US-CERT Bulletin (SB22-249):Vulnerability Summary for the Week of August 29, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35019
MISC
MISC
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35018
MISC
MISC
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow. 2022-08-29 not yet calculated CVE-2022-35016
MISC
MISC
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. 2022-08-29 not yet calculated CVE-2022-35015
MISC
MISC
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow. 2022-08-29 not yet calculated CVE-2022-35017
MISC
MISC
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. 2022-08-29 not yet calculated CVE-2022-35020
MISC
MISC
advancecomp — advancecomp Advancecomp v2.3 contains a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35014
MISC
MISC
aero — aerocms AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. 2022-08-31 not yet calculated CVE-2022-38812
MISC
apache — airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 2022-09-02 not yet calculated CVE-2022-38054
CONFIRM
MLIST
apache — airflow In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `–daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. 2022-09-02 not yet calculated CVE-2022-38170
CONFIRM
MLIST
MLIST
apache — geode
 
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify “–J=-Dgeode.enableGlobalSerialFilter=true” when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the “serializable-object-filter” configuration option. Using a global serial filter will impact performance. 2022-08-31 not yet calculated CVE-2022-37021
CONFIRM
apache — geode
 
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling “validate-serializable-objects=true” and specifying any user classes that may be serialized/deserialized with “serializable-object-filter”. Enabling “validate-serializable-objects” may impact performance. 2022-08-31 not yet calculated CVE-2022-37023
CONFIRM
apache — geode
 
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator. 2022-08-31 not yet calculated CVE-2022-37022
CONFIRM
apache — ofbiz
 
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. 2022-09-02 not yet calculated CVE-2022-25370
CONFIRM
MLIST
MLIST
apache — ofbiz
 
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. 2022-09-02 not yet calculated CVE-2022-25371
CONFIRM
MLIST
MLIST
apache — ofbiz
 
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the “Contact us” page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. 2022-09-02 not yet calculated CVE-2022-25813
CONFIRM
MLIST
apache — ofbiz
 
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 2022-09-02 not yet calculated CVE-2022-29158
CONFIRM
MLIST
apache — shenyu Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator’s passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. 2022-09-01 not yet calculated CVE-2022-37435
CONFIRM
apache — ofbiz
 
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646. 2022-09-02 not yet calculated CVE-2022-29063
CONFIRM
MLIST
apostrophecms — sanitize-html The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. 2022-08-30 not yet calculated CVE-2022-25887
CONFIRM
CONFIRM
CONFIRM
CONFIRM
arcsight — micro_focus_arcsight_logger Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. 2022-08-31 not yet calculated CVE-2022-26331
MISC
MISC
arcsight — micro_focus_arcsight_logger
 
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. 2022-08-31 not yet calculated CVE-2022-26330
MISC
MISC
armdeveloper — midgard/bifrost/valhall_kernel_driver
 
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. 2022-09-01 not yet calculated CVE-2022-36449
MISC
artifex — mupdf A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. 2022-08-26 not yet calculated CVE-2021-4216
MISC
MISC
asp.net_core — miniblog.core Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. 2022-09-02 not yet calculated CVE-2022-37679
MISC
automationdirect — c-more_ea9_http_webserver
 
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; 2022-08-31 not yet calculated CVE-2022-2005
CONFIRM
automationdirect — directlogic
 
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; 2022-08-31 not yet calculated CVE-2022-2003
CONFIRM
CONFIRM
automationdirect — directlogic
 
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; 2022-08-31 not yet calculated CVE-2022-2004
CONFIRM
automationdirect — directlogic
 
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; 2022-08-31 not yet calculated CVE-2022-2006
CONFIRM
automationdirect — stride_field_i/o
 
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. 2022-08-31 not yet calculated CVE-2022-2485
CONFIRM
CONFIRM
avaya — ip_office_admin_lite_and_usb_creator
 
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. 2022-09-02 not yet calculated CVE-2021-25657
CONFIRM
binary — binary
 
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it’s possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. 2022-09-02 not yet calculated CVE-2022-36078
CONFIRM
MISC
MISC
blogengine — blogengine BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. 2022-09-02 not yet calculated CVE-2022-36600
MISC
blue_prism — blue_prism_enterprise An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. 2022-08-26 not yet calculated CVE-2022-36121
MISC
MISC
MISC
blue_prism — blue_prism_enterprise An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server’s settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. 2022-08-26 not yet calculated CVE-2022-36120
MISC
MISC
MISC
bluez — bluez BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. 2022-09-02 not yet calculated CVE-2022-39177
MISC
MISC
bluez — bluez BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. 2022-09-02 not yet calculated CVE-2022-39176
MISC
MISC
broadcom — symantec_privileged_access_management A malicious unauthorized PAM user can access the administration configuration data and change the values. 2022-08-26 not yet calculated CVE-2022-25625
MISC
canaan — avalon_asic_miner
 
An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. 2022-09-01 not yet calculated CVE-2022-36604
MISC
carel — pcoweb_hvac_bacnet_gateway
 
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 – B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the ‘file’ GET parameter through the ‘logdownload.cgi’ Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. 2022-08-31 not yet calculated CVE-2022-37122
MISC
MISC
MISC
centreon — centreon Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. 2022-08-29 not yet calculated CVE-2022-36194
MISC
MISC
clinic’s_patient_management_system — clinic’s_patient_management_system Clinic’s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. 2022-09-02 not yet calculated CVE-2022-36609
MISC
clusterlabs — hawk An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive “shell” that isn’t limited to the commands specified in hawk_invoke, allowing escalation to root. 2022-08-26 not yet calculated CVE-2021-3020
MISC
MISC
MISC
cobub — razor Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). 2022-08-30 not yet calculated CVE-2022-36747
MISC
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer’s boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. 2022-09-01 not yet calculated CVE-2022-36054
MISC
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet’s end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8. 2022-09-01 not yet calculated CVE-2022-36053
MISC
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8. 2022-09-01 not yet calculated CVE-2022-36052
MISC
CONFIRM
cskefu — cskefu Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. 2022-08-26 not yet calculated CVE-2022-36521
MISC
d-link — dir-816_a2 D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. 2022-08-31 not yet calculated CVE-2022-37129
MISC
MISC
d-link — dir-816_a2 In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. 2022-08-31 not yet calculated CVE-2022-37128
MISC
MISC
d-link — dir-816_a2 In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. 2022-08-31 not yet calculated CVE-2022-36619
MISC
MISC
d-link — dir-816_a2 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. 2022-08-31 not yet calculated CVE-2022-37125
MISC
MISC
d-link — dir-816_a2 In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability 2022-08-31 not yet calculated CVE-2022-37130
MISC
MISC
d-link — dir-816_a2 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. 2022-08-31 not yet calculated CVE-2022-37123
MISC
MISC
d-link — dir-816_a2
 
