US-CERT Bulletin (SB22-122):Vulnerability Summary for the Week of April 25, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jfinalcms_project — jfinalcms JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. 2022-04-22 7.5 CVE-2022-27341
MISC
link-admin_project — link-admin Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). 2022-04-22 7.5 CVE-2022-27342
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. 2022-04-22 6.8 CVE-2021-38886
XF
CONFIRM
pimcore — pimcore SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 2022-04-22 5 CVE-2022-1429
MISC
CONFIRM
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. 2022-04-22 4.3 CVE-2021-38904
XF
CONFIRM
microweber — microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. 2022-04-22 4.3 CVE-2022-1439
CONFIRM
MISC
crypt-server_project — crypt-server Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. 2022-04-22 4.3 CVE-2022-29589
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. 2022-04-22 4 CVE-2021-20464
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. 2022-04-22 4 CVE-2021-29824
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. 2022-04-22 4 CVE-2021-38905
XF
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. 2022-04-22 3.5 CVE-2021-38903
CONFIRM
XF
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. 2022-04-22 3.5 CVE-2021-38946
CONFIRM
XF
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
artifex — ghostscript
 
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC
wordpress — dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC
wordpress — advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC
wordpress — tatsu_wordpress_plugin
 
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC
wordpress– english_wordpress_admin_wordpress_plugin
 
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC
sophos — authenticator_for_android
 
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM
maxboard — maxboard
 
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC
tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. 2022-04-26 not yet calculated CVE-2021-26629
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF
nomachine — nomachine_for_windows
 
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM
bender/ebee — cc612
 
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM
bender/ebee — charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM
3scale — apicast
 
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC
solarwinds — serv-u
 
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC
metasys — ads/adx/oas
 
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM
veryfixpro — veryfixpro
 
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC
wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM
tripetto — tripetto_plugin
 
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC
lenovo — pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF
ibm — qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF
lenovo — multiple_products
 
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM
motorola — multiple_products
 
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC
ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF
lenovo — lenovovariable_smi_handler
 
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC
lenovo — notebook
 
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC
red_hat — gnome-shell
 
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC
artica — proxy
 
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC
eclipse — openj9
 
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM
novelplus — novel-plus
 
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC
magic_cms_msvod — magic_cms_msvod
 
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC
encode– oss_httpx
 
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms — subrion_cms
 
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC
pingidentity — pingid_windows_login
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC
pingidentity — pingid_adnroid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC
pingidentity — pingid_ios
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC
pingidentity — pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC
aemu — aemu
 
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC
lenovo — nvme_driver
 
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC
lenovo — smbios_event_log_driver
 
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC
lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC
wordpress — sp_project_&_document_manager_wordpress_plugin
 
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC
elcomplus — smartptt
 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930
CONFIRM
elcomplus — smartptt

 
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 2022-04-28 not yet calculated CVE-2021-43932
CONFIRM
elcomplus — smartptt

 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. 2022-04-28 not yet calculated CVE-2021-43934
CONFIRM
elcomplus — smartptt_scada_server
 
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. 2022-04-29 not yet calculated CVE-2021-43937
CONFIRM
elcomplus — smartptt_scada_server

 
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. 2022-04-29 not yet calculated CVE-2021-43938
CONFIRM
elcomplus — smartptt_scada
 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 2022-04-28 not yet calculated CVE-2021-43939
CONFIRM
wondershare — dr._fone
 
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 2022-04-29 not yet calculated CVE-2021-44595
MISC
MISC
MISC
wondershare — dr._fone Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 2022-04-29 not yet calculated CVE-2021-44596
MISC
MISC
MISC
terramaster — terramaster
 
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 2022-04-25 not yet calculated CVE-2021-45836
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. 2022-04-25 not yet calculated CVE-2021-45837
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45839
MISC
terramaster — terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. 2022-04-25 not yet calculated CVE-2021-45840
MISC
terramaster — terramaster
 
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 2022-04-25 not yet calculated CVE-2021-45841
MISC
terramaster — terramaster
 
