04-12 | not yet calculated | CVE-2022-27260 MISC MISC MISC |
express — express_fileupload | An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | 2022-04-12 | not yet calculated | CVE-2022-27261 MISC MISC |
skipper — skipper |
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | 2022-04-12 | not yet calculated | CVE-2022-27262 MISC MISC |
strapi — strapi |
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | 2022-04-12 | not yet calculated | CVE-2022-27263 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27268 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27269 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27270 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27271 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27272 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27273 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27274 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27275 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet. | 2022-04-10 | not yet calculated | CVE-2022-27276 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | 2022-04-10 | not yet calculated | CVE-2022-27277 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. | 2022-04-10 | not yet calculated | CVE-2022-27279 MISC MISC |
inhand_networks — inrouter_900_industrial_ 4g_router | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. | 2022-04-10 | not yet calculated | CVE-2022-27280 MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 2022-04-10 | not yet calculated | CVE-2022-27286 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 2022-04-10 | not yet calculated | CVE-2022-27287 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 2022-04-10 | not yet calculated | CVE-2022-27288 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 2022-04-10 | not yet calculated | CVE-2022-27289 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 2022-04-10 | not yet calculated | CVE-2022-27290 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. | 2022-04-10 | not yet calculated | CVE-2022-27291 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | 2022-04-10 | not yet calculated | CVE-2022-27292 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | 2022-04-10 | not yet calculated | CVE-2022-27293 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | 2022-04-10 | not yet calculated | CVE-2022-27294 MISC MISC |
d-link — dir_619_ ax_ v1.00 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | 2022-04-10 | not yet calculated | CVE-2022-27295 MISC MISC |
cscms — music_portal_system | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. | 2022-04-15 | not yet calculated | CVE-2022-27365 MISC |
cscms — music_portal_system | Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. | 2022-04-15 | not yet calculated | CVE-2022-27366 MISC |
cscms — music_portal_system | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. | 2022-04-15 | not yet calculated | CVE-2022-27367 MISC |
cscms — music_portal_system | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. | 2022-04-15 | not yet calculated | CVE-2022-27368 MISC |
cscms — music_portal_system | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. | 2022-04-15 | not yet calculated | CVE-2022-27369 MISC |
mariadb — mariadb_server | MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27376 MISC |
mariadb — mariadb_server | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27377 MISC |
mariadb — mariadb_server | An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27378 MISC |
mariadb — mariadb_server | An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27379 MISC |
mariadb — mariadb_server | An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27380 MISC |
mariadb — mariadb_server | An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27381 MISC |
mariadb — mariadb_server | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. | 2022-04-12 | not yet calculated | CVE-2022-27382 MISC |
mariadb — mariadb_server | MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27383 MISC |
mariadb — mariadb_server | An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27384 MISC |
mariadb — mariadb_server | An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27385 MISC |
mariadb — mariadb_server | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | 2022-04-12 | not yet calculated | CVE-2022-27386 MISC |
mariadb — mariadb_server | MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. | 2022-04-12 | not yet calculated | CVE-2022-27387 MISC |
tcpreplay — tcpreplay | Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. | 2022-04-12 | not yet calculated | CVE-2022-27416 MISC |
tcpreplay — tcpreplay | Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. | 2022-04-12 | not yet calculated | CVE-2022-27418 MISC |
chamilo — chamilo_lms |
rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | 2022-04-12 | not yet calculated | CVE-2022-27419 MISC |
chamilo — chamilo_lms | Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | 2022-04-15 | not yet calculated | CVE-2022-27421 MISC |
chamilo — chamilo_lms | A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. | 2022-04-15 | not yet calculated | CVE-2022-27422 MISC |
chamilo — chamilo_lms | Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | 2022-04-15 | not yet calculated | CVE-2022-27423 MISC |