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/addRouting. 2022-08-31 not yet calculated CVE-2022-36620
MISC
MISC
d-link — dir845l D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. 2022-08-28 not yet calculated CVE-2022-38557
MISC
MISC
d-link — dir845l_a1 DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. 2022-08-28 not yet calculated CVE-2022-36756
MISC
MISC
d-link — dir845l_a1 D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. 2022-08-28 not yet calculated CVE-2022-36755
MISC
MISC
d-link — go-rt-ac750 D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, 2022-08-28 not yet calculated CVE-2022-37056
MISC
MISC
d-link — go-rt-ac750 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, 2022-08-28 not yet calculated CVE-2022-37055
MISC
MISC
d-link — go-rt-ac750 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. 2022-08-28 not yet calculated CVE-2022-37057
MISC
MISC
databasir — databasir
 
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. 2022-09-02 not yet calculated CVE-2022-31196
MISC
CONFIRM
MISC
debian — schroot Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. 2022-08-27 not yet calculated CVE-2022-2787
MISC
MISC
MISC
dedecms — dedecms DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. 2022-09-01 not yet calculated CVE-2022-36583
MISC
dell — cloudlink Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. 2022-09-01 not yet calculated CVE-2022-34379
CONFIRM
dell — cloudlink Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. 2022-09-01 not yet calculated CVE-2022-34380
CONFIRM
dell — command_integration_suite Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. 2022-08-31 not yet calculated CVE-2022-34373
CONFIRM
dell — container_storage_modules Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. 2022-08-30 not yet calculated CVE-2022-34374
MISC
dell — container_storage_modules
 
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. 2022-08-30 not yet calculated CVE-2022-34375
MISC
dell — edge_gateway
 
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. 2022-08-31 not yet calculated CVE-2022-34383
CONFIRM
dell — emc_data_protection_advisor
 
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2022-08-30 not yet calculated CVE-2022-33935
MISC
dell — emc_networker
 
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. 2022-08-30 not yet calculated CVE-2022-34368
MISC
dell — multiple_products Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. 2022-09-02 not yet calculated CVE-2022-34382
MISC
dell — powermax
 
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 2022-08-31 not yet calculated CVE-2022-31233
CONFIRM
dell — powerprotect Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality 2022-09-01 not yet calculated CVE-2022-34372
CONFIRM
dell — powerscale Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. 2022-09-02 not yet calculated CVE-2022-34371
MISC
dell — powerscale
 
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. 2022-09-02 not yet calculated CVE-2022-34369
MISC
dell — powerscale
 
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. 2022-09-02 not yet calculated CVE-2022-34378
MISC
dell — smartfabric_storage
 
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 2022-08-30 not yet calculated CVE-2022-31232
MISC
delta_electronics — cncsoft CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. 2022-08-31 not yet calculated CVE-2022-1405
MISC
delta_electronics — cncsoft
 
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-08-31 not yet calculated CVE-2022-1404
MISC
delta_electronics — robot_automation_studio Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. 2022-08-31 not yet calculated CVE-2022-2759
MISC
deluge-torrent — deluge_web-ui The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session. 2022-08-26 not yet calculated CVE-2021-3427
MISC
MISC
discourse — discourse Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. 2022-09-02 not yet calculated CVE-2022-37458
MISC
MISC
MISC
dlink — wireless_ac1200_dual_band_vdsl_adsl_modem_router_dsl-3782 D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. 2022-08-26 not yet calculated CVE-2022-35192
MISC
MISC
MISC
MISC
doctor’s_appointment_system — doctor’s_appointment_system Doctor’s Appointment System 1.0 is vulnerable to SQL Injection via booking.php has ?id=. 2022-08-31 not yet calculated CVE-2022-36201
MISC
MISC
MISC
doctor’s_appointment_system — doctor’s_appointment_system Doctor’s Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS. 2022-08-31 not yet calculated CVE-2022-36203
MISC
MISC
MISC
doctor’s_appointment_system — doctor’s_appointment_system Doctor’s Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. 2022-08-31 not yet calculated CVE-2022-36202
MISC
MISC
MISC
dpdk — dpdk A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. 2022-08-29 not yet calculated CVE-2022-0669
MISC
MISC
MISC
MISC
MISC
dpdk — dpdk
 
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. 2022-08-31 not yet calculated CVE-2022-2132
MISC
MISC
MLIST
dpdk– dpdk
 
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. 2022-09-01 not yet calculated CVE-2022-28199
MISC
draytek — vigor3910 An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. 2022-08-29 not yet calculated CVE-2022-32548
MISC
MISC
eclipse_foundation — jasminer-x4-server
 
The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands. 2022-09-01 not yet calculated CVE-2022-36601
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. 2022-08-26 not yet calculated CVE-2022-36544
MISC
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. 2022-08-26 not yet calculated CVE-2022-36548
MISC
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. 2022-08-26 not yet calculated CVE-2022-36543
MISC
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. 2022-08-26 not yet calculated CVE-2022-36545
MISC
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. 2022-08-26 not yet calculated CVE-2022-36546
MISC
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. 2022-08-26 not yet calculated CVE-2022-36547
MISC
MISC
edoc-doctor-appointment-system — edoc-doctor-appointment-system An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. 2022-08-26 not yet calculated CVE-2022-36542
MISC
MISC
ericsson — network_manager In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. 2022-08-26 not yet calculated CVE-2021-32570
MISC
MISC
eurosoft-uk — uefi_bootloader A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26 not yet calculated CVE-2022-34303
MISC
MISC
exotel — exotel The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. 2022-08-27 not yet calculated CVE-2022-38792
MISC
MISC
MISC
MISC
fast_food_ordering_system — fast_food_ordering_system A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability. 2022-08-27 not yet calculated CVE-2022-3015
N/A
fast_food_ordering_system — fast_food_ordering_system A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability. 2022-08-27 not yet calculated CVE-2022-3012
N/A
N/A
fatek — fvdesigner FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. 2022-08-31 not yet calculated CVE-2022-2866
CONFIRM
fiberhome — vdsl2_modem_hg150-ub_v3.0 In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. 2022-08-29 not yet calculated CVE-2022-36200
MISC
MISC
flux — flux
 
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. 2022-08-31 not yet calculated CVE-2022-36035
CONFIRM
MISC
font-converter — font-converter All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. 2022-08-29 not yet calculated CVE-2022-21165
CONFIRM
CONFIRM
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41783
MISC
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. 2022-08-29 not yet calculated CVE-2021-40326
MISC
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41784
MISC
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41785
MISC
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41782
MISC
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41781
MISC
foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41780
MISC
foxit — pdf_editor Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. 2022-08-29 not yet calculated CVE-2022-25641
MISC
freeciv — freeciv Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility’s handling of the modpack URL. 2022-08-31 not yet calculated CVE-2022-39047
MISC
MISC
MISC
MLIST
freedesktop — poppler Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. 2022-08-30 not yet calculated CVE-2022-38784
CONFIRM
MISC
MISC
CONFIRM
MISC
MLIST
froxlor — froxlor Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. 2022-08-28 not yet calculated CVE-2022-3017
CONFIRM
MISC
fuji_electric — alpha_7_pc_loader
 
Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. 2022-08-31 not yet calculated CVE-2022-1888
MISC
garage management system — garage management system The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. 2022-08-31 not yet calculated CVE-2022-37184
MISC
garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 2022-09-02 not yet calculated CVE-2022-36636
MISC
MISC
garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. 2022-09-02 not yet calculated CVE-2022-36637
MISC
MISC
garage_management_system — garage_management_system An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. 2022-09-02 not yet calculated CVE-2022-36638
MISC
MISC
garage_management_system — garage_management_system A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2022-09-02 not yet calculated CVE-2022-36639
MISC
MISC
garage_management_system — garage_management_system An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-08-31 not yet calculated CVE-2022-36582
MISC
gcc — gcc
 
In gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcp_store_vr_results function in gcc/ipa-cp.c. 2022-08-31 not yet calculated CVE-2020-35537
MISC
gcc — gcc
 
In gcc, an internal compiler error in match_reload function at lra-constraints.c may cause a crash through a crafted input file. 2022-08-31 not yet calculated CVE-2020-35536
MISC
gcc — libiberty
 
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. 2022-09-01 not yet calculated CVE-2021-3826
MISC
MISC
get-process-by-name — get-process-by-name All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. 2022-08-29 not yet calculated CVE-2022-25644
CONFIRM
CONFIRM
glyphandcog — xpdfreader In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the ‘interleaved’ flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. 2022-08-30 not yet calculated CVE-2022-24106
CONFIRM
CONFIRM
CONFIRM
CONFIRM
glyphandcog — xpdfreader Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. 2022-08-30 not yet calculated CVE-2022-24107
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gnu — binutils Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service. 2022-09-01 not yet calculated CVE-2022-38126
MISC
gnu — binutils A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data. 2022-09-01 not yet calculated CVE-2022-38127
MISC
gnu — binutils An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker. 2022-09-01 not yet calculated CVE-2022-38128
MISC
gnu — binutils In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. 2022-08-26 not yet calculated CVE-2022-38533
MISC
MISC
gnu — glibc An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. 2022-08-31 not yet calculated CVE-2022-39046
MISC
gnu — zgrep
 
An arbitrary file write vulnerability was found in GNU gzip’s zgrep utility. When zgrep is applied on the attacker’s chosen file name (for example, a crafted file name), this can overwrite an attacker’s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. 2022-08-31 not yet calculated CVE-2022-1271
MISC
MISC
MISC
MISC
MISC
MISC
MISC
grafana — image_renderer
 
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). 2022-09-02 not yet calculated CVE-2022-31176
CONFIRM
MISC
gvim — gvim An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. 2022-08-30 not yet calculated CVE-2022-37173
MISC
hashicorp — boundary
 
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2. 2022-09-01 not yet calculated CVE-2022-36130
MISC
MISC
hcltech — inotes HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. 2022-08-29 not yet calculated CVE-2022-27558
CONFIRM
hcltech — inotes HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. 2022-08-29 not yet calculated CVE-2022-27547
CONFIRM
hcltech — inotes HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s web browser within the security context of the hosting web site and/or steal the victim’s cookie-based authentication credentials. 2022-08-29 not yet calculated CVE-2022-27546
CONFIRM
hcltech — versionvault_express An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. 2022-08-30 not yet calculated CVE-2022-27563
MISC
hcltech — versionvault_express HCL VersionVault Express exposes administrator credentials. 2022-08-30 not yet calculated CVE-2022-27560
MISC
helm — helm
 
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `–set`, `–set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won’t create large arrays causing significant memory usage before passing them to the _strvals_ functions. 2022-09-01 not yet calculated CVE-2022-36055
MISC
CONFIRM
hgiga — oaklouds_portal OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. 2022-08-30 not yet calculated CVE-2022-38118
MISC
hitachi_kokusai_electric — isnex_hc-ip9100hd An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. 2022-08-29 not yet calculated CVE-2022-37680
MISC
MISC
hitachi_kokusai_electric — isnex_hc-ip9100hd Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. 2022-08-29 not yet calculated CVE-2022-37681
MISC
MISC
honeywell — experion_lx
 
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols’ functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service. 2022-08-31 not yet calculated CVE-2022-30317
MISC
MISC
honeywell — controledge
 
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service. 2022-08-31 not yet calculated CVE-2022-30318
MISC
MISC
horizondatasys — uefi_bootloader A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26 not yet calculated CVE-2022-34302
MISC
MISC
hpe — oneview
 
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. 2022-08-31 not yet calculated CVE-2022-28625
MISC
htmly — htmly htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. 2022-08-26 not yet calculated CVE-2021-40285
MISC
hytec_inter — hwl-2511-ss Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. 2022-08-29 not yet calculated CVE-2022-36555
MISC
MISC
MISC
hytec_inter — hwl-2511-ss A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. 2022-08-29 not yet calculated CVE-2022-36554
MISC
MISC
MISC
hytec_inter — hwl-2511-ss Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. 2022-08-29 not yet calculated CVE-2022-36553
MISC
MISC
MISC
ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. 2022-09-01 not yet calculated CVE-2021-29823
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. 2022-09-01 not yet calculated CVE-2020-4301
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. 2022-09-01 not yet calculated CVE-2022-30614
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. 2022-09-01 not yet calculated CVE-2022-36773
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. 2022-09-01 not yet calculated CVE-2021-39045
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. 2022-09-01 not yet calculated CVE-2021-39009
CONFIRM
XF
ibm — cognos_analytics
 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. 2022-09-01 not yet calculated CVE-2021-20468
CONFIRM
XF
ibm — datapower_gateway IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. 2022-08-26 not yet calculated CVE-2022-31773
XF
CONFIRM
ibm — engineering_test_management IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671. 2022-08-29 not yet calculated CVE-2021-38934
CONFIRM
XF
ibm — maximo_asset_management IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. 2022-08-26 not yet calculated CVE-2022-35714
CONFIRM
XF
ibm — security_identity_manager IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 2022-08-30 not yet calculated CVE-2021-29864
CONFIRM
XF
imagemagick — imagemagick A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. 2022-08-26 not yet calculated CVE-2021-3574
MISC
MISC
MISC
imagemagick — imagemagick A heap-based-buffer-over-read flaw was found in ImageMagick’s GetPixelAlpha() function of ‘pixel-accessor.h’. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. 2022-08-29 not yet calculated CVE-2022-0284
MISC
MISC
MISC
MISC
imagemagick — imagemagick
 