It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45842
MISC
franklin_fueling_systems — ts-550_evo
 
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46420
MISC
franklin_fueling_systems — t5_series
 
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46421
MISC
telesquare — sdt-cw3b1 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. 2022-04-27 not yet calculated CVE-2021-46422
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 2022-04-27 not yet calculated CVE-2021-46423
MISC
telesquare — tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. 2022-04-27 not yet calculated CVE-2021-46424
MISC
d-link — dir-825_g1
 
In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 2022-04-27 not yet calculated CVE-2021-46441
MISC
MISC
D-Link DIR-825 G1
 
In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. 2022-04-27 not yet calculated CVE-2021-46442
MISC
MISC
wordpress — easy_google_maps_wordpress_plugin
 
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46780
MISC
wordpress — supsystic_wordpress_plugin
 
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46781
MISC
wordpress — supsystic_wordpress_plugin
 
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46782
MISC
lenovo — pcmanager
 
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 2022-04-22 not yet calculated CVE-2022-0192
MISC
wordpress — mycred_wordpress_plugin
 
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog 2022-04-25 not yet calculated CVE-2022-0287
MISC
lenovo — system_update
 
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 2022-04-22 not yet calculated CVE-2022-0354
MISC
MISC
wordpress — mycred_wordpress_lugin
 
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. 2022-04-25 not yet calculated CVE-2022-0363
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 2022-04-25 not yet calculated CVE-2022-0398
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 2022-04-25 not yet calculated CVE-2022-0477
MISC
CONFIRM
wordpress — flo-launch_wordpress_plugin
 
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. 2022-04-25 not yet calculated CVE-2022-0541
MISC
wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. 2022-04-25 not yet calculated CVE-2022-0634
MISC
lenovo — thin_installer
 
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 2022-04-22 not yet calculated CVE-2022-0636
MISC
wordpress — web_to_print_shop_udraw_wordpress_plugin
 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) 2022-04-25 not yet calculated CVE-2022-0656
MISC
wordpress — 5_stars_rating_funnel_wordpress_plugin
 
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. 2022-04-25 not yet calculated CVE-2022-0657
MISC
wordpress — master_elements_wordpress_plugin
 
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0693
MISC
wordpress — users_ultra_wordpress_plugin
 
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. 2022-04-25 not yet calculated CVE-2022-0769
MISC
wordpress — donations_wordpress_plugin
 
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0782
MISC
wordpress — wpdevart_wordpress_plugin
 
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-0876
MISC
wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters 2022-04-25 not yet calculated CVE-2022-0953
MISC
linux — linux
 
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 2022-04-29 not yet calculated CVE-2022-0984
MISC
linux — linux
 
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. 2022-04-29 not yet calculated CVE-2022-0985
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 2022-04-29 not yet calculated CVE-2022-1015
MISC
MISC
MISC
wordpress — page_restriction_wordpress_plugin
 
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. 2022-04-25 not yet calculated CVE-2022-1027
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
wordpress — mycred_plugin
 
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog 2022-04-25 not yet calculated CVE-2022-1092
MISC
wordpress — wordpress
 
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1094
MISC
lenovo — thinkpad
 
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 2022-04-22 not yet calculated CVE-2022-1107
MISC
lenovo — thinkpad
 
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2022-1108
MISC
imagemagicks — relinquishdcminfo
 
A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. 2022-04-29 not yet calculated CVE-2022-1114
MISC
wordpress — menubar_plugin
 
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2022-1152
MISC
wordpress — layerslider_plugin
 
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-1153
MISC
wordpress — books_and_papers_plugin
 
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1156
MISC
getgrav — grav
 
stored xss in GitHub repository getgrav/grav prior to 1.7.33. 2022-04-26 not yet calculated CVE-2022-1173
MISC
CONFIRM
linux — linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
podman — podman
 
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. 2022-04-29 not yet calculated CVE-2022-1227
MISC
MISC
wordpress — opensea_plugin
 