chamilo — chamilo_lms | Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. | 2022-04-15 | not yet calculated | CVE-2022-27425 MISC |
chamilo — chamilo_lms | A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. | 2022-04-15 | not yet calculated | CVE-2022-27426 MISC |
chamilo — chamilo_lms | A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin. | 2022-04-15 | not yet calculated | CVE-2022-27427 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | 2022-04-14 | not yet calculated | CVE-2022-27444 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | 2022-04-14 | not yet calculated | CVE-2022-27445 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | 2022-04-14 | not yet calculated | CVE-2022-27446 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | 2022-04-14 | not yet calculated | CVE-2022-27447 MISC |
mariadb — mariadb_server | There is an Assertion failure in MariaDB Server v10.9 and below via ‘node->pcur->rel_pos == BTR_PCUR_ON’ at /row/row0mysql.cc. | 2022-04-14 | not yet calculated | CVE-2022-27448 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | 2022-04-14 | not yet calculated | CVE-2022-27449 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | 2022-04-14 | not yet calculated | CVE-2022-27451 MISC |
mariadb — mariadb_server | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | 2022-04-14 | not yet calculated | CVE-2022-27452 MISC |
mariadb — mariadb_server | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. | 2022-04-14 | not yet calculated | CVE-2022-27455 MISC |
mariadb — mariadb_server | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | 2022-04-14 | not yet calculated | CVE-2022-27456 MISC |
mariadb — mariadb_server | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. | 2022-04-14 | not yet calculated | CVE-2022-27457 MISC |
mariadb — mariadb_server | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. | 2022-04-14 | not yet calculated | CVE-2022-27458 MISC |
roothub — roothub | SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the “s” parameter remotely. | 2022-04-12 | not yet calculated | CVE-2022-27472 MISC MISC |
roothub — roothub |
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the “s” parameter remotely. | 2022-04-12 | not yet calculated | CVE-2022-27473 MISC MISC |
github — mount4m |
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. | 2022-04-15 | not yet calculated | CVE-2022-27474 MISC MISC |
tramyardg — hotel_mgmt_system |
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. | 2022-04-13 | not yet calculated | CVE-2022-27475 MISC MISC |
newbee_ltd — newbee_mall |
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. | 2022-04-10 | not yet calculated | CVE-2022-27476 MISC |
apache — apache_superset |
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | 2022-04-13 | not yet calculated | CVE-2022-27479 CONFIRM CONFIRM MLIST |
seimens — sicam |
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | 2022-04-12 | not yet calculated | CVE-2022-27480 CONFIRM FULLDISC MISC |
seimens — scalance | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device. | 2022-04-12 | not yet calculated | CVE-2022-27481 CONFIRM |
citrix — storefront | Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | 2022-04-13 | not yet calculated | CVE-2022-27503 MISC |
citrix — sd_wan | Reflected cross site scripting (XSS) | 2022-04-13 | not yet calculated | CVE-2022-27505 MISC |
citrix — sd_wan_cli | Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI | 2022-04-13 | not yet calculated | CVE-2022-27506 MISC |
autodesk — trueview | A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-04-13 | not yet calculated | CVE-2022-27523 MISC |
autodesk — trueview | An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-04-13 | not yet calculated | CVE-2022-27524 MISC |
autodesk — navisworks |
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 2022-04-11 | not yet calculated | CVE-2022-27528 MISC |
samsung — google_and_samsung | Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | 2022-04-11 | not yet calculated | CVE-2022-27567 MISC |
samsung — google_and_samsung | Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-27568 MISC |
samsung — google_and_samsung | Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-27569 MISC |
samsung — google_and_samsung | Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-27570 MISC |
samsung — google_and_samsung | Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 2022-04-11 | not yet calculated | CVE-2022-27571 MISC |
samsung — google_and_samsung | Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | 2022-04-11 | not yet calculated | CVE-2022-27572 MISC |
samsung — mobile |
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | 2022-04-11 | not yet calculated | CVE-2022-27573 MISC |
samsung — mobile |
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | 2022-04-11 | not yet calculated | CVE-2022-27574 MISC |
samsung — one_ui_home |
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | 2022-04-11 | not yet calculated | CVE-2022-27575 MISC |
samsung — dex_home |
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | 2022-04-11 | not yet calculated | CVE-2022-27576 MISC |
sick_ag — msc800 | The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. | 2022-04-11 | not yet calculated | CVE-2022-27577 MISC |
sick_ag — oee | An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 2022-04-11 | not yet calculated | CVE-2022-27578 MISC |