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. 2022-08-29 not yet calculated CVE-2022-1115
MISC
MISC
MISC
MISC
MISC
ingredients_stock_management_systemt — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. 2022-08-29 not yet calculated CVE-2022-36686
MISC
ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php. 2022-08-28 not yet calculated CVE-2022-36705
MISC
ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. 2022-08-29 not yet calculated CVE-2022-36687
MISC
ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. 2022-08-29 not yet calculated CVE-2022-36690
MISC
ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php. 2022-08-28 not yet calculated CVE-2022-36706
MISC
ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. 2022-08-29 not yet calculated CVE-2022-36689
MISC
ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. 2022-08-29 not yet calculated CVE-2022-36688
MISC
innosilicon — a10
 
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. 2022-09-01 not yet calculated CVE-2022-36602
MISC
innosilicon — t3t/t2t
 
InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. 2022-09-01 not yet calculated CVE-2022-36603
MISC
intelliants — subrion_cms Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field 2022-08-29 not yet calculated CVE-2022-37059
MISC
jcopy_sample_rows() — jcopy_sample_rows()
 
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. 2022-08-31 not yet calculated CVE-2020-35538
MISC
MISC
jgraph/drawi — jgraph/drawi
 
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. 2022-09-02 not yet calculated CVE-2022-3065
CONFIRM
MISC
joomla — joomla! An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing ‘_JEXEC or die check’ caused by the PSR12 changes. 2022-08-31 not yet calculated CVE-2022-27911
MISC
jsoup — jsoup jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: – disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs – ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.) 2022-08-29 not yet calculated CVE-2022-36033
CONFIRM
MISC
MISC
kensite_cms — kensite_cms Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. 2022-08-26 not yet calculated CVE-2022-36529
MISC
MISC
kidan — cryptopro_securedisk_for_bitlocker A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26 not yet calculated CVE-2022-34301
MISC
MISC
kirby — kirby
 
kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby’s API with the permissions of the victim. If bad actors gain access to your group of authenticated Panel users they can escalate their privileges via the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. The multiselect field allows selection of tags from an autocompleted list. Unfortunately, the Panel in Kirby 3.5 used HTML rendering for the raw option value. This allowed **attackers with influence on the options source** to store HTML code. The browser of the victim who visited a page with manipulated multiselect options in the Panel will then have rendered this malicious HTML code when the victim opened the autocomplete dropdown. Users are *not* affected by this vulnerability if you don’t use the multiselect field or don’t use it with options that can be manipulated by attackers. The problem has been patched in Kirby 3.5.8.1. 2022-08-29 not yet calculated CVE-2022-36037
MISC
CONFIRM
MISC
kkfileview — kkfileview
 
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. 2022-09-02 not yet calculated CVE-2022-36593
MISC
lexmark — multiple_products Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation. 2022-08-26 not yet calculated CVE-2022-29850
MISC
MISC
leyan — personnel_and_salary_management_system Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. 2022-08-30 not yet calculated CVE-2022-38116
MISC
libdwarf — libdwarf libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. 2022-09-02 not yet calculated CVE-2022-39170
MISC
MISC
libmodbus — libmodbus A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. 2022-08-29 not yet calculated CVE-2022-0367
MISC
MISC
MISC
MLIST
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php. 2022-08-28 not yet calculated CVE-2022-36708
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php. 2022-08-30 not yet calculated CVE-2022-36734
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. 2022-08-28 not yet calculated CVE-2022-36704
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php. 2022-08-30 not yet calculated CVE-2022-36709
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. 2022-08-30 not yet calculated CVE-2022-36735
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php. 2022-08-30 not yet calculated CVE-2022-36711
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php. 2022-08-30 not yet calculated CVE-2022-36712
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php. 2022-08-30 not yet calculated CVE-2022-36713
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php. 2022-08-30 not yet calculated CVE-2022-36730
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php. 2022-08-30 not yet calculated CVE-2022-36714
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. 2022-08-30 not yet calculated CVE-2022-36731
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. 2022-08-30 not yet calculated CVE-2022-36657
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php. 2022-08-30 not yet calculated CVE-2022-36733
MISC
library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. 2022-08-30 not yet calculated CVE-2022-36732
MISC
libraw — libraw
 
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. 2022-09-01 not yet calculated CVE-2020-35531
MISC
MISC
libraw — libraw
 
In LibRaw, there is a memory corruption vulnerability within the “crxFreeSubbandData()” function (libraw\src\decoders\crx.cpp) when processing cr3 files. 2022-09-01 not yet calculated CVE-2020-35534
MISC
MISC
libraw — libraw
 
In LibRaw, an out-of-bounds read vulnerability exists within the “LibRaw::adobe_copy_pixel()” function (libraw\src\decoders\dng.cpp) when reading data from the image file. 2022-09-01 not yet calculated CVE-2020-35533
MISC
MISC
libraw — libraw
 
In LibRaw, an out-of-bounds read vulnerability exists within the “simple_decode_row()” function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. 2022-09-01 not yet calculated CVE-2020-35532
MISC
MISC
libraw — libraw
 
In LibRaw, there is an out-of-bounds read vulnerability within the “LibRaw::parseSonySRF()” function (libraw\src\metadata\sony.cpp) when processing srf files. 2022-09-01 not yet calculated CVE-2020-35535
MISC
MISC
libraw — libraw
 
In LibRaw, there is an out-of-bounds write vulnerability within the “new_node()” function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. 2022-09-01 not yet calculated CVE-2020-35530
MISC
MISC
librenms — librenms LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. 2022-08-30 not yet calculated CVE-2022-36746
MISC
librenms — librenms LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. 2022-08-30 not yet calculated CVE-2022-36745
MISC
libtiff — libtiff There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 2022-08-31 not yet calculated CVE-2022-2519
MISC
MISC
libtiff — libtiff LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. 2022-08-29 not yet calculated CVE-2022-2953
MISC
MISC
CONFIRM
libtiff — libtiff
 
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. 2022-08-31 not yet calculated CVE-2022-2521
MISC
MISC
libtiff — libtiff
 
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. 2022-08-31 not yet calculated CVE-2022-2520
MISC
MISC
libvnclient — libvnclient
 
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). 2022-09-02 not yet calculated CVE-2020-29260
MISC
linksys — e1200 Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. 2022-08-28 not yet calculated CVE-2022-38555
MISC
MISC
linux — kernel An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. 2022-09-01 not yet calculated CVE-2022-2663
MISC
MISC
linux — kernel
 
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. 2022-08-31 not yet calculated CVE-2022-2590
MISC
MISC
linux — kernel
 