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-25 not yet calculated CVE-2022-1228
MISC
linux — linux
 
A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. 2022-04-29 not yet calculated CVE-2022-1249
MISC
linux — linux_kernel
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
wordpress — admin_word_count_column
 
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique 2022-04-25 not yet calculated CVE-2022-1390
MISC
MISC
wordpress — cab_fare_calculator_plugin
 
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. 2022-04-25 not yet calculated CVE-2022-1391
MISC
MISC
wordpress — videos_sync_pdf_plugin
 
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 2022-04-25 not yet calculated CVE-2022-1392
MISC
MISC
wordpress — donorbox_plugin
 
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1396
MISC
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-04-29 not yet calculated CVE-2022-1402
MISC
delta_electronics — asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 2022-04-29 not yet calculated CVE-2022-1403
MISC
mruby — mruby
 
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 2022-04-23 not yet calculated CVE-2022-1427
CONFIRM
MISC
yarkeev — yarkeev
 
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. 2022-04-22 not yet calculated CVE-2022-1440
MISC
CONFIRM
gpac — gpac
 
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 2022-04-25 not yet calculated CVE-2022-1441
MISC
MISC
radareorg — radare2
 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 2022-04-23 not yet calculated CVE-2022-1444
CONFIRM
MISC
snipe — snipe-it
 
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-24 not yet calculated CVE-2022-1445
MISC
CONFIRM
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1451
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1452
CONFIRM
MISC
facturascripts — facturascripts
 
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-25 not yet calculated CVE-2022-1457
CONFIRM
MISC
openemr — openemr
 
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1458
MISC
CONFIRM
openemr — openemr
 
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1459
MISC
CONFIRM
openemr — openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1461
MISC
CONFIRM
getsimple — content_management_system
 
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 2022-04-26 not yet calculated CVE-2022-1466
MISC
MISC
MISC
getsimple — content_management_system A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. 2022-04-27 not yet calculated CVE-2022-1503
MISC
MISC
microweber — microweber
 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 2022-04-27 not yet calculated CVE-2022-1504
CONFIRM
MISC
chafa — chafa
 
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 2022-04-27 not yet calculated CVE-2022-1507
MISC
CONFIRM
hestiacp — hestiacp
 
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. 2022-04-28 not yet calculated CVE-2022-1509
CONFIRM
MISC
snipe — snipe-it
 
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. 2022-04-28 not yet calculated CVE-2022-1511
CONFIRM
MISC
facturascripts — facturascripts
 
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-28 not yet calculated CVE-2022-1514
MISC
CONFIRM
emlog — emlog_pro
 
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1526
MISC
MISC
livehelperchat — livehelperchat
 
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 2022-04-29 not yet calculated CVE-2022-1530
MISC
CONFIRM
rtx — rtx
 
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. 2022-04-29 not yet calculated CVE-2022-1531
MISC
CONFIRM
libmobi — libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. 2022-04-29 not yet calculated CVE-2022-1533
CONFIRM
MISC
libmobi — libmobi
 
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. 2022-04-29 not yet calculated CVE-2022-1534
MISC
CONFIRM
automad — automad
 
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(“home”)</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1536
N/A
N/A
scoold — scoold
 
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. 2022-04-29 not yet calculated CVE-2022-1543
CONFIRM
MISC
sonicwall — sonicos
 
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. 2022-04-27 not yet calculated CVE-2022-22275
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. 2022-04-27 not yet calculated CVE-2022-22276
CONFIRM
sonicwall — sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. 2022-04-27 not yet calculated CVE-2022-22277
CONFIRM
sonicwall — sonicos_cfs
 
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack 2022-04-27 not yet calculated CVE-2022-22278
CONFIRM
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. 2022-04-27 not yet calculated CVE-2022-22312
CONFIRM
XF
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. 2022-04-27 not yet calculated CVE-2022-22315
CONFIRM
XF
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. 2022-04-28 not yet calculated CVE-2022-22322
CONFIRM
XF
ibm — security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. 2022-04-27 not yet calculated CVE-2022-22323
XF
CONFIRM
ibm — qradar
 