sap — 3d_visual |
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-04-12 | not yet calculated | CVE-2022-27654 MISC MISC |
sap — universal_3d |
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-04-12 | not yet calculated | CVE-2022-27655 MISC MISC |
sap — focused_run |
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) – version 1.0. | 2022-04-12 | not yet calculated | CVE-2022-27657 MISC MISC |
sap — businessobjects_business_intelligence |
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) – version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 2022-04-12 | not yet calculated | CVE-2022-27667 MISC MISC |
sap — xml_data_archiving_service |
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java – version 7.50, to which access should be restricted. This may result in an escalation of privileges. | 2022-04-12 | not yet calculated | CVE-2022-27669 MISC MISC |
sap — sql |
SAP SQL Anywhere – version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | 2022-04-12 | not yet calculated | CVE-2022-27670 MISC MISC |
sap — csrf |
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 2022-04-12 | not yet calculated | CVE-2022-27671 MISC MISC |
swhkd — swhkd | SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. | 2022-04-14 | not yet calculated | CVE-2022-27814 MISC MISC |
swhkd — swhkd | SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | 2022-04-14 | not yet calculated | CVE-2022-27817 MISC MISC |
samsung — mobile | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. | 2022-04-11 | not yet calculated | CVE-2022-27821 MISC |
samsung — mobile | Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | 2022-04-11 | not yet calculated | CVE-2022-27822 MISC |
samsung — libsapeextractor | Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 2022-04-11 | not yet calculated | CVE-2022-27823 MISC |
samsung — libsapeextractor | Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | 2022-04-11 | not yet calculated | CVE-2022-27824 MISC |
samsung — libsapeextractor | Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 2022-04-11 | not yet calculated | CVE-2022-27825 MISC |
samsung — semsuspenddialoginfo | Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 2022-04-11 | not yet calculated | CVE-2022-27826 MISC |
samsung — mediamonitordimension | Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 2022-04-11 | not yet calculated | CVE-2022-27827 MISC |
samsung — mediamonitorevent | Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 2022-04-11 | not yet calculated | CVE-2022-27828 MISC |
samsung — verifycredentialresponse | Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 2022-04-11 | not yet calculated | CVE-2022-27829 MISC |
samsung — semblurinfo | Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 2022-04-11 | not yet calculated | CVE-2022-27830 MISC |
samsung — libsapeextractor | Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. | 2022-04-11 | not yet calculated | CVE-2022-27831 MISC |
samsung — media_extractor | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | 2022-04-11 | not yet calculated | CVE-2022-27832 MISC |
samsung — dsp_driver | Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | 2022-04-11 | not yet calculated | CVE-2022-27833 MISC |
samsung — dsp_contect_unload_graph |
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | 2022-04-11 | not yet calculated | CVE-2022-27834 MISC |
samsung — uwb | Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | 2022-04-11 | not yet calculated | CVE-2022-27835 MISC |
samsung — storagemanager | Improper access control and path traversal vulnerability in StroageManager and StroageManagerService prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. | 2022-04-11 | not yet calculated | CVE-2022-27836 MISC |
samsung — pendingintent | A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | 2022-04-11 | not yet calculated | CVE-2022-27837 MISC |
samsung — factorycamera | Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | 2022-04-11 | not yet calculated | CVE-2022-27838 MISC |
samsung — secret_mode | Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | 2022-04-11 | not yet calculated | CVE-2022-27839 MISC |
samsung — samsung_recovery | Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | 2022-04-11 | not yet calculated | CVE-2022-27840 MISC |
samsung — samsung_pass | Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | 2022-04-11 | not yet calculated | CVE-2022-27841 MISC |
samsung — smart_switch | DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | 2022-04-11 | not yet calculated | CVE-2022-27842 MISC |
samsung — kies | DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | 2022-04-11 | not yet calculated | CVE-2022-27843 MISC |
wordpress — wpvivid | Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | 2022-04-11 | not yet calculated | CVE-2022-27844 CONFIRM CONFIRM |
wordpress — plausiblehq_plausible_analytics |
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 | 2022-04-11 | not yet calculated | CVE-2022-27845 CONFIRM CONFIRM |
wordpress — yooslider_yoo_slider | Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. | 2022-04-13 | not yet calculated | CVE-2022-27846 CONFIRM CONFIRM |
wordpress — yooslider_yoo_slider | Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. | 2022-04-13 | not yet calculated | CVE-2022-27847 CONFIRM CONFIRM |