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-09-01 not yet calculated CVE-2022-2639
MISC
MISC
linux — linux_kernel An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 2022-09-02 not yet calculated CVE-2022-39190
MISC
MISC
MISC
MISC
linux — linux_kernel A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. 2022-08-29 not yet calculated CVE-2022-1204
MISC
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. 2022-08-26 not yet calculated CVE-2021-3864
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-08-29 not yet calculated CVE-2022-2961
MISC
linux — linux_kernel A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. 2022-08-26 not yet calculated CVE-2021-3669
MISC
MISC
MISC
MISC
linux — linux_kernel An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. 2022-08-29 not yet calculated CVE-2022-0400
MISC
MISC
MISC
linux — linux_kernel A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 2022-08-29 not yet calculated CVE-2022-21385
MISC
linux — linux_kernel A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. 2022-08-29 not yet calculated CVE-2022-1043
MISC
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 2022-09-02 not yet calculated CVE-2022-39188
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. 2022-08-29 not yet calculated CVE-2022-1184
MISC
MISC
MISC
linux — linux_kernel A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. 2022-08-26 not yet calculated CVE-2022-0168
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). 2022-08-26 not yet calculated CVE-2022-0171
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. 2022-08-29 not yet calculated CVE-2022-0480
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. 2022-09-02 not yet calculated CVE-2022-39189
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. 2022-08-31 not yet calculated CVE-2022-2153
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. 2022-09-01 not yet calculated CVE-2022-3078
MISC
linux — linux_kernel
 
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). 2022-09-01 not yet calculated CVE-2020-27784
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. 2022-08-31 not yet calculated CVE-2022-1976
MISC
linux — linux_kernel
 
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn’t check the value of ‘pixclock’, so it may cause a divide by zero error. 2022-09-01 not yet calculated CVE-2022-3061
MISC
linux — linux_kernel
 
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. 2022-08-29 not yet calculated CVE-2022-0850
MISC
MISC
MISC
MISC
linux — linux_kernel
 
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. 2022-08-31 not yet calculated CVE-2022-1975
MISC
linux — linux_kernel
 
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. 2022-08-29 not yet calculated CVE-2022-1198
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. 2022-08-31 not yet calculated CVE-2022-3028
MISC
MISC
FEDORA
FEDORA
FEDORA
linux — linux_kernel
 
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. 2022-09-01 not yet calculated CVE-2022-1729
MISC
MISC
linux — linux_kernel
 
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. 2022-08-31 not yet calculated CVE-2022-1247
MISC
MISC
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. 2022-08-31 not yet calculated CVE-2022-1205
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. 2022-08-29 not yet calculated CVE-2022-1199
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. 2022-08-31 not yet calculated CVE-2022-1974
MISC
linux — linux_kernel
 
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. 2022-08-31 not yet calculated CVE-2022-1508
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. 2022-08-29 not yet calculated CVE-2022-0812
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle ‘return’ with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. 2022-08-29 not yet calculated CVE-2022-1016
MISC
MISC
MISC
MISC
ls_industrial_systems — electric_plcs_and_xg5000_plc
 
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC’s password by sniffing the traffic. 2022-08-31 not yet calculated CVE-2022-2758
MISC
mariadb — mariadb In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. 2022-08-27 not yet calculated CVE-2022-38791
MISC
matrix — synapse
 
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. 2022-09-02 not yet calculated CVE-2022-31152
MISC
MISC
MISC
CONFIRM
mdx-mermaid — mdx-mermaid mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. 2022-08-29 not yet calculated CVE-2022-36036
CONFIRM
MISC
measuresoft — scadapro_server Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2892
MISC
measuresoft — scadapro_server Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2894
MISC
measuresoft — scadapro_server Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2895
MISC
measuresoft — scadapro_server Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2896
MISC
measuresoft — scadapro_server Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. 2022-08-31 not yet calculated CVE-2022-2897
MISC
measuresoft — scadapro_server Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. 2022-08-31 not yet calculated CVE-2022-2898
MISC
mediawiki — mediawiki An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. 2022-09-02 not yet calculated CVE-2022-39194
MISC
mikrotik — routeros Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. 2022-08-26 not yet calculated CVE-2022-36522
MISC
MISC
mit — krb5 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a “telnet/tcp server failing (looping), service terminated” error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. 2022-08-30 not yet calculated CVE-2022-39028
MISC
MISC
MISC
mm-wiki — mm-wiki mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. 2022-08-26 not yet calculated CVE-2021-39393
MISC
mm-wiki — mm-wiki mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. 2022-08-26 not yet calculated CVE-2021-39394
MISC
modsecurity — owasp-modsecurity-crs
 
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. 2022-09-02 not yet calculated CVE-2020-22669
CONFIRM
MISC
mongoose — mongoose Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution. 2022-08-26 not yet calculated CVE-2022-24304
MISC
CONFIRM
CONFIRM
morgan-json — morgan-json All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. 2022-08-29 not yet calculated CVE-2022-25921
CONFIRM
CONFIRM
moxa — nport_5110
 
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. 2022-08-31 not yet calculated CVE-2022-2044
MISC
moxa — nport_5110
 
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. 2022-08-31 not yet calculated CVE-2022-2043
MISC
msys2 — msys2 Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-37172
MISC
mybatis — mapper Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. 2022-09-02 not yet calculated CVE-2022-36594
MISC
next.js — next.js
 
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn’t being shared across requests. 2022-08-31 not yet calculated CVE-2022-36046
CONFIRM
MISC
nitrado.js — nitrado.js nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds. 2022-08-29 not yet calculated CVE-2022-36034
MISC
CONFIRM
node.js — node.js
 
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. 2022-09-02 not yet calculated CVE-2022-36076
MISC
CONFIRM
MISC
node.js — node.js
 
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability. 2022-08-31 not yet calculated CVE-2022-36045
MISC
CONFIRM
MISC
novel-plus — novel-plus Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. 2022-09-01 not yet calculated CVE-2022-36672
MISC
novel-plus — novel-plus Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. 2022-09-01 not yet calculated CVE-2022-36671
MISC
nvidia — nvflare NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-08-29 not yet calculated CVE-2022-34668
CONFIRM
oauth2-server — oauth2-server
 
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741. 2022-08-29 not yet calculated CVE-2020-26938
MISC
MISC
MISC
MISC
MISC
oliver_v5_library_server — oliver_v5_library_server
 
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. 2022-09-01 not yet calculated CVE-2021-45027
MISC
MISC
online_food_ordering system — online_food ordering_system
 
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. 2022-09-02 not yet calculated CVE-2022-36759
MISC
online_ordering_system — online_ordering_system Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. 2022-08-31 not yet calculated CVE-2022-36581
MISC
online_ordering_system — online_ordering_system An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. 2022-08-31 not yet calculated CVE-2022-36580
MISC
openscad — openscad A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. 2022-08-29 not yet calculated CVE-2022-0497
MISC
MISC
MISC
openscad — openscad A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). 2022-08-29 not yet calculated CVE-2022-0496
MISC
MISC
MISC
MISC
ovirt — vdsm A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. 2022-08-26 not yet calculated CVE-2022-0207
MISC
MISC
MISC
MISC
MISC
ovirt-log-collector/sosreport — ovirt-log-collector/sosreport
 
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev 2022-09-01 not yet calculated CVE-2022-2806
MISC
pagekit — pagekit A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. 2022-08-29 not yet calculated CVE-2022-36573
MISC
perl — strawberry_perl
 
Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36564
MISC
picuploader — picuploader PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. 2022-08-30 not yet calculated CVE-2022-36748
MISC
pinniped_supervisor — pinniped_supervisor
 
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. 2022-08-29 not yet calculated CVE-2022-31677
MISC
piwigo — piwigo Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. 2022-08-31 not yet calculated CVE-2022-37183
MISC
pkuvcl_davs2 — pkuvcl_davs2 PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. 2022-09-02 not yet calculated CVE-2022-36647
MISC
prestashop — prestashop
 
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator’s cookie. The issue is fixed in version 5.0.2. 2022-09-02 not yet calculated CVE-2022-35933
CONFIRM
MISC
prestashop– prestashop A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. 2022-08-29 not yet calculated CVE-2022-22897
MISC
prosody — prosody It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). 2022-08-26 not yet calculated CVE-2022-0217
MISC
MISC
MISC
publiccms — publiccms
 
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. 2022-09-02 not yet calculated CVE-2021-27693
MISC
MISC
python — python-scciclient
 
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server’s certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. 2022-09-01 not yet calculated CVE-2022-2996
MISC
qemu — qemu A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. 2022-08-29 not yet calculated CVE-2022-0358
MISC
MISC
MISC
qemu — qemu A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. 2022-08-26 not yet calculated CVE-2022-0216
MISC
MISC
MISC
MISC
MISC
qemu — qemu A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. 2022-08-26 not yet calculated CVE-2021-3735
MISC
MISC
MISC
qualcomm — snapdragon Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22061
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-25680
CONFIRM
qualcomm — snapdragon
 
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22106
CONFIRM
qualcomm — snapdragon
 
Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22067
CONFIRM
qualcomm — snapdragon
 
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22104
CONFIRM
qualcomm — snapdragon
 
Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22102
CONFIRM
qualcomm — snapdragon
 
Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22101
CONFIRM
qualcomm — snapdragon
 
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22100
CONFIRM
qualcomm — snapdragon
 
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22069
CONFIRM
qualcomm — snapdragon
 
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22099
CONFIRM
qualcomm — snapdragon
 
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22098
CONFIRM
qualcomm — snapdragon
 
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-09-02 not yet calculated CVE-2022-22062
CONFIRM
qualcomm — snapdragon
 
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT 2022-09-02 not yet calculated CVE-2022-22097
CONFIRM
qualcomm — snapdragon
 
Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22096
CONFIRM
qualcomm — snapdragon
 
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-09-02 not yet calculated CVE-2022-22080
CONFIRM
qualcomm — snapdragon
 
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22059
CONFIRM
qualcomm — snapdragon
 
Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22070
CONFIRM
qualcomm — snapdragon
 
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35135
CONFIRM
qualcomm — snapdragon
 
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35109
CONFIRM
qualcomm — snapdragon
 
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35134
CONFIRM
qualcomm — snapdragon
 
Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35133
CONFIRM
qualcomm — snapdragon
 
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35132
CONFIRM
qualcomm — snapdragon
 
Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35122
CONFIRM
qualcomm — snapdragon
 
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35113
CONFIRM
qualcomm — snapdragon
 
Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25657
CONFIRM
qualcomm — snapdragon
 
Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25658
CONFIRM
qualcomm — snapdragon
 
Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25659
CONFIRM
qualcomm — snapdragon
 
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25668
CONFIRM
qualcomm — snapdragon
 
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35097
CONFIRM
qualcomm — snapdragon
 
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35108
CONFIRM
realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. 2022-08-30 not yet calculated CVE-2022-26527
MISC
realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service. 2022-08-30 not yet calculated CVE-2022-25635
MISC
realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. 2022-08-30 not yet calculated CVE-2022-26529
MISC
realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. 2022-08-30 not yet calculated CVE-2022-26528
MISC
redhat — openshift_container_platform A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. 2022-09-01 not yet calculated CVE-2022-2403
MISC
MISC
redhat — podman The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. 2022-09-01 not yet calculated CVE-2022-2739
MISC
MISC
redhat — podman The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. 2022-09-01 not yet calculated CVE-2022-2738
MISC
MISC
redhat — clmg
 
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. 2022-08-31 not yet calculated CVE-2022-1325
MISC
MISC
MISC
MISC
MISC
MISC
redhat — convert2rhel
 
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. 2022-08-29 not yet calculated CVE-2022-0852
MISC
MISC
MISC
MISC
MISC
redhat — convert2rhel
 
There is a flaw in convert2rhel. When the –activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager. 2022-08-29 not yet calculated CVE-2022-0851
MISC
MISC
redhat — dnsmasq A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. 2022-08-29 not yet calculated CVE-2022-0934
MISC
MISC
MISC
MISC
redhat — fapolicyd A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. 2022-08-29 not yet calculated CVE-2022-1117
MISC
MISC
MISC
MISC
redhat — jboss_core_services_http_server A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. 2022-08-26 not yet calculated CVE-2021-3688
MISC
MISC
redhat — keycloak A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. 2022-08-26 not yet calculated CVE-2022-0225
MISC
MISC
redhat — keycloak A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. 2022-09-01 not yet calculated CVE-2022-2256
MISC
MISC
redhat — keycloak A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. 2022-08-26 not yet calculated CVE-2021-3632
MISC
MISC
MISC
MISC
MISC
redhat — keycloak A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. 2022-08-26 not yet calculated CVE-2021-3754
MISC
MISC
redhat — keycloak ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. 2022-08-26 not yet calculated CVE-2021-3856
MISC
MISC
MISC
MISC
MISC
redhat — kubernetes
 
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. 2022-09-01 not yet calculated CVE-2022-2238
MISC
MISC
redhat — kubernetes
 
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. 2022-09-01 not yet calculated CVE-2022-1902
MISC
MISC
MISC
redhat — kvm
 
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. 2022-08-31 not yet calculated CVE-2022-1263
MISC
MISC
MISC
MISC
redhat — libnbd A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. 2022-08-29 not yet calculated CVE-2022-0485
MISC
MISC
MISC
MISC
MISC
redhat — libtiff
 
A heap buffer overflow flaw was found in Libtiffs’ tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. 2022-08-31 not yet calculated CVE-2022-1354
MISC
MISC
MISC
MISC
redhat — libtiff
 
A stack buffer overflow flaw was found in Libtiffs’ tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. 2022-08-31 not yet calculated CVE-2022-1355
MISC
MISC
MISC
MISC
redhat — openshift
 
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router’s HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. 2022-09-01 not yet calculated CVE-2022-1677
MISC
MISC
redhat — openshift
 
OpenShift doesn’t properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route. 2022-08-31 not yet calculated CVE-2022-2220
MISC
redhat — openshift
 
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. 2022-09-01 not yet calculated CVE-2022-1632
MISC
MISC
redhat — openstack
 