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. 2022-04-27 not yet calculated CVE-2022-22345
XF
CONFIRM
ibm — planning_analytics_local
 
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. 2022-04-25 not yet calculated CVE-2022-22392
XF
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. 2022-04-28 not yet calculated CVE-2022-22427
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. 2022-04-28 not yet calculated CVE-2022-22441
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. 2022-04-28 not yet calculated CVE-2022-22443
XF
CONFIRM
miele — benchmark_programming_tool
 
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. 2022-04-27 not yet calculated CVE-2022-22521
MISC
FULLDISC
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. 2022-04-28 not yet calculated CVE-2022-22781
MISC
zoom — client_for_meetings
 
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. 2022-04-28 not yet calculated CVE-2022-22782
MISC
zoom — on-premise_meeting_connector_controller
 
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. 2022-04-28 not yet calculated CVE-2022-22783
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one’s own implementation of the Validator interface. However, maintainers do not recommend this. 2022-04-25 not yet calculated CVE-2022-23457
MISC
MISC
CONFIRM
xilinx — xilinx
 
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. 2022-04-27 not yet calculated CVE-2022-23822
MISC
MISC
apache — doris
 
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. 2022-04-26 not yet calculated CVE-2022-23942
CONFIRM
MLIST
MLIST
linysys — linksys
 
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. 2022-04-27 not yet calculated CVE-2022-24372
MISC
MISC
MISC
solar — appscreener
 
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. 2022-04-28 not yet calculated CVE-2022-24449
MISC
MISC
apache — couchdb
 
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. 2022-04-26 not yet calculated CVE-2022-24706
MISC
MISC
MLIST
redis — redis
 
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24735
MISC
CONFIRM
MISC
MISC
redis — redis
 
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24736
MISC
CONFIRM
MISC
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 2022-04-25 not yet calculated CVE-2022-24792
MISC
CONFIRM
discourse — discourse-assign
 
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24866
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24873
MISC
MISC
CONFIRM
shopware — shopware Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24879
CONFIRM
MISC
MISC
tethik — tethik
 
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. 2022-04-25 not yet calculated CVE-2022-24880
MISC
MISC
MISC
CONFIRM
ballcat — ballcat
 
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. 2022-04-26 not yet calculated CVE-2022-24881
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24882
MISC
MISC
CONFIRM
MISC
freerdp — freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 2022-04-26 not yet calculated CVE-2022-24883
MISC
CONFIRM
MISC
MISC
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24885
MISC
MISC
CONFIRM
nextcloud — android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24886
MISC
MISC
CONFIRM
nextcloud — talk
 
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24887
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24888
MISC
MISC
CONFIRM
nextcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 2022-04-27 not yet calculated CVE-2022-24889
CONFIRM
MISC
MISC
esapi — esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for “onsiteURL” in the **antisamy-esapi.xml** configuration file that can cause “javascript:” URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the “onsiteURL” regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers’ release notes and security bulletin. 2022-04-27 not yet calculated CVE-2022-24891
MISC
CONFIRM
MISC
shopware — shopware
 
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. 2022-04-28 not yet calculated CVE-2022-24892
MISC
MISC
CONFIRM
xwiki — xwiki
 
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-04-28 not yet calculated CVE-2022-24898
MISC
MISC
CONFIRM
piano_led — piano_led
 
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. 2022-04-29 not yet calculated CVE-2022-24900
MISC
CONFIRM
MISC
MISC
MISC
lexmark — multiple_products
 
Lexmark products through 2022-02-10 have Incorrect Access Control. 2022-04-28 not yet calculated CVE-2022-24935
MISC
MISC
tagify — tagify
 
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. 2022-04-29 not yet calculated CVE-2022-25854
CONFIRM
CONFIRM
CONFIRM
CONFIRM
czproject — czproject
 
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-25 not yet calculated CVE-2022-25866
CONFIRM
CONFIRM
CONFIRM
nextcloud — android
 
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. 2022-04-25 not yet calculated CVE-2022-26111
MISC
MISC
hoteldruid — hotel_management_software
 
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. 2022-04-26 not yet calculated CVE-2022-26564
MISC
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. 2022-04-25 not yet calculated CVE-2022-26596
MISC
liferay — liferay
 
Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. 2022-04-25 not yet calculated CVE-2022-26597
MISC
element-plus — element-plus
 
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. 2022-04-25 not yet calculated CVE-2022-27103
MISC
MISC
MISC
adobe — xpdf
 
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. 2022-04-25 not yet calculated CVE-2022-27135
MISC
MISC
MISC
cifa-utils — cifa-utils
 
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. 2022-04-27 not yet calculated CVE-2022-27239
MISC
MISC
MISC
MISC
MISC
hms — hms
 
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. 2022-04-26 not yet calculated CVE-2022-27299
MISC
amro — amro
 
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. 2022-04-25 not yet calculated CVE-2022-27311
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. 2022-04-27 not yet calculated CVE-2022-27331
MISC
zammad — zammad
 
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-27332
MISC
seacms — seacms
 
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. 2022-04-27 not yet calculated CVE-2022-27336
MISC
mcms — mcms
 
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. 2022-04-22 not yet calculated CVE-2022-27340
MISC
MISC
tenda — tenda
 
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. 2022-04-25 not yet calculated CVE-2022-27374
MISC
tenda — tenda Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. 2022-04-25 not yet calculated CVE-2022-27375
MISC
gallerycms — gallerycms
 
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. 2022-04-25 not yet calculated CVE-2022-27428
MISC
jizhicms — jizhicms
 
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. 2022-04-25 not yet calculated CVE-2022-27429
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. 2022-04-26 not yet calculated CVE-2022-27468
MISC
MISC
monstaftp — monstaftp
 
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). 2022-04-26 not yet calculated CVE-2022-27469
MISC
MISC
wordpress — wordpress
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 2022-04-26 not yet calculated CVE-2022-27854
CONFIRM
CONFIRM
wordpress — shea_bunge_footer_text 
 
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. 2022-04-28 not yet calculated CVE-2022-27860
CONFIRM
CONFIRM
palantir — palantir
 
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. 2022-04-26 not yet calculated CVE-2022-27888
MISC
controlup — real-time_agent
 
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. 2022-04-27 not yet calculated CVE-2022-27905
MISC
cuppacms — cuppacms
 
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. 2022-04-26 not yet calculated CVE-2022-27984
MISC
MISC
cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. 2022-04-26 not yet calculated CVE-2022-27985
MISC
MISC
typemill — typemill
 
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28053
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. 2022-04-26 not yet calculated CVE-2022-28058
MISC
MISC
verydows — verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. 2022-04-26 not yet calculated CVE-2022-28059
MISC
MISC
victor_cms — victor_cms
 
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. 2022-04-28 not yet calculated CVE-2022-28060
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-28085
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28093
MISC
MISC
MISC
scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. 2022-04-25 not yet calculated CVE-2022-28094
MISC
MISC
MISC
turtlapp — turtle_note
 
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. 2022-04-28 not yet calculated CVE-2022-28101
MISC
MISC
php — mysql_admin_panel_generator
 
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. 2022-04-28 not yet calculated CVE-2022-28102
MISC
MISC
dscms — dscms
 
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. 2022-04-28 not yet calculated CVE-2022-28114
MISC
navigate_cms — navigate_cms
 
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. 2022-04-28 not yet calculated CVE-2022-28117
MISC
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28193
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28194
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28195
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. 2022-04-27 not yet calculated CVE-2022-28196
MISC
nvidia — jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28197
MISC
nvidia — omniverse_nucleus_and_cache
 
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. 2022-04-29 not yet calculated CVE-2022-28198
MISC
ciphermail — webmail_messenger
 
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). 2022-04-26 not yet calculated CVE-2022-28218
MISC
MISC
MISC
wordpress — country_selector_plugin
 
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request 2022-04-25 not yet calculated CVE-2022-28290
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC
nopsolutions — nopcommerce nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. 2022-04-26 not yet calculated CVE-2022-28448
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. 2022-04-26 not yet calculated CVE-2022-28449
MISC
nopsolutions — nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. 2022-04-26 not yet calculated CVE-2022-28450
MISC
lms_red_planet_laundry_management_system — lms_red_planet_laundry_management_system
 
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. 2022-04-29 not yet calculated CVE-2022-28452
MISC
MISC
MISC
MISC
limbas — limbas
 
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28454
MISC
MISC
MISC
apifox — apifox
 
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. 2022-04-27 not yet calculated CVE-2022-28464
MISC
wbce — wbce
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28477
MISC
MISC
allmediaserver — allmediaserver
 
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. 2022-04-29 not yet calculated CVE-2022-28480
MISC
giflib — giflb
 
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. 2022-04-25 not yet calculated CVE-2022-28506
MISC
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. 2022-04-26 not yet calculated CVE-2022-28521
MISC
MISC
zcms — zcms ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. 2022-04-26 not yet calculated CVE-2022-28522
MISC
MISC
hongcms — hongcms
 
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. 2022-04-26 not yet calculated CVE-2022-28523
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. 2022-04-26 not yet calculated CVE-2022-28524
MISC
ed01-cms — ed01-cms
 
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. 2022-04-26 not yet calculated CVE-2022-28525
MISC
dhcms — dhcms
 
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. 2022-04-26 not yet calculated CVE-2022-28527
MISC
bloofox — bloofoxcms
 
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. 2022-04-26 not yet calculated CVE-2022-28528
MISC
hoosk — hoosk
 
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. 2022-04-25 not yet calculated CVE-2022-28586
MISC
qualys — assetview
 
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. 2022-04-28 not yet calculated CVE-2022-28719
MISC
MISC
f-secure — atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-04-25 not yet calculated CVE-2022-28871
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. 2022-04-28 not yet calculated CVE-2022-28892
MISC
greencms — greencms
 
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. 2022-04-26 not yet calculated CVE-2022-28918
MISC
smallsrv — smallsrv
 
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. 2022-04-29 not yet calculated CVE-2022-28994
MISC
rippled — rippled A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. 2022-04-25 not yet calculated CVE-2022-29077
MISC
MISC
MISC
ejs — ejs_for_node.js
 
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). 2022-04-25 not yet calculated CVE-2022-29078
MISC
MISC
zoho — manageengine_access_manager_plus
 
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. 2022-04-28 not yet calculated CVE-2022-29081
MISC
MISC
ericom — powerterm_webconnect
 
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. 2022-04-28 not yet calculated CVE-2022-29152
MISC
MISC
coreboot — coreboot
 
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. 2022-04-25 not yet calculated CVE-2022-29264
MISC
MISC
apache — nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC
wordpress — hermit_plugin
 
Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 2022-04-28 not yet calculated CVE-2022-29410
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). 2022-04-28 not yet calculated CVE-2022-29411
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 2022-04-28 not yet calculated CVE-2022-29412
CONFIRM
CONFIRM
wordpress — hermit_plugin
 
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. 2022-04-28 not yet calculated CVE-2022-29413
CONFIRM
CONFIRM
wpkube — subscribe_to_comments_reloaded_plugin
 
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. 2022-04-29 not yet calculated CVE-2022-29414
CONFIRM
CONFIRM
wordpress — ravpage_plugin
 
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. 2022-04-28 not yet calculated CVE-2022-29415
CONFIRM
CONFIRM
wordpress — shortpixel_adaptive_images_plugin
 
Plugin Settings Update vulnerability in ShortPixel’s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. 2022-04-25 not yet calculated CVE-2022-29417
CONFIRM
CONFIRM
wordpress — night_mode_plugin
 
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 2022-04-25 not yet calculated CVE-2022-29418
CONFIRM
CONFIRM
wordpress — 3xsocializer_plugin
 
SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 2022-04-25 not yet calculated CVE-2022-29419
CONFIRM
CONFIRM
wordpress — rara_one_click_demo_import_plugin
 
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. 2022-04-29 not yet calculated CVE-2022-29451
CONFIRM
CONFIRM
mitel — mivoice_connect
 
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. 2022-04-26 not yet calculated CVE-2022-29499
CONFIRM
line_corporation — line_for_windows
 
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. 2022-04-27 not yet calculated CVE-2022-29505
MISC
htmlunit — nekohtml_parser HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. 2022-04-25 not yet calculated CVE-2022-29546
CONFIRM
northern.tech –mender_enterprise The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. 2022-04-28 not yet calculated CVE-2022-29555
MISC
MISC
northern.tech — mender_enterprise The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. 2022-04-28 not yet calculated CVE-2022-29556
MISC
MISC
mahara — mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. 2022-04-28 not yet calculated CVE-2022-29584
MISC
MISC
mahara — mahara
 
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). 2022-04-28 not yet calculated CVE-2022-29585
MISC
MISC
universis — universis-api
 
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. 2022-04-25 not yet calculated CVE-2022-29603
MISC
MISC
zammad — zammad
 
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. 2022-04-27 not yet calculated CVE-2022-29700
MISC
zammad — zammad
 
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. 2022-04-27 not yet calculated CVE-2022-29701
MISC
zoneminder — zoneminder
 
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. 2022-04-26 not yet calculated CVE-2022-29806
MISC
MISC
MISC
MISC
hashicorp — go-getter
 
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. 2022-04-27 not yet calculated CVE-2022-29810
MISC
MISC
MISC
jetbrains — hub
 
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. 2022-04-28 not yet calculated CVE-2022-29811
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient 2022-04-28 not yet calculated CVE-2022-29812
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible 2022-04-28 not yet calculated CVE-2022-29813
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 2022-04-28 not yet calculated CVE-2022-29814
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible 2022-04-28 not yet calculated CVE-2022-29815
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible 2022-04-28 not yet calculated CVE-2022-29816
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible 2022-04-28 not yet calculated CVE-2022-29817
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed 2022-04-28 not yet calculated CVE-2022-29818
MISC
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29819
MISC
jetbrains — pycharm
 
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible 2022-04-28 not yet calculated CVE-2022-29820
MISC
jetbrains — rider
 
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29821
MISC
automation_anywhere — automation360_22
 
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. 2022-04-29 not yet calculated CVE-2022-29856
MISC
MISC
ambiot — amb1_sdk
 
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. 2022-04-27 not yet calculated CVE-2022-29859
MISC
cif-utils — cifs_utils
 
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. 2022-04-28 not yet calculated CVE-2022-29869
MISC
MISC
mdeiawiki — private_domains The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. 2022-04-29 not yet calculated CVE-2022-29903
MISC
MISC
mediawiki — semanticdrilldown
 
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain ‘-‘ and ‘_’ constraints. 2022-04-29 not yet calculated CVE-2022-29904
MISC
MISC
mediawiki — fanboxes
 
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. 2022-04-29 not yet calculated CVE-2022-29905
MISC
MISC
mediawiki — quizgame
 
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. 2022-04-29 not yet calculated CVE-2022-29906
MISC
MISC
mediawiki_nimbus_skin
 
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 2022-04-29 not yet calculated CVE-2022-29907
MISC
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29934
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29935
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29936
MISC
oracle — usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29937
MISC
dji — aeroscope
 
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol. 2022-04-29 not yet calculated CVE-2022-29945
MISC
MISC
MISC
woodpecker — woodpecker
 
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. 2022-04-29 not yet calculated CVE-2022-29947
MISC
MISC
glewlwyd — glewlwyd
 
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. 2022-04-29 not yet calculated CVE-2022-29967
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.