wordpress — modern_events_calendar_lite | Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | 2022-04-14 | not yet calculated | CVE-2022-27848 CONFIRM CONFIRM |
wordpress — simple_ajax_chat |
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 2022-04-15 | not yet calculated | CVE-2022-27849 CONFIRM CONFIRM |
wordpress — simple_ajax_chat | Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 2022-04-15 | not yet calculated | CVE-2022-27850 CONFIRM CONFIRM |
wordpress — use_any_font | Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | 2022-04-15 | not yet calculated | CVE-2022-27851 CONFIRM CONFIRM |
wordpress — kb_support | Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 | 2022-04-15 | not yet calculated | CVE-2022-27852 CONFIRM CONFIRM |
wordpress — payloadcms | An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. | 2022-04-12 | not yet calculated | CVE-2022-27952 MISC MISC |
github — AtomCMS 2.0 | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php | 2022-04-12 | not yet calculated | CVE-2022-28032 MISC |
github — AtomCMS 2.0 | Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php | 2022-04-12 | not yet calculated | CVE-2022-28033 MISC |
github — AtomCMS 2.0 | AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php | 2022-04-12 | not yet calculated | CVE-2022-28034 MISC |
github — AtomCMS 2.0 | Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php | 2022-04-12 | not yet calculated | CVE-2022-28035 MISC |
github — AtomCMS 2.0 | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php | 2022-04-12 | not yet calculated | CVE-2022-28036 MISC |
github — stb |
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | 2022-04-15 | not yet calculated | CVE-2022-28041 MISC MISC |
githib — stb |
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | 2022-04-15 | not yet calculated | CVE-2022-28042 MISC MISC |
github — stb | Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. | 2022-04-15 | not yet calculated | CVE-2022-28044 MISC MISC |
github — stb | STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | 2022-04-15 | not yet calculated | CVE-2022-28048 MISC MISC |
njs — nginx | NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | 2022-04-15 | not yet calculated | CVE-2022-28049 MISC MISC |
roothub — roothub | Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution. | 2022-04-13 | not yet calculated | CVE-2022-28052 MISC MISC |
selenium — selenium_grid |
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine. | 2022-04-15 | not yet calculated | CVE-2022-28109 MISC MISC MLIST |
fantec_gmbh — mwids_ds_firmware |
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. | 2022-04-15 | not yet calculated | CVE-2022-28113 MISC MISC MISC MISC |
sap — businessobject_business_intelligence_platform |
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform – version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. | 2022-04-12 | not yet calculated | CVE-2022-28213 MISC MISC |
sap — netweaver_abap_server_andabap_platform |
SAP NetWeaver ABAP Server and ABAP Platform – versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | 2022-04-12 | not yet calculated | CVE-2022-28215 MISC MISC |
sap — businessobject_business_intelligence_platform |
SAP BusinessObjects Business Intelligence Platform (BI Workspace) – version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. | 2022-04-12 | not yet calculated | CVE-2022-28216 MISC MISC |
seimens — scalance |
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition. | 2022-04-12 | not yet calculated | CVE-2022-28328 CONFIRM |
seimens — scalance |
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature. | 2022-04-12 | not yet calculated | CVE-2022-28329 CONFIRM |
signal_app — ios |
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively. | 2022-04-15 | not yet calculated | CVE-2022-28345 MISC MISC MISC |
django — django |
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | 2022-04-12 | not yet calculated | CVE-2022-28346 MISC MISC MISC MISC MLIST |
django — django |
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | 2022-04-12 | not yet calculated | CVE-2022-28347 MISC MISC MISC MISC |
apostrophe — apostrophe_cms |
Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs. | 2022-04-12 | not yet calculated | CVE-2022-28396 MISC |
ghost — cms |
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. | 2022-04-12 | not yet calculated | CVE-2022-28397 MISC MISC MISC MISC MISC |
samsung — samsung_update |
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | 2022-04-11 | not yet calculated | CVE-2022-28541 MISC |
samsung — galaxy_store |
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | 2022-04-11 | not yet calculated | CVE-2022-28542 MISC |
samsung — flow |
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. | 2022-04-11 | not yet calculated | CVE-2022-28543 MISC |
samsung — galaxy |
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | 2022-04-11 | not yet calculated | CVE-2022-28544 MISC |
siemens — simcenter_femap |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114) | 2022-04-12 | not yet calculated | CVE-2022-28661 CONFIRM |
siemens — simcenter_femap |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307) | 2022-04-12 | not yet calculated | CVE-2022-28662 CONFIRM |
siemens — simcenter_femap |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592) | 2022-04-12 | not yet calculated | CVE-2022-28663 CONFIRM |
talosintelligence — ardupilot_apweb_master_branch |
A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac – master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | 2022-04-14 | not yet calculated | CVE-2022-28711 MISC |
sap — sapui5_library |
Due to insufficient input validation, SAPUI5 library(vbm) – versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2022-04-12 | not yet calculated | CVE-2022-28770 MISC MISC |
sap — web_dispatcher |
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher – versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. | 2022-04-12 | not yet calculated | CVE-2022-28772 MISC MISC |
sap — web_dispatcher |
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | 2022-04-12 | not yet calculated | CVE-2022-28773 MISC MISC |
samsung — flow |
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | 2022-04-11 | not yet calculated | CVE-2022-28775 MISC |
samsung — galaxy |
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | 2022-04-11 | not yet calculated | CVE-2022-28776 MISC |
samsung — members |
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | 2022-04-11 | not yet calculated | CVE-2022-28777 MISC |
samsung — security_supporter |
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | 2022-04-11 | not yet calculated | CVE-2022-28778 MISC |
samsung — android_usb_driver |
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | 2022-04-11 | not yet calculated | CVE-2022-28779 MISC |
avira — password_manager_browser_extensions |
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. | 2022-04-12 | not yet calculated | CVE-2022-28795 MISC |
f-secure — safe_browser |
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. | 2022-04-15 | not yet calculated | CVE-2022-28868 MISC MISC |
f-secure — safe_browser |
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. | 2022-04-15 | not yet calculated | CVE-2022-28869 MISC MISC |
f-secure — safe_browser |
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. | 2022-04-15 | not yet calculated | CVE-2022-28870 MISC MISC |
wasm3 — wasm3 |
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c). | 2022-04-16 | not yet calculated | CVE-2022-28966 MISC |
forestblog — forestblog |
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. | 2022-04-16 | not yet calculated | CVE-2022-29020 MISC |
jenkins — credentials_plugin | Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29036 CONFIRM |
jenkins — cvs_plugin |
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29037 CONFIRM |
jenkins — extended_choice_parameter_plugin |
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29038 CONFIRM |
jenkins — gerrit_trigger_plugin |
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29039 CONFIRM |
jenkins — git_parameter |
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29040 CONFIRM |
jenkins — jira_plugin |
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29041 CONFIRM |
jenkins — job_generator_plugin |
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs’ Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29042 CONFIRM |
jenkins — mask_passwords_plugin |
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29043 CONFIRM |
jenkins — node_and_label_parameter_plugin |
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29044 CONFIRM |
jenkins — jenkins |
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29045 CONFIRM |
jenkins — subversion_plugin |
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-04-12 | not yet calculated | CVE-2022-29046 CONFIRM |
jenkins — pipeline |
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. | 2022-04-12 | not yet calculated | CVE-2022-29047 CONFIRM |
jenkins — subversion_plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | 2022-04-12 | not yet calculated | CVE-2022-29048 CONFIRM |
jenkins — jenkins |
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. | 2022-04-12 | not yet calculated | CVE-2022-29049 CONFIRM |
jenkins — publish_over_ftp_plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | 2022-04-12 | not yet calculated | CVE-2022-29050 CONFIRM |
jenkins — publish_over_ftp_plugin |
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | 2022-04-12 | not yet calculated | CVE-2022-29051 CONFIRM |
jenkins — google_compute_engine_plugin |
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2022-04-12 | not yet calculated | CVE-2022-29052 CONFIRM |
microsoft — windows |
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, | 2022-04-15 | not yet calculated | CVE-2022-29072 MISC MISC MISC |
npm — npm |
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | 2022-04-12 | not yet calculated | CVE-2022-29080 MISC MISC |
linux — linux_kernel |
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | 2022-04-13 | not yet calculated | CVE-2022-29156 MISC MISC |
bitrix — bitrix |
Bitrix through 7.5.0 allows remote attackers to execute arbitrary code by using the restore.php Upload From Local Disk feature. | 2022-04-15 | not yet calculated | CVE-2022-29268 MISC |
notable — notable_insiders |
Notable before 1.9.0-beta.8 doesn’t effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | 2022-04-15 | not yet calculated | CVE-2022-29281 MISC MISC |
kentico — kentico_cms |
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password). | 2022-04-16 | not yet calculated | CVE-2022-29287 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.