A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender’s efforts to remove access. 2022-09-01 not yet calculated CVE-2022-2447
MISC
MISC
redhat — openstack-barbican
 
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. 2022-09-01 not yet calculated CVE-2022-23452
MISC
MISC
MISC
MISC
MISC
redhat — openstack-tripleo_heat_templates A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. 2022-08-26 not yet calculated CVE-2021-3585
MISC
MISC
MISC
MISC
MISC
redhat — openstack_keystone A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. 2022-08-26 not yet calculated CVE-2021-3563
MISC
MISC
MISC
MISC
redhat — postgresql
 
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user’s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. 2022-08-31 not yet calculated CVE-2022-1552
MISC
MISC
MISC
MISC
redhat — python-oslo-utils A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( ” ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. 2022-08-29 not yet calculated CVE-2022-0718
MISC
MISC
MISC
MISC
MISC
redhat — quarkus
 
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. 2022-08-31 not yet calculated CVE-2022-2466
MISC
redhat — satellite A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. 2022-08-26 not yet calculated CVE-2021-3414
MISC
MISC
redhat — serverless It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. 2022-08-26 not yet calculated CVE-2021-3703
MISC
MISC
redhat — undertow A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. 2022-08-26 not yet calculated CVE-2021-3859
MISC
MISC
MISC
MISC
MISC
redhat — undertow
 
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. 2022-08-31 not yet calculated CVE-2022-1259
MISC
MISC
redhat — undertow
 
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. 2022-08-31 not yet calculated CVE-2022-1319
MISC
MISC
MISC
MISC
MISC
redhat — vdpa
 
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. 2022-09-01 not yet calculated CVE-2022-2308
MISC
redhat — wildfly-core A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. 2022-08-26 not yet calculated CVE-2021-3644
MISC
MISC
MISC
MISC
MISC
MISC
redhat — xino A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. 2022-08-26 not yet calculated CVE-2022-0084
MISC
MISC
MISC
MISC
redhat — xorg-x11-server
 
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. 2022-09-01 not yet calculated CVE-2022-2320
MISC
MISC
MISC
redhat — xorg-x11-server
 
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. 2022-09-01 not yet calculated CVE-2022-2319
MISC
MISC
redhat–undertow
 
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. 2022-09-01 not yet calculated CVE-2022-2764
MISC
rengine — rengine
 
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. 2022-08-31 not yet calculated CVE-2022-36566
MISC
rosariosis — rosariosis Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. 2022-09-01 not yet calculated CVE-2022-3072
CONFIRM
MISC
rpi-jukebox-rfid — rpi-jukebox-rfid
 
RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. 2022-08-30 not yet calculated CVE-2022-36749
MISC
rpm — rpm It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2022-08-26 not yet calculated CVE-2021-35939
MISC
MISC
MISC
MISC
MISC
rubrik — cdm A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent. 2022-08-26 not yet calculated CVE-2022-30984
MISC
MISC
rubyinstaller — rubyinstaller2
 
Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36562
MISC
rubyinstaller — rubyinstaller2
 
Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36563
MISC
samba — samba The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. 2022-08-29 not yet calculated CVE-2022-0336
MISC
MISC
MISC
MISC
MISC
MISC
samba — samba
 
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. 2022-09-01 not yet calculated CVE-2022-1615
MISC
MISC
samba — samba
 
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. 2022-09-01 not yet calculated CVE-2022-32743
MISC
MISC
samsung — mtower
 
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. 2022-09-01 not yet calculated CVE-2022-36621
MISC
MISC
MISC
samsung — mtower
 
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. 2022-09-01 not yet calculated CVE-2022-36622
MISC
MISC
MISC
MISC
sangoma — asterix
 
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. 2022-08-30 not yet calculated CVE-2021-46837
MISC
seiko_solutions — skybridge_mb-a100 Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. 2022-08-29 not yet calculated CVE-2022-36556
MISC
MISC
seiko_solutions — skybridge_mb-a100 Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. 2022-08-29 not yet calculated CVE-2022-36557
MISC
MISC
seiko_solutions — skybridge_mb-a200 Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. 2022-08-29 not yet calculated CVE-2022-36559
MISC
MISC
seiko_solutions — skybridge_mb-a200 Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. 2022-08-29 not yet calculated CVE-2022-36560
MISC
MISC
seiko_solutions– skybridge_mb-a100 Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. 2022-08-29 not yet calculated CVE-2022-36558
MISC
MISC
sensormatic_electronics — istar_ultra
 
All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated user root access to the system. 2022-08-31 not yet calculated CVE-2022-21941
CERT
CONFIRM
sftpgo — sftpgo
 
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user’s password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. 2022-09-02 not yet calculated CVE-2022-36071
MISC
CONFIRM
simple_task_managing_system — simple_task_managing_system A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423. 2022-08-27 not yet calculated CVE-2022-3013
N/A
simple_task_managing_system — simple_task_managing_system A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424. 2022-08-27 not yet calculated CVE-2022-3014
N/A
N/A
simple_task_scheduling_system — simple_task_scheduling_system Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. 2022-09-01 not yet calculated CVE-2022-36674
MISC
simple_task_scheduling_system — simple_task_scheduling_system Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. 2022-09-01 not yet calculated CVE-2022-36676
MISC
simple_task_scheduling_system — simple_task_scheduling_system Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. 2022-09-01 not yet calculated CVE-2022-36675
MISC
sinsiu — enterprise_website_system Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. 2022-08-29 not yet calculated CVE-2022-36572
MISC
siteservercms — siteservercms SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. 2022-08-26 not yet calculated CVE-2022-36226
MISC
MISC
snakeyaml — snakeyaml The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. 2022-08-30 not yet calculated CVE-2022-25857
CONFIRM
CONFIRM
CONFIRM
CONFIRM
snipeitapp — snipe-it Cross-site Scripting (XSS) – Stored in GitHub repository snipe/snipe-it prior to v6.0.11. 2022-08-29 not yet calculated CVE-2022-3035
MISC
CONFIRM
sonicwall — sma100 A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. 2022-08-26 not yet calculated CVE-2022-2915
CONFIRM
sourcecodester — expense_management_system Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. 2022-09-02 not yet calculated CVE-2022-36754
MISC
sqlite — sqlite
 
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. 2022-09-01 not yet calculated CVE-2020-35527
MISC
sqlite — sqlite
 
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. 2022-09-01 not yet calculated CVE-2020-35525
MISC
subsys/net/ip/tcp.c — subsys/net/ip/tcp.c
 
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. 2022-08-31 not yet calculated CVE-2022-1841
MISC
tcpdump — tcpdump The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. 2022-08-27 not yet calculated CVE-2019-15167
CONFIRM
telos_alliance — omnia mpx node A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. 2022-09-02 not yet calculated CVE-2022-36642
MISC
MISC
MISC
MISC
tenda — ac6(ac1200) Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. 2022-08-30 not yet calculated CVE-2022-36552
MISC
MISC
MISC
tenda — ac6(ac1200) Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard. 2022-08-30 not yet calculated CVE-2022-37176
MISC
MISC
MISC
tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. 2022-08-31 not yet calculated CVE-2022-36570
MISC
tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. 2022-08-31 not yet calculated CVE-2022-36571
MISC
tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. 2022-08-31 not yet calculated CVE-2022-36568
MISC
tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. 2022-08-31 not yet calculated CVE-2022-36569
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. 2022-08-28 not yet calculated CVE-2022-38563
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. 2022-08-28 not yet calculated CVE-2022-38564
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. 2022-08-28 not yet calculated CVE-2022-38565
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. 2022-08-28 not yet calculated CVE-2022-38566
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. 2022-08-28 not yet calculated CVE-2022-38567
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. 2022-08-28 not yet calculated CVE-2022-38568
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. 2022-08-28 not yet calculated CVE-2022-38569
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. 2022-08-28 not yet calculated CVE-2022-38570
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. 2022-08-28 not yet calculated CVE-2022-38571
MISC
tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. 2022-08-28 not yet calculated CVE-2022-38562
MISC
tenda — tx9pro Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. 2022-08-29 not yet calculated CVE-2022-38510
MISC
theforeman — foreman A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2022-08-26 not yet calculated CVE-2021-20260
MISC
MISC
tooljet — tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id’s might also be an option but I wouldn’t count on it, since it would take a long time to find a valid one). 2022-08-29 not yet calculated CVE-2022-3019
MISC
CONFIRM
totolink — a3000ru TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36615
MISC
totolink — a7000r
 
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. 2022-08-29 not yet calculated CVE-2022-32993
MISC
MISC
totolink — a720r TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36610
MISC
totolink — a800r TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36611
MISC
totolink — a810r TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. 2022-08-29 not yet calculated CVE-2022-38511
MISC
totolink — a810r TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36616
MISC
totolink — a860r TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36614
MISC
totolink — a950rg TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36612
MISC
totolink — n600r TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36613
MISC
trellix — dlp_endpoint_for_windows
 
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 and 11.6.600 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn’t usually have access to via a carefully constructed XML file, which the DLP Agent doesn’t parse correctly. 2022-08-30 not yet calculated CVE-2022-2330
CONFIRM
trendnet — tew733gr Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. 2022-08-28 not yet calculated CVE-2022-38556
MISC
trendnet — tew733gr TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. 2022-08-28 not yet calculated CVE-2022-37053
MISC
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0322. 2022-08-30 not yet calculated CVE-2022-3037
CONFIRM
MISC
FEDORA
FEDORA
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0286. 2022-08-28 not yet calculated CVE-2022-3016
CONFIRM
MISC
vim — vim
 
Use After Free in GitHub repository vim/vim prior to 9.0.0360. 2022-09-03 not yet calculated CVE-2022-3099
CONFIRM
MISC
virglrenderer — virglrenderer A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. 2022-08-26 not yet calculated CVE-2022-0175
MISC
MISC
MISC
MISC
MISC
wamp — wamp_server
 
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36565
MISC
wavlink — router WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter. 2022-08-30 not yet calculated CVE-2022-37149
MISC
weaveworks — gitops_enterprise Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim’s permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource. 2022-09-01 not yet calculated CVE-2022-38790
MISC
MISC
MISC
MISC
wolfssl — wolfssl An issue was discovered in wolfSSL before 5.5.0 (when –enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a “free(): invalid pointer” message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. 2022-08-31 not yet calculated CVE-2022-38153
MISC
CONFIRM
MISC
MISC
wolfssl — wolfssl
 
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. 2022-09-02 not yet calculated CVE-2021-44718
MISC
MISC
wolfssl — wolfssl
 
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL’s compatibility layer and is not enabled by default. It is not part of wolfSSL’s native API. 2022-08-31 not yet calculated CVE-2022-38152
MISC
CONFIRM
MISC
MISC
wordpress — wordpress The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting 2022-08-29 not yet calculated CVE-2022-2538
MISC
wordpress — wordpress The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example 2022-08-29 not yet calculated CVE-2022-2556
MISC
wordpress — wordpress The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. 2022-08-29 not yet calculated CVE-2022-1663
MISC
wordpress — wordpress The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers 2022-08-29 not yet calculated CVE-2022-2034
MISC
MISC
wordpress — wordpress The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student 2022-08-29 not yet calculated CVE-2022-2080
MISC
MISC
wordpress — wordpress The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server 2022-08-29 not yet calculated CVE-2022-2638
MISC
wordpress — wordpress The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting 2022-08-29 not yet calculated CVE-2022-2599
MISC
wordpress — wordpress The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users 2022-08-29 not yet calculated CVE-2022-2559
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. 2022-09-01 not yet calculated CVE-2022-36796
CONFIRM
CONFIRM
wordpress — wordpress The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. 2022-08-29 not yet calculated CVE-2022-2261
MISC
wordpress — wordpress The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-08-29 not yet calculated CVE-2022-2374
MISC
wordpress — wordpress The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example 2022-08-29 not yet calculated CVE-2022-2267
MISC
wordpress — wordpress The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address 2022-08-29 not yet calculated CVE-2022-2373
MISC
wordpress — wordpress The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. 2022-08-29 not yet calculated CVE-2022-2537
MISC
wordpress — wordpress Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. 2022-09-01 not yet calculated CVE-2022-36355
CONFIRM
CONFIRM
wordpress — wordpress The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. 2022-08-29 not yet calculated CVE-2022-1123
MISC
wordpress — wordpress Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. 2022-09-01 not yet calculated CVE-2022-36373
CONFIRM
CONFIRM
wuzhicms — wuzhicms A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: 2022-08-26 not yet calculated CVE-2022-36168
MISC
MISC
x-data-spreadsheet — x-data-spreadsheet All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. 2022-08-30 not yet calculated CVE-2022-25646
CONFIRM
CONFIRM
CONFIRM
xpdfreader — xpdf XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. 2022-08-30 not yet calculated CVE-2022-36561
MISC
zaver — zaver Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. 2022-08-27 not yet calculated CVE-2022-38794
MISC
zitadel — zitadel
 
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update. 2022-08-31 not yet calculated CVE-2022-36051
MISC
MISC
CONFIRM
zkoss — zk_framework ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. 2022-08-26 not yet calculated CVE-2022-36537
MISC
zlmediakit — zlmediakit_server An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. 2022-08-30 not yet calculated CVE-2022-37237
MISC
zohocorp — multiple_products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. 2022-08-29 not yet calculated CVE-2022-38772
MISC
MISC
zulip — zulip
 
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. 2022-08-29 not yet calculated CVE-2022-35962
CONFIRM
MISC
MISC
zulip — zulip
 
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer’s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected. 2022-08-31 not yet calculated CVE-2022-36048
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn