US-CERT Bulletin (SB22-108)yokogawa — centum:Vulnerability Summary for the Week of April 11, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dell — emc_unity_operating_environment Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. 2022-04-08 10 CVE-2021-36287
MISC
foscam — fi9805e_firmware FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. 2022-04-08 10 CVE-2021-43517
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access 2022-04-08 10 CVE-2022-26854
MISC
kevinlab — 4st_l-bems An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. 2022-04-11 9 CVE-2021-37292
MISC
MISC
ritecms — ritecms RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. 2022-04-08 9 CVE-2021-46367
MISC
MISC
MISC
MISC
trendmicro — antivirus_for_mac A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. 2022-04-09 8.5 CVE-2022-27883
N/A
N/A
zyxel — vmg3312-t20a_firmware A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. 2022-04-11 7.7 CVE-2022-26413
CONFIRM
kevinlab — 4st_l-bems An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. 2022-04-11 7.5 CVE-2021-37291
MISC
MISC
laravel — laravel A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php. 2022-04-08 7.5 CVE-2021-43503
MISC
stopbadbots — block_and_stop_bad_bots The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection 2022-04-11 7.5 CVE-2022-0949
MISC
mruby — mruby Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. 2022-04-10 7.5 CVE-2022-1276
MISC
CONFIRM
school_club_application_system_project — school_club_application_system A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. 2022-04-09 7.5 CVE-2022-1287
N/A
fullpage_project — fullpage Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. 2022-04-11 7.5 CVE-2022-1295
CONFIRM
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. 2022-04-08 7.5 CVE-2022-26852
MISC
moguit — mogu_blog_cms mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. 2022-04-08 7.5 CVE-2022-27047
MISC
std42 — elfinder In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. 2022-04-11 7.5 CVE-2022-27115
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. 2022-04-10 7.5 CVE-2022-27126
MISC
zbzcms — zbzcms An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. 2022-04-10 7.5 CVE-2022-27128
MISC
zbzcms — zbzcms An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-10 7.5 CVE-2022-27129
MISC
zbzcms — zbzcms An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-10 7.5 CVE-2022-27131
MISC
zoo_management_system_project — zoo_management_system Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 7.5 CVE-2022-27351
MISC
MISC
MISC
ecommerce-website_project — ecommerce-website Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 7.5 CVE-2022-27357
MISC
MISC
MISC
newbee-mall_project — newbee-mall Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. 2022-04-10 7.5 CVE-2022-27477
MISC
movie_seat_reservation_project — movie_seat_reservation Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. 2022-04-08 7.5 CVE-2022-28001
MISC
MISC
zyxel — zyxel_ap_configurator A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. 2022-04-11 7.2 CVE-2022-0556
CONFIRM
google — android In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418. 2022-04-11 7.2 CVE-2022-20062
MISC
google — android In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. 2022-04-11 7.2 CVE-2022-20064
MISC
fujitsu — plugfree_network In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. 2022-04-11 7.2 CVE-2022-27089
MISC
linux — linux_kernel The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. 2022-04-11 7.2 CVE-2022-28893
MISC
MLIST
MLIST
MLIST
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642. 2022-04-11 6.9 CVE-2022-20052
MISC
google — android In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715. 2022-04-11 6.9 CVE-2022-20063
MISC
linux — linux_kernel jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. 2022-04-08 6.9 CVE-2022-28796
MISC
MISC
ibm — sterling_b2b_integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. 2022-04-08 6.8 CVE-2020-4668
XF
CONFIRM
webmin — webmin A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. 2022-04-11 6.8 CVE-2021-32156
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. 2022-04-11 6.8 CVE-2021-32157
MISC
webmin — webmin A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. 2022-04-11 6.8 CVE-2021-32159
MISC
webmin — webmin A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. 2022-04-11 6.8 CVE-2021-32162
MISC
libsixel_project — libsixel libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. 2022-04-08 6.8 CVE-2021-40656
MISC
libsixel_project — libsixel libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. 2022-04-08 6.8 CVE-2021-41715
MISC
kimai — kimai CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. 2022-04-08 6.8 CVE-2021-43515
MISC
zzcms — zzcms An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. 2022-04-08 6.8 CVE-2021-46436
MISC
qdpm — qdpm qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. 2022-04-08 6.8 CVE-2022-26180
MISC
MISC
libsixel_project — libsixel libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. 2022-04-08 6.8 CVE-2022-27044
MISC
libsixel_project — libsixel libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. 2022-04-08 6.8 CVE-2022-27046
MISC
bolt — bolt_cms Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. 2022-04-11 6.5 CVE-2021-40219
MISC
MISC
MISC
MISC
elbtide — advanced_booking_calendar The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks 2022-04-11 6.5 CVE-2022-1006
MISC
CONFIRM
ocdi — one_click_demo_import The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed 2022-04-11 6.5 CVE-2022-1008
MISC
CONFIRM
secondlinethemes — podcast_importer_secondline The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file 2022-04-11 6.5 CVE-2022-1023
CONFIRM
MISC
ibm — planning_analytics IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. 2022-04-08 6.5 CVE-2022-22339
XF
CONFIRM
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. 2022-04-08 6.5 CVE-2022-24428
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27061
MISC
MISC
MISC
musical_world_project — musical_world Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27064
MISC
MISC
MISC
ecommerce-website_project — ecommerce-website Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27346
MISC
MISC
MISC
socialcodia — social_codia_sms Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27349
MISC
MISC
MISC
simple_house_rental_system_project — simple_house_rental_system Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-08 6.5 CVE-2022-27352
MISC
MISC
MISC
zoo_management_system_project — zoo_management_system Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. 2022-04-08 6.5 CVE-2022-27992
MISC
MISC
car_rental_system_project — car_rental_system Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. 2022-04-08 6.5 CVE-2022-28000
MISC
MISC
dell — emc_unity_operating_environment Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files 2022-04-08 6.4 CVE-2021-36288
MISC
huawei — emui The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. 2022-04-11 6.4 CVE-2021-46742
MISC
MISC
radare — radare2 Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. 2022-04-11 6.4 CVE-2022-1296
CONFIRM
MISC
radare — radare2 Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. 2022-04-11 6.4 CVE-2022-1297
MISC
CONFIRM
dell — emc_powerscale_onefs Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. 2022-04-08 6.4 CVE-2022-26851
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. 2022-04-10 6.4 CVE-2022-27127
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. 2022-04-10 6.4 CVE-2022-27133
MISC
lua — lua singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. 2022-04-08 6.4 CVE-2022-28805
MISC
MISC
MISC
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There’s no easy workaround for this issue, administrators should upgrade their wiki. 2022-04-08 5.5 CVE-2022-24821
MISC
CONFIRM
febs-security_project — febs-security Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users’ personal information. 2022-04-10 5.5 CVE-2022-27958
MISC
ofcms_project — ofcms Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users’ personal information. 2022-04-10 5.5 CVE-2022-27960
MISC
claro — kaon_cg3000_firmware An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. 2022-04-08 5.2 CVE-2021-43483
MISC
ibm — system_storage_ds8000_management_console_firmware IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. 2022-04-11 5 CVE-2021-38929
CONFIRM
XF
ibm — system_storage_ds8000_management_console_firmware IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. 2022-04-11 5 CVE-2021-38930
CONFIRM
XF
huawei — emui The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 5 CVE-2021-40065
MISC
MISC
atutor — atutor An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. 2022-04-08 5 CVE-2021-43498
MISC
MISC
zlog_project — zlog A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. 2022-04-08 5 CVE-2021-43521
MISC
MISC
huawei — emui The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 5 CVE-2021-46740
MISC
MISC
wpdownloadmanager — wordpress_download_manager The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. 2022-04-11 5 CVE-2022-0828
MISC
salonbookingsystem — salon_booking_system The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other’s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. 2022-04-11 5 CVE-2022-0919
MISC
salonbookingsystem — salon_booking_system The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer’s data 2022-04-11 5 CVE-2022-0920
MISC
nsthemes — ns_watermark_for_woocommerce An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. 2022-04-11 5 CVE-2022-0989
MISC
pimcore — pimcore SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data 2022-04-08 5 CVE-2022-1219
MISC
CONFIRM
gnuboard — gnuboard5 Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the ‘Let others see my information.’ box is ticked off. 2022-04-11 5 CVE-2022-1252
CONFIRM
MISC
xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. 2022-04-08 5 CVE-2022-24819
CONFIRM
MISC
os4ed — opensis Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. 2022-04-11 5 CVE-2022-27041
MISC
movie_seat_reservation_project — movie_seat_reservation Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. 2022-04-08 5 CVE-2022-28002
MISC
MISC
reprisesoftware — reprise_license_manager Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. 2022-04-09 5 CVE-2022-28365
MISC
MISC
MISC
zyxel — vmg3312-t20a_firmware A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. 2022-04-11 4.9 CVE-2022-26414
CONFIRM
dell — emc_unity_operating_environment Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. 2022-04-08 4.6 CVE-2021-36290
MISC
dell — emc_unity_operating_environment Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. 2022-04-08 4.6 CVE-2021-36293
MISC
ivanti — dsm_remote Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. 2022-04-11 4.6 CVE-2022-27088
MISC
pickplugins — post_grid The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form 2022-04-11 4.3 CVE-2021-24986
MISC
heateor — super_socializer The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. 2022-04-11 4.3 CVE-2021-24987
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. 2022-04-11 4.3 CVE-2021-32158
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. 2022-04-11 4.3 CVE-2021-32160
MISC
webmin — webmin A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. 2022-04-11 4.3 CVE-2021-32161
MISC
baijiacms_project — baijiacms An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password. 2022-04-11 4.3 CVE-2021-34250
MISC
opservices — opmon A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. 2022-04-08 4.3 CVE-2021-43009
MISC
MISC
thimpress — learnpress The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0271
MISC
presscustomizr — nimble_page_builder The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0314
MISC
realfavicongenerator — favicon_by_realfavicongenerator The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue 2022-04-11 4.3 CVE-2022-0471
MISC
CONFIRM
wpvivid — migration\,_backup\,_staging The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0531
MISC
atlasgondal — export_all_urls The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-04-11 4.3 CVE-2022-0892
MISC
atlasgondal — export_all_urls The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example 2022-04-11 4.3 CVE-2022-0914
MISC
elbtide — advanced_booking_calendar The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-04-11 4.3 CVE-2022-1007
MISC
CONFIRM
radare — radare2 NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash). 2022-04-08 4.3 CVE-2022-1283
CONFIRM
MISC
radare — radare2 heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. 2022-04-08 4.3 CVE-2022-1284
CONFIRM
MISC
school_club_application_system_project — school_club_application_system A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. 2022-04-09 4.3 CVE-2022-1288
N/A
onlyoffice — document_server A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. 2022-04-08 4.3 CVE-2022-24229
MISC
MISC
MISC
icehrm — icehrm A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. 2022-04-08 4.3 CVE-2022-26588
MISC
MISC
getbootstrap — bootstrap Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. 2022-04-08 4.3 CVE-2022-26624
MISC
MISC
asana — desktop Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. 2022-04-09 4.3 CVE-2022-26877
MISC
CONFIRM
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. 2022-04-08 4.3 CVE-2022-27063
MISC
MISC
MISC
zbzcms — zbzcms zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. 2022-04-10 4.3 CVE-2022-27125
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. 2022-04-08 4.3 CVE-2022-27145
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. 2022-04-08 4.3 CVE-2022-27146
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. 2022-04-08 4.3 CVE-2022-27147
MISC
gpac — gpac GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. 2022-04-08 4.3 CVE-2022-27148
MISC
reprisesoftware — reprise_license_manager Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. 2022-04-09 4.3 CVE-2022-28363
MISC
MISC
MISC
kevinlab — 4st_l-bems A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. 2022-04-11 4 CVE-2021-37293
MISC
MISC
webence — iq_block_country The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to “Zip Slip” vulnerability. 2022-04-11 4 CVE-2022-0246
MISC
online_banking_system_project — online_banking_system Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. 2022-04-08 4 CVE-2022-27991
MISC
jetbrains — ktor In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren’t using SecureRandom implementations 2022-04-11 4 CVE-2022-29035
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wpsofts — portfolio_gallery\,_product_catalog_-_grid_kit_portfolio The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed 2022-04-11 3.5 CVE-2021-25090
MISC
premio — chaty Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 2022-04-11 3.5 CVE-2021-36846
CONFIRM
CONFIRM
sharethis — social_media_feather Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 2022-04-11 3.5 CVE-2021-36848
CONFIRM
CONFIRM
wpdarko — responsive_tabs Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 2022-04-11 3.5 CVE-2021-36893
CONFIRM
CONFIRM
w3eden — pricing_table Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 2022-04-11 3.5 CVE-2021-36896
CONFIRM
CONFIRM
wp-appbox_project — wp-appbox Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. 2022-04-11 3.5 CVE-2021-36910
CONFIRM
CONFIRM
ibm — curam_social_program_management IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. 2022-04-11 3.5 CVE-2021-39068
XF
CONFIRM
zzcms — zzcms An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. 2022-04-08 3.5 CVE-2021-46437
MISC
pickplugins — post_grid The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting 2022-04-11 3.5 CVE-2022-0447
MISC
pootlepress — easy_smooth_scroll_links The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-11 3.5 CVE-2022-0728
MISC
cybernetikz — easy_social_icons The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. 2022-04-11 3.5 CVE-2022-0840
MISC
autolabproject — autolab Cross-site Scripting (XSS) – Stored in GitHub repository autolab/autolab prior to 2.8.0. 2022-04-11 3.5 CVE-2022-0936
MISC
CONFIRM
vertistudio — image_optimization_\&_lazy_load_by_optimole The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its “Lazyload background images for selectors” settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-11 3.5 CVE-2022-0969
CONFIRM
MISC
trudesk_project — trudesk Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. 2022-04-11 3.5 CVE-2022-1045
CONFIRM
MISC
tableexport.jquery.plugin_project — tableexport.jquery.plugin XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers 2022-04-10 3.5 CVE-2022-1291
CONFIRM
MISC
ivanti — incapptic_connect An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. 2022-04-11 3.5 CVE-2022-22571
MISC
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. 2022-04-08 3.5 CVE-2022-27062
MISC
MISC
MISC
jflyfox — jfinal_cms Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. 2022-04-11 3.5 CVE-2022-27111
MISC
thedaylightstudio — fuel_cms Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. 2022-04-11 3.5 CVE-2022-27156
MISC
socialcodia — social_codia_sms Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. 2022-04-08 3.5 CVE-2022-27348
MISC
MISC
MISC
ofcms_project — ofcms A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. 2022-04-10 3.5 CVE-2022-27961
MISC
reprisesoftware — reprise_license_manager Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. 2022-04-09 3.5 CVE-2022-28364
MISC
MISC
MISC
roku — roku_os Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. 2022-04-08 2.7 CVE-2022-27152
MISC
dell — emc_powerscale_onefs Dell EMC Powerscale OneFS 8.2.x – 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. 2022-04-08 2.1 CVE-2022-22563
MISC
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. 2022-04-08 2.1 CVE-2022-26855
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
python — python
 
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). 2022-04-13 not yet calculated CVE-2015-20107
MISC
MISC
scheider_electric — sut_service
 
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0) 2022-04-13 not yet calculated CVE-2019-6834
MISC
bbraun — melsungen_ag_spacecom
 
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. 2022-04-14 not yet calculated CVE-2020-16238
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. 2022-04-14 not yet calculated CVE-2020-25150
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. 2022-04-14 not yet calculated CVE-2020-25152
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. 2022-04-14 not yet calculated CVE-2020-25154
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. 2022-04-14 not yet calculated CVE-2020-25156
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. 2022-04-14 not yet calculated CVE-2020-25158
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. 2022-04-14 not yet calculated CVE-2020-25160
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. 2022-04-14 not yet calculated CVE-2020-25162
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. 2022-04-14 not yet calculated CVE-2020-25164
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. 2022-04-14 not yet calculated CVE-2020-25166
CONFIRM
CONFIRM
bbraun — melsungen_ag_spacecom
 
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. 2022-04-14 not yet calculated CVE-2020-25168
CONFIRM
CONFIRM
fossies — froxlor
 
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. 2022-04-13 not yet calculated CVE-2020-29653
MISC
MISC
MISC
android — android
 
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114 2022-04-12 not yet calculated CVE-2021-0694
MISC
android — android
 
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-0707
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21914
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21938
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21939
MISC
accusoft — imagegear
 
An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21942
MISC
accusoft — imagegear
 
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21943
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21944
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21945
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21946
MISC
accusoft — imagegear
 
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder 2022-04-14 not yet calculated CVE-2021-21947
MISC
anycubic — chitubox_anycubic_plugin
 
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21948
MISC
accusoft — imagegear
 
An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21949
MISC
cloudlinux_inc — imunify360
 
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21956
MISC
sealevel_systems — seaconnect_370w
 
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-21967
MISC
vmware — photon
 
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. 2022-04-11 not yet calculated CVE-2021-22055
MISC
schneider_electric — struxureware_data_center_expert
 
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) 2022-04-13 not yet calculated CVE-2021-22794
MISC
schneider_electric — struxureware_data_center_expert
 
A CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) 2022-04-13 not yet calculated CVE-2021-22795
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions) 2022-04-13 not yet calculated CVE-2021-22797
MISC
arista — eos
 
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. 2022-04-14 not yet calculated CVE-2021-28505
MISC
apache — subversion_svn
 
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal ‘copyfrom’ paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the ‘copyfrom’ path of the original. This also reveals the fact that the node was copied. Only the ‘copyfrom’ path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. 2022-04-12 not yet calculated CVE-2021-28544
MISC
DEBIAN
apache — struts
 
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{…} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. 2022-04-12 not yet calculated CVE-2021-31805
MISC
MLIST
mongodb — mongodb
 
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16. 2022-04-12 not yet calculated CVE-2021-32040
MISC
MISC
MISC
johnson_controls — metasys
 
Under certain circumstances the session token is not cleared on logout. 2022-04-15 not yet calculated CVE-2021-36205
CERT
CONFIRM
wordpress — wp_maintenance_(wordpress_plugin)
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs. 2022-04-15 not yet calculated CVE-2021-36828
CONFIRM
CONFIRM
caldera — calderalwp_license_manager_(wordpress_plugin)
 
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. 2022-04-12 not yet calculated CVE-2021-36914
CONFIRM
CONFIRM
microfocus — operations_bridge
 
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. 2022-04-11 not yet calculated CVE-2021-38125
MISC
android — android
 
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 2022-04-12 not yet calculated CVE-2021-39794
MISC
android — android
 
In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app’s dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-201667614 2022-04-12 not yet calculated CVE-2021-39795
MISC
android — android
 
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 2022-04-12 not yet calculated CVE-2021-39796
MISC
android — android
 
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 2022-04-12 not yet calculated CVE-2021-39797
MISC
android — android
 
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612 2022-04-12 not yet calculated CVE-2021-39798
MISC
android — android
 
In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 2022-04-12 not yet calculated CVE-2021-39799
MISC
android — android
 
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-39800
MISC
android — android
 
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-39801
MISC
android — android
 
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel 2022-04-12 not yet calculated CVE-2021-39802
MISC
android — android
 
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350 2022-04-12 not yet calculated CVE-2021-39803
MISC
android — android
 
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587 2022-04-12 not yet calculated CVE-2021-39804
MISC
android — android
 
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559 2022-04-12 not yet calculated CVE-2021-39805
MISC
android — android
 
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496 2022-04-12 not yet calculated CVE-2021-39807
MISC
android — android
 
In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 2022-04-12 not yet calculated CVE-2021-39808
MISC
android — android
 
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 2022-04-12 not yet calculated CVE-2021-39809
MISC
android — android
 
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A 2022-04-12 not yet calculated CVE-2021-39812
MISC
android — android
 
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A 2022-04-12 not yet calculated CVE-2021-39814
MISC
simatic — s7-400_h
 
A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. 2022-04-12 not yet calculated CVE-2021-40368
CONFIRM
kaseya_unitrends — client/agent
 
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. 2022-04-15 not yet calculated CVE-2021-40386
MISC
moxa — mxview_series An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40390
MISC
moxa — mxview_series
 
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. 2022-04-14 not yet calculated CVE-2021-40392
MISC
accusoft — imagegear
 
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40398
MISC
gerbv — gerbv
 
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40400
MISC
gerbv — gerbv
 
An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40402
MISC
reolink — rlc-410w
 
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40405
MISC
swiftsensors — gateway_sg3-1010
 
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40422
MISC
webroot –secure_anywhere
 
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40424
MISC
webroot_secure_anywhere
 
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40425
MISC
soundexchange — libsox
 
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-40426
MISC
redhat– openshift
 
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. 2022-04-11 not yet calculated CVE-2021-4047
MISC
arubanetworks — instant_on_1930_switch_series
 
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. 2022-04-12 not yet calculated CVE-2021-41004
MISC
arubanetworks — instant_on_1930_switch_series
 
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. 2022-04-12 not yet calculated CVE-2021-41005
MISC
wire — wire_server
 
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service for a heavily used server. The issue has been fixed in wire-server 2022-03-01 and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to 2022-03-01, so that their backends are no longer affected. There are no known workarounds for this issue. 2022-04-13 not yet calculated CVE-2021-41119
MISC
CONFIRM
siemens — simatic_step_7
 
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. 2022-04-12 not yet calculated CVE-2021-42029
CONFIRM
redcap — redcap
 
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client’s browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. 2022-04-13 not yet calculated CVE-2021-42136
MISC
MISC
MISC
seowon — seowon_130_slc_router Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. 2022-04-15 not yet calculated CVE-2021-42230
MISC
appguard — appguard_enterprise
 
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. 2022-04-12 not yet calculated CVE-2021-42255
MISC
MISC
cms_made_simple — cms_made_simple
 
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. 2022-04-13 not yet calculated CVE-2021-43154
MISC
github — one_time_password
 
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) 2022-04-11 not yet calculated CVE-2021-43177
MISC
mantisbt — mantisbt
 
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. 2022-04-14 not yet calculated CVE-2021-43257
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL “Test Connection” feature to execute arbitrary code. 2022-04-14 not yet calculated CVE-2021-43286
MISC
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. 2022-04-14 not yet calculated CVE-2021-43287
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. 2022-04-14 not yet calculated CVE-2021-43288
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename. 2022-04-14 not yet calculated CVE-2021-43289
MISC
MISC
MISC
MISC
gocd — thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can’t control. 2022-04-14 not yet calculated CVE-2021-43290
MISC
MISC
MISC
MISC
annexxus — i3_international_inc_annexxus_camera
 
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the ‘UserPermission’ endpoint with the ID of created account and set it to ‘admin’ userType, successfully adding a second administrative account. 2022-04-11 not yet calculated CVE-2021-43442
MISC
sourcecodetester — sourcecodester_messaging_web_application
 
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. 2022-04-14 not yet calculated CVE-2021-43633
MISC
MISC
cmsimple — cms_made_simple_5.4 CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. 2022-04-13 not yet calculated CVE-2021-43741
MISC
MISC
cmsimple — cms_made_simple_5.4 CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. 2022-04-13 not yet calculated CVE-2021-43742
MISC
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44354
MISC
reolink — reolink_rlc_410W
 
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44355
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44356
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44357
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44366
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44375
MISC
reolink — reolink_rlc_410W Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2021-44394
MISC
yottadb — yottadb
 
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44481
MISC
yottadb — yottadb
 
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. 2022-04-15 not yet calculated CVE-2021-44482
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. 2022-04-15 not yet calculated CVE-2021-44483
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44484
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44485
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. 2022-04-15 not yet calculated CVE-2021-44486
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44487
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. 2022-04-15 not yet calculated CVE-2021-44488
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a “- digs” subtraction. 2022-04-15 not yet calculated CVE-2021-44489
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a “- (digs < 1 ? 1 : digs)” subtraction. 2022-04-15 not yet calculated CVE-2021-44490
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs– calculation. 2022-04-15 not yet calculated CVE-2021-44491
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44492
MISC
MISC
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. 2022-04-15 not yet calculated CVE-2021-44493
MISC
MISC
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44494
MISC
MISC
MISC
yottadb — yottadb An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. 2022-04-15 not yet calculated CVE-2021-44495
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution. 2022-04-15 not yet calculated CVE-2021-44496
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop. 2022-04-15 not yet calculated CVE-2021-44497
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44498
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. 2022-04-15 not yet calculated CVE-2021-44499
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. 2022-04-15 not yet calculated CVE-2021-44500
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. 2022-04-15 not yet calculated CVE-2021-44501
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. 2022-04-15 not yet calculated CVE-2021-44502
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault. 2022-04-15 not yet calculated CVE-2021-44503
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault. 2022-04-15 not yet calculated CVE-2021-44504
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. 2022-04-15 not yet calculated CVE-2021-44505
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. 2022-04-15 not yet calculated CVE-2021-44506
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44507
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. 2022-04-15 not yet calculated CVE-2021-44508
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. 2022-04-15 not yet calculated CVE-2021-44509
MISC
MISC
MISC
yottadb — fis_gtm An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. 2022-04-15 not yet calculated CVE-2021-44510
MISC
MISC
MISC
citrix — citrix_xenmobileserver
 
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. 2022-04-13 not yet calculated CVE-2021-44520
MISC
MISC
MISC
coins — coins_contruction_cloud An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. 2022-04-14 not yet calculated CVE-2021-45227
MISC
MISC
coins — coins_contruction_cloud An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. 2022-04-14 not yet calculated CVE-2021-45228
MISC
MISC
wizplat — wizplat_PD065
 
An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). 2022-04-13 not yet calculated CVE-2021-46167
MISC
MISC
MISC
MISC
palo_alto_networks — pan_os
 
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2. 2022-04-13 not yet calculated CVE-2022-0023
MISC
wordpress — visual_form_ builder_wordpress
 
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. 2022-04-12 not yet calculated CVE-2022-0140
MISC
wordpress — visual_form_ builder_wordpress The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks 2022-04-12 not yet calculated CVE-2022-0141
MISC
wordpress — visual_form_ builder_wordpress The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. 2022-04-12 not yet calculated CVE-2022-0142
MISC
schneider_electric — scadapack_ workbench
 
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior) 2022-04-13 not yet calculated CVE-2022-0221
MISC
github — grunt Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. 2022-04-12 not yet calculated CVE-2022-0436
CONFIRM
MISC
netty — netty_codec_http_maven_package
 
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11. 2022-04-11 not yet calculated CVE-2022-0552
MISC
MISC
MISC
aveva — aveva_system_platform AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. 2022-04-11 not yet calculated CVE-2022-0835
CONFIRM
CONFIRM
homeplug_green_phy — combined_charging_system
 
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards. 2022-04-12 not yet calculated CVE-2022-0878
CONFIRM
windows — logitech_sync
 
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. 2022-04-12 not yet calculated CVE-2022-0915
MISC
myscada — mypro An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. 2022-04-11 not yet calculated CVE-2022-0999
CONFIRM
lifepoint_informatics — patient_portal
 
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. 2022-04-11 not yet calculated CVE-2022-1067
MISC
gitlab — ce/ee
 
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged 2022-04-11 not yet calculated CVE-2022-1157
MISC
CONFIRM
rockwell_automation — logix_controllers
 
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. 2022-04-11 not yet calculated CVE-2022-1161
MISC
gitlab — ce/ee
 
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 10.8 prior to 14.8.5, and 10.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances 2022-04-11 not yet calculated CVE-2022-1193
CONFIRM
MISC
MISC
gitbug — plantuml
 
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running). 2022-04-15 not yet calculated CVE-2022-1231
MISC
CONFIRM
mcafee_agent — windows A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user’s %TEMP% directory with System privileges through manipulation of symbolic links. 2022-04-14 not yet calculated CVE-2022-1256
CONFIRM
mcafee_agent — linux_macos_windows Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files. 2022-04-14 not yet calculated CVE-2022-1257
CONFIRM
mcafee_agent — epolicy_orchestrator A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. 2022-04-14 not yet calculated CVE-2022-1258
CONFIRM
tenable — d_link_routers A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. 2022-04-11 not yet calculated CVE-2022-1262
MISC
java_client — ebics
 
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. 2022-04-14 not yet calculated CVE-2022-1279
CONFIRM
linux — drivers_gpu_drm_drm_lease.c A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. 2022-04-13 not yet calculated CVE-2022-1280
MISC
MISC
github — mruby_mruby heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. 2022-04-10 not yet calculated CVE-2022-1286
CONFIRM
MISC
tildearrow — furnace A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. 2022-04-10 not yet calculated CVE-2022-1289
MISC
MISC
MISC
github — polonel_trudesk Stored XSS in “Name”, “Group Name” & “Title” in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-10 not yet calculated CVE-2022-1290
MISC
CONFIRM
mz_automation — liblec61850 In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. 2022-04-12 not yet calculated CVE-2022-1302
CONFIRM
e2sprogs — e2sprogs An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. 2022-04-14 not yet calculated CVE-2022-1304
MISC
github — zerotierone
 
ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation 2022-04-11 not yet calculated CVE-2022-1316
CONFIRM
MISC
mutt — uudecoder
 
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line 2022-04-14 not yet calculated CVE-2022-1328
MISC
MISC
CONFIRM
MLIST
github — alvarotrigo/fullpage.js stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss . 2022-04-12 not yet calculated CVE-2022-1330
MISC
CONFIRM
mattermost — api
 
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. 2022-04-13 not yet calculated CVE-2022-1332
MISC
mattermost _playbooks — webhooks
 
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. 2022-04-13 not yet calculated CVE-2022-1333
MISC
mattermost — image_proxy_component The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. 2022-04-13 not yet calculated CVE-2022-1337
MISC
github — elementcontroller.php SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data 2022-04-13 not yet calculated CVE-2022-1339
CONFIRM
MISC
github — stored_xss Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-13 not yet calculated CVE-2022-1344
CONFIRM
MISC
github — stored_xss Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-13 not yet calculated CVE-2022-1345
CONFIRM
MISC
github — stored_xss Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse. 2022-04-13 not yet calculated CVE-2022-1346
CONFIRM
MISC
github — stored_xss Stored XSS in the “Username” & “Email” input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation 2022-04-13 not yet calculated CVE-2022-1347
MISC
CONFIRM
ghostpcl — gsmchunk.c A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. 2022-04-14 not yet calculated CVE-2022-1350
MISC
MISC
MISC
github — stored_xss Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. 2022-04-14 not yet calculated CVE-2022-1351
CONFIRM
MISC
github — lquixada/cross_fetch Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. 2022-04-15 not yet calculated CVE-2022-1365
MISC
CONFIRM
github — snipe/snipe_it Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-16 not yet calculated CVE-2022-1380
CONFIRM
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658. 2022-04-11 not yet calculated CVE-2022-20065
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729. 2022-04-11 not yet calculated CVE-2022-20066
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585. 2022-04-11 not yet calculated CVE-2022-20067
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907. 2022-04-11 not yet calculated CVE-2022-20068
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160425; Issue ID: ALPS06160425. 2022-04-11 not yet calculated CVE-2022-20069
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID: ALPS06362920. 2022-04-11 not yet calculated CVE-2022-20070
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315. 2022-04-11 not yet calculated CVE-2022-20071
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. 2022-04-11 not yet calculated CVE-2022-20072
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. 2022-04-11 not yet calculated CVE-2022-20073
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301. 2022-04-11 not yet calculated CVE-2022-20074
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808. 2022-04-11 not yet calculated CVE-2022-20075
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. 2022-04-11 not yet calculated CVE-2022-20076
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. 2022-04-11 not yet calculated CVE-2022-20077
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. 2022-04-11 not yet calculated CVE-2022-20078
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. 2022-04-11 not yet calculated CVE-2022-20079
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. 2022-04-11 not yet calculated CVE-2022-20080
MISC
mediatek — smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsets In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919. 2022-04-11 not yet calculated CVE-2022-20081
MISC
cisco — embedded_wireless_controller
 
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. 2022-04-15 not yet calculated CVE-2022-20622
CISCO
cisco — catalyst_digital_building_series_and_catalyst_micro_switches Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20661
CISCO
cisco — tool_command_language
 
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. 2022-04-15 not yet calculated CVE-2022-20676
CISCO
cisco — iox_application_hosting_environment
 
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20677
CISCO
cisco — appnav_xe
 
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. 2022-04-15 not yet calculated CVE-2022-20678
CISCO
cisco — ipsec_decryption_routine
 
A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit. 2022-04-15 not yet calculated CVE-2022-20679
CISCO
cisco — catalyst_9000_family_switches_and_catalyst_9000_family_wireless_controllers
 
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device. 2022-04-15 not yet calculated CVE-2022-20681
CISCO
cisco — control_and_provisioning_of_wireless_access_points
 
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20682
CISCO
cisco — application_visibility_and_control
 
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20683
CISCO
cisco — simple_network_management_protocol
 
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20684
CISCO
cisco — netconf A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device. 2022-04-15 not yet calculated CVE-2022-20692
CISCO
cisco — ui A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. 2022-04-15 not yet calculated CVE-2022-20693
CISCO
cisco — resource_public_key_infrastructure A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable. 2022-04-15 not yet calculated CVE-2022-20694
CISCO
cisco — wireless_lan_controller A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory. 2022-04-15 not yet calculated CVE-2022-20695
CISCO
cisco — web_services_interface A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20697
CISCO
cisco — data_plane_microcode_of_lightspeed_plus_line_cards A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card. 2022-04-15 not yet calculated CVE-2022-20714
CISCO
cisco — cli_of_cisco_sd_wan_software
 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. 2022-04-15 not yet calculated CVE-2022-20716
CISCO
cisco — netconf_process_of_ cisco_sd_wan_vedge_ routers A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. 2022-04-15 not yet calculated CVE-2022-20717
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20718
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20719
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20720
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20721
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20722
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20723
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20724
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20725
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20726
CISCO
cisco — iox_application_hosting_environment Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20727
CISCO
cisco — catalyst_digital_building_series_switches_and_cisco_catalyst_micro_switches
 
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2022-04-15 not yet calculated CVE-2022-20731
CISCO
cisco — sd_wan_vmanage_software A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. 2022-04-15 not yet calculated CVE-2022-20735
CISCO
cisco — sd_wan_vmanage_software A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. 2022-04-15 not yet calculated CVE-2022-20739
CISCO
cisco — history_api_of_cisco_sd_wan_vmanage_software A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. 2022-04-15 not yet calculated CVE-2022-20747
CISCO
cisco — border_gateway_protocol_ethernet_vpn
 
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP updates only from explicitly defined peers. For this vulnerability to be exploited, the malicious BGP update message must either come from a configured, valid BGP peer or be injected by the attacker into the affected BGP network on an existing, valid TCP connection to a BGP peer. 2022-04-15 not yet calculated CVE-2022-20758
CISCO
cisco — 1000_series_connected_grid_router
 
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. 2022-04-15 not yet calculated CVE-2022-20761
CISCO
lansweeper — webuseractions.aspx
 
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21145
MISC
CONFIRM
leadtools — fltsavecmp
 
An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21154
MISC
CONFIRM
fernhill_scada_server_version — fhsvrservice.exe A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. 2022-04-12 not yet calculated CVE-2022-21155
MISC
mz_automation_gmbh_libiec61850 — parsenormalmodeparameters A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. 2022-04-15 not yet calculated CVE-2022-21159
MISC
CONFIRM
MISC
fuji_electric — alpha5 The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. 2022-04-12 not yet calculated CVE-2022-21168
MISC
fuji_electric — alpha5 The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. 2022-04-12 not yet calculated CVE-2022-21202
MISC
lansweeper — assetactions.aspx
 
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21210
MISC
CONFIRM
fuji_electric — alpha5 The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. 2022-04-12 not yet calculated CVE-2022-21214
MISC
fuji_electric — alpha5 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. 2022-04-12 not yet calculated CVE-2022-21228
MISC
lansweeper — echoassets.aspx An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-21234
MISC
CONFIRM
nconf — json
 
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype. 2022-04-12 not yet calculated CVE-2022-21803
MISC
MISC
MISC
MISC
microsoft — windows Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. 2022-04-15 not yet calculated CVE-2022-21983
N/A
microsoft — windows Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. 2022-04-15 not yet calculated CVE-2022-22008
N/A
microsoft — windows Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. 2022-04-15 not yet calculated CVE-2022-22009
N/A
lansweeper — lansweeper
 
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-22149
MISC
CONFIRM
junos — web_juniper_networks A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim’s browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. 2022-04-14 not yet calculated CVE-2022-22181
CONFIRM
junos — web_juniper_networks A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. 2022-04-14 not yet calculated CVE-2022-22182
CONFIRM
junos — web_juniper_networks An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. 2022-04-14 not yet calculated CVE-2022-22183
CONFIRM
junos — web_juniper_networks A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when ‘preserve-incoming-fragment-size’ feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1. 2022-04-14 not yet calculated CVE-2022-22185
CONFIRM
junos — web_juniper_networks Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1. 2022-04-14 not yet calculated CVE-2022-22186
CONFIRM
windows_installer — improper_privilege_management_vulnerability
 
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. 2022-04-14 not yet calculated CVE-2022-22187
CONFIRM
junos_os — packet_forwarding_engine
 
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1. 2022-04-14 not yet calculated CVE-2022-22188
CONFIRM
junos_os — juniper_networks_ contrail_service_ orchestration
 
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. 2022-04-14 not yet calculated CVE-2022-22189
CONFIRM
junos_os — juniper_networks_paragon_active_assurance_ control_center
 
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0. 2022-04-14 not yet calculated CVE-2022-22190
CONFIRM
junos_os — juniper_networks_junosos
 
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. 2022-04-14 not yet calculated CVE-2022-22191
CONFIRM
junos_os — routing_protocol_daemon An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO. 2022-04-14 not yet calculated CVE-2022-22193
CONFIRM
junos_os — packetio_daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS. 2022-04-14 not yet calculated CVE-2022-22194
CONFIRM
junos_os — juniper_networks An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. 2022-04-14 not yet calculated CVE-2022-22195
CONFIRM
junos_os — routing_protocol_daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. 2022-04-14 not yet calculated CVE-2022-22196
CONFIRM
junos_os — routing_protocol_daemon An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO. 2022-04-14 not yet calculated CVE-2022-22197
CONFIRM
junos_os — sip_alg An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1. 2022-04-14 not yet calculated CVE-2022-22198
CONFIRM
huawei — android The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. 2022-04-11 not yet calculated CVE-2022-22253
MISC
MISC
huawei — android A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 not yet calculated CVE-2022-22254
MISC
MISC
huawei — android
 
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. 2022-04-11 not yet calculated CVE-2022-22255
MISC
MISC
huawei — android The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. 2022-04-11 not yet calculated CVE-2022-22256
MISC
MISC
huawei — android The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. 2022-04-11 not yet calculated CVE-2022-22257
MISC
MISC
huawei — android The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. 2022-04-11 not yet calculated CVE-2022-22258
MISC
MISC
SMA — SMA
 
** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. 2022-04-13 not yet calculated CVE-2022-22279
CONFIRM
IBM — aspera_high_speed_ transfer IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. 2022-04-14 not yet calculated CVE-2022-22391
XF
CONFIRM
sap — business_intelligence_platform SAP BusinessObjects Business Intelligence Platform – versions 420, 430, may allow legitimate users to access information they shouldn’t see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn’t or don’t need to have access. 2022-04-12 not yet calculated CVE-2022-22541
MISC
MISC
dell — powerscale_onefs Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. 2022-04-12 not yet calculated CVE-2022-22549
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. 2022-04-12 not yet calculated CVE-2022-22550
MISC
dell — powerscale_onefs Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. 2022-04-12 not yet calculated CVE-2022-22559
MISC
dell — powerscale_onefs Dell EMC PowerScale OneFS 8.1.x – 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. 2022-04-12 not yet calculated CVE-2022-22560
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. 2022-04-12 not yet calculated CVE-2022-22561
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. 2022-04-12 not yet calculated CVE-2022-22562
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. 2022-04-12 not yet calculated CVE-2022-22565
MISC
ivanti — incapptic_connect
 
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. 2022-04-11 not yet calculated CVE-2022-22572
MISC
MISC
vmware — workspace_one_access_and_ identity_manager VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. 2022-04-11 not yet calculated CVE-2022-22954
MISC
vmware — workspace_one_access VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. 2022-04-13 not yet calculated CVE-2022-22955
MISC
vmware — workspace_one_access VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. 2022-04-13 not yet calculated CVE-2022-22956
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. 2022-04-13 not yet calculated CVE-2022-22957
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. 2022-04-13 not yet calculated CVE-2022-22958
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. 2022-04-13 not yet calculated CVE-2022-22959
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to ‘root’. 2022-04-13 not yet calculated CVE-2022-22960
MISC
vmware — workspace_one_access_identity_manager_and_vrealize_automation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. 2022-04-13 not yet calculated CVE-2022-22961
MISC
vmware — horizon_client_for_linux
 
VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. 2022-04-11 not yet calculated CVE-2022-22962
MISC
vmware — horizon_client_for_linux VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. 2022-04-11 not yet calculated CVE-2022-22964
MISC
vmware — cloud_director
 
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. 2022-04-14 not yet calculated CVE-2022-22966
MISC
vmware — spring_framework
 
In Spring Framework versions 5.3.0 – 5.3.18, 5.2.0 – 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. 2022-04-14 not yet calculated CVE-2022-22968
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, 8.2.2 – 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. 2022-04-12 not yet calculated CVE-2022-23159
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. 2022-04-12 not yet calculated CVE-2022-23160
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.x – 9.3.0.x contains a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. (of course this is temporary and will need to be adapted/reviewed as we determine the CWE with Srisimha Tummala ‘s help) 2022-04-12 not yet calculated CVE-2022-23161
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. 2022-04-12 not yet calculated CVE-2022-23163
MISC
spring_by_vmware — spring_framework Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537. 2022-04-15 not yet calculated CVE-2022-23257
N/A
microsoft — windows Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-23259
N/A
microsoft — windows Windows Hyper-V Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-23268
N/A
microsoft — windows Microsoft Power BI Spoofing Vulnerability. 2022-04-15 not yet calculated CVE-2022-23292
N/A
simatic — energy_manager_basic_and_manager_pro
 
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. 2022-04-12 not yet calculated CVE-2022-23448
CONFIRM
simatic — energy_manager_basic_and_manager_pro A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. 2022-04-12 not yet calculated CVE-2022-23449
CONFIRM
simatic — energy_manager_basic_and_manager_pro A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. 2022-04-12 not yet calculated CVE-2022-23450
CONFIRM
hpe_superdome_flex — servers
 
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. 2022-04-12 not yet calculated CVE-2022-23702
MISC
hpe — flash_arrays
 
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 2022-04-12 not yet calculated CVE-2022-23703
MISC
nyron — nyron_1.0
 
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject ‘”> on the thes1 parameter. 2022-04-15 not yet calculated CVE-2022-23865
MISC
subversion — mod_dav_svn Subversion’s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. 2022-04-12 not yet calculated CVE-2022-24070
MISC
MISC
MISC
DEBIAN
ritecms — admin_panel RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution. 2022-04-12 not yet calculated CVE-2022-24247
MISC
MISC
ritecms — admin_panel RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. 2022-04-12 not yet calculated CVE-2022-24248
MISC
MISC
madlib_object — madlib_object_utils
 
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676) 2022-04-15 not yet calculated CVE-2022-24279
CONFIRM
CONFIRM
automox_agent — windows_and_linux_and version_36_on_osx Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. 2022-04-13 not yet calculated CVE-2022-24308
MISC
MISC
fuji_electric — alpha_5 The affected product is vulnerable to an out-of-bounds read, which may result in code execution 2022-04-12 not yet calculated CVE-2022-24383
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. 2022-04-12 not yet calculated CVE-2022-24411
MISC
dell — powerscale_onefs
 
Dell EMC PowerScale OneFS 8.2.x – 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. 2022-04-12 not yet calculated CVE-2022-24412
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. 2022-04-12 not yet calculated CVE-2022-24413
MISC
microsoft — shaprepoint
 
Microsoft SharePoint Server Spoofing Vulnerability. 2022-04-15 not yet calculated CVE-2022-24472
N/A
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901. 2022-04-15 not yet calculated CVE-2022-24473
N/A
windows — win32k
 
Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. 2022-04-15 not yet calculated CVE-2022-24474
N/A
microsoft — windows
 
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24479
N/A
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. 2022-04-15 not yet calculated CVE-2022-24481
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540. 2022-04-15 not yet calculated CVE-2022-24482
N/A
microsoft — windows Windows Kernel Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-24483
N/A
microsoft — windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24538, CVE-2022-26784. 2022-04-15 not yet calculated CVE-2022-24484
N/A
microsoft — windows Win32 File Enumeration Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24485
N/A
microsoft — windows Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544. 2022-04-15 not yet calculated CVE-2022-24486
N/A
microsoft — windows Windows Local Security Authority (LSA) Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24487
N/A
microsoft — windows Windows Desktop Bridge Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24488
N/A
microsoft — windows Cluster Client Failover (CCF) Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24489
N/A
microsoft — windows Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785. 2022-04-15 not yet calculated CVE-2022-24490
N/A
microsoft — windows Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497. 2022-04-15 not yet calculated CVE-2022-24491
N/A
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809. 2022-04-15 not yet calculated CVE-2022-24492
N/A
microsoft — windows Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-24493
N/A
microsoft — windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24494
N/A
microsoft — windows Windows Direct Show – Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24495
N/A
microsoft — windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24496
N/A
microsoft — windows Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491. 2022-04-15 not yet calculated CVE-2022-24497
N/A
microsoft — windows Windows iSCSI Target Service Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-24498
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530. 2022-04-15 not yet calculated CVE-2022-24499
N/A
microsoft — windows Windows SMB Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24500
N/A
microsoft — windows Visual Studio Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24513
N/A
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481. 2022-04-15 not yet calculated CVE-2022-24521
N/A
microsoft — windows Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24527
N/A
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809. 2022-04-15 not yet calculated CVE-2022-24528
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499. 2022-04-15 not yet calculated CVE-2022-24530
N/A
microsoft — windows HEVC Video Extensions Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24532
N/A
microsoft — windows Remote Desktop Protocol Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24533
N/A
microsoft — windows Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. 2022-04-15 not yet calculated CVE-2022-24534
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-24536
N/A
microsoft — windows Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257. 2022-04-15 not yet calculated CVE-2022-24537
N/A
microsoft — windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-26784. 2022-04-15 not yet calculated CVE-2022-24538
N/A
microsoft — windows Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785. 2022-04-15 not yet calculated CVE-2022-24539
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24482. 2022-04-15 not yet calculated CVE-2022-24540
N/A
microsoft — windows Windows Server Service Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24541
N/A
microsoft — windows Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474. 2022-04-15 not yet calculated CVE-2022-24542
N/A
microsoft — windows Windows Upgrade Assistant Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24543
N/A
microsoft — windows Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486. 2022-04-15 not yet calculated CVE-2022-24544
N/A
microsoft — windows Windows Kerberos Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-24545
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24546
N/A
microsoft — windows Windows Digital Media Receiver Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24547
N/A
microsoft — windows Microsoft Defender Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-24548
N/A
microsoft — windows Windows AppX Package Manager Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24549
N/A
microsoft — windows Windows Telephony Server Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-24550
N/A
microsoft — got_for_windws Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. 2022-04-12 not yet calculated CVE-2022-24765
CONFIRM
MISC
MISC
MLIST
gitbub — git_for_windows
 
GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. 2022-04-12 not yet calculated CVE-2022-24767
N/A
ethereum — vyper
 
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue. 2022-04-13 not yet calculated CVE-2022-24788
MISC
CONFIRM
discourse — discourse
 
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category’s permissions setting. 2022-04-11 not yet calculated CVE-2022-24804
CONFIRM
MISC
grafana — grafana_enterprise
 
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability. 2022-04-12 not yet calculated CVE-2022-24812
CONFIRM
MISC
MISC
jhipster — jhipster
 
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option “reactive with Spring WebFlux” enabled and an SQL database using r2dbc. Applications created without “reactive with Spring WebFlux” and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reactive by default. Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria. This issue has been patched in v7.8.1. Users unable to upgrade should be careful when combining criterias and conditions as the root of the issue lies in the `EntityManager.java` class when creating the where clause via `Conditions.just(criteria.toString())`. `just` accepts the literal string provided. Criteria’s `toString` method returns a plain string and this combination is vulnerable to sql injection as the string is not sanitized and will contain whatever used passed as input using any plain SQL. 2022-04-11 not yet calculated CVE-2022-24815
MISC
MISC
CONFIRM
jai_ext — jai_api
 
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath. 2022-04-13 not yet calculated CVE-2022-24816
CONFIRM
MISC
geotools — geotools
 
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings. 2022-04-13 not yet calculated CVE-2022-24818
CONFIRM
MISC
xwiki_platform — xwiki
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. 2022-04-08 not yet calculated CVE-2022-24820
CONFIRM
MISC
discourse — discourse
 
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. 2022-04-14 not yet calculated CVE-2022-24824
MISC
CONFIRM
elide — elide
 
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the ‘-‘ character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments (‘–‘) and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns. 2022-04-11 not yet calculated CVE-2022-24827
CONFIRM
MISC
MISC
composer — composer
 
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json’s `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. 2022-04-13 not yet calculated CVE-2022-24828
MISC
CONFIRM
garden — garden Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for serving the Garden dashboard. At the moment, this server is accessible to 0.0.0.0 which makes it accessible to anyone on the same network (or anyone on the internet if they are on a public, static IP). This may lead to the ability to compromise credentials, secrets or environment variables. Users are advised to upgrade to version 0.12.39 as soon as possible. Users unable to upgrade should use a firewall blocking access to port 9777 from all untrusted network machines. 2022-04-11 not yet calculated CVE-2022-24829
CONFIRM
MISC
gocd — gocd GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144. 2022-04-11 not yet calculated CVE-2022-24832
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
privatebin — provatenbin PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called ZeroBin. The issue is caused by the fact that SVGs can contain JavaScript. This can allow an attacker to execute code, if the user opens a paste with a specifically crafted SVG attachment, and interacts with the preview image and the instance isn’t protected by an appropriate content security policy. Users are advised to either upgrade to version 1.4.0 or to ensure the content security policy of their instance is set correctly. 2022-04-11 not yet calculated CVE-2022-24833
MISC
CONFIRM
nokogiri — nokogiri Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. 2022-04-11 not yet calculated CVE-2022-24836
CONFIRM
MISC
hedgedoc — hedgedoc HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads. 2022-04-11 not yet calculated CVE-2022-24837
CONFIRM
MISC
MISC
nextcloud — nextcloud_calendar Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the `RCPT TO:<BOOKING USER’S EMAIL> ` SMTP command and begin injecting arbitrary SMTP commands. It is recommended that Calendar is upgraded to 3.2.2. There are no workaround available. 2022-04-11 not yet calculated CVE-2022-24838
MISC
CONFIRM
MISC
org.cyberneko.html — org.cyberneko.html org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability. 2022-04-11 not yet calculated CVE-2022-24839
MISC
CONFIRM
minio — minio MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. This in turn allows the user to escalate privilege to that of the root user. This vulnerability has been resolved in pull request #14729 and is included in `RELEASE.2022-04-12T06-55-35Z`. Users unable to upgrade may workaround this issue by explicitly adding a `admin:CreateServiceAccount` deny policy, however, this, in turn, denies the user the ability to create their own service accounts as well. 2022-04-12 not yet calculated CVE-2022-24842
CONFIRM
MISC
MISC
gin_vue_admin — gin_vue_admin
 
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue. 2022-04-13 not yet calculated CVE-2022-24843
MISC
CONFIRM
MISC
gin_vue_admin — gin_vue_admin
 
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. 2022-04-13 not yet calculated CVE-2022-24844
MISC
CONFIRM
ethereum — vyper
 
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue. 2022-04-13 not yet calculated CVE-2022-24845
CONFIRM
MISC
geowebcache — geowebcache GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code execution. The lookups are going to be restricted in GeoWebCache 1.21.0, 1.20.2, 1.19.3. 2022-04-14 not yet calculated CVE-2022-24846
CONFIRM
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible. 2022-04-13 not yet calculated CVE-2022-24847
CONFIRM
discord — discatsharp
 
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp’s development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`. 2022-04-14 not yet calculated CVE-2022-24849
CONFIRM
discourse — discourse
 
Discourse is an open source platform for community discussion. A category’s group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem. 2022-04-14 not yet calculated CVE-2022-24850
CONFIRM
ldap_account_manager — ldap_account_manager
 
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48×48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1. 2022-04-15 not yet calculated CVE-2022-24851
MISC
MISC
CONFIRM
metabase — metabase
 
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. 2022-04-14 not yet calculated CVE-2022-24853
MISC
CONFIRM
metabase — metabase
 
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you’re unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected. 2022-04-14 not yet calculated CVE-2022-24854
CONFIRM
MISC
metabase — metabase
 
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. 2022-04-14 not yet calculated CVE-2022-24855
CONFIRM
MISC
django_mfa — django_mfa django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be bypassed. Users are affected if they have activated both django-mfa3 (< 0.5.0) and django.contrib.admin and have not taken any other measures to prevent users from accessing the admin login view. The issue has been fixed in django-mfa3 0.5.0. It is possible to work around the issue by overwriting the admin login route, e.g. by adding the following URL definition *before* the admin routes: url(‘admin/login/’, lambda request: redirect(settings.LOGIN_URL) 2022-04-15 not yet calculated CVE-2022-24857
MISC
MISC
CONFIRM
amazon — amazon_aws
 
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service. 2022-04-14 not yet calculated CVE-2022-25165
MISC
MISC
amazon — amazon_aws
 
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user’s Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file. 2022-04-14 not yet calculated CVE-2022-25166
MISC
MISC
wordpress — eroom_plugroom Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. 2022-04-11 not yet calculated CVE-2022-25614
CONFIRM
CONFIRM
wordpress — eroom_plugroom Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. 2022-04-11 not yet calculated CVE-2022-25615
CONFIRM
CONFIRM
seimens — simatic
 
A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. 2022-04-12 not yet calculated CVE-2022-25622
CONFIRM
seimens — mendix
 
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field. 2022-04-12 not yet calculated CVE-2022-25650
CONFIRM
seimens — scalance A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices. 2022-04-12 not yet calculated CVE-2022-25751
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. 2022-04-12 not yet calculated CVE-2022-25752
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device. 2022-04-12 not yet calculated CVE-2022-25753
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. 2022-04-12 not yet calculated CVE-2022-25754
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. 2022-04-12 not yet calculated CVE-2022-25755
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. 2022-04-12 not yet calculated CVE-2022-25756
CONFIRM
autodesk — autocad A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. 2022-04-11 not yet calculated CVE-2022-25789
MISC
autodesk — autocad A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution. 2022-04-11 not yet calculated CVE-2022-25790
MISC
autodesk — autocad A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. 2022-04-11 not yet calculated CVE-2022-25791
MISC
autodesk — autocad A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code. 2022-04-11 not yet calculated CVE-2022-25792
MISC
autodesk — fbx_review An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-04-11 not yet calculated CVE-2022-25794
MISC
pdftron — pdftron
 
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code 2022-04-13 not yet calculated CVE-2022-25795
MISC
autodesk — navisworks A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2022-04-11 not yet calculated CVE-2022-25796
MISC
autodesk — trueview A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. 2022-04-13 not yet calculated CVE-2022-25797
MISC
samsung — s_secure
 
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. 2022-04-11 not yet calculated CVE-2022-25831
MISC
samsung — s_secure Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. 2022-04-11 not yet calculated CVE-2022-25832
MISC
samsung — imsservice Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. 2022-04-11 not yet calculated CVE-2022-25833
MISC
centrum — automation_design
 
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server. 2022-04-15 not yet calculated CVE-2022-26034
MISC
MISC
samsung — samsungcontacts
 
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. 2022-04-11 not yet calculated CVE-2022-26090
MISC
samsung — samsungcontacts Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. 2022-04-11 not yet calculated CVE-2022-26091
MISC
samsung — quram_agif Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. 2022-04-11 not yet calculated CVE-2022-26092
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. 2022-04-11 not yet calculated CVE-2022-26093
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. 2022-04-11 not yet calculated CVE-2022-26094
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. 2022-04-11 not yet calculated CVE-2022-26095
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. 2022-04-11 not yet calculated CVE-2022-26096
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. 2022-04-11 not yet calculated CVE-2022-26097
MISC
samsung — google_and_samsung Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. 2022-04-11 not yet calculated CVE-2022-26098
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. 2022-04-11 not yet calculated CVE-2022-26099
MISC
sap — netweaver_enterprise_portal SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. 2022-04-12 not yet calculated CVE-2022-26105
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2022-04-12 not yet calculated CVE-2022-26106
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2022-04-12 not yet calculated CVE-2022-26107
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2022-04-12 not yet calculated CVE-2022-26108
MISC
MISC
sap — 3d_visual_enterprise_viewer
 
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2022-04-12 not yet calculated CVE-2022-26109
MISC
MISC
mantisbt — plugin
 
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. 2022-04-13 not yet calculated CVE-2022-26144
MISC
citrix — xenmobile
 
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10.14 through RP4 allows Command Injection. 2022-04-13 not yet calculated CVE-2022-26151
MISC
MISC
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices. 2022-04-12 not yet calculated CVE-2022-26334
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices. 2022-04-12 not yet calculated CVE-2022-26335
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device. 2022-04-12 not yet calculated CVE-2022-26380
CONFIRM
asterisk — asterisk
 
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. 2022-04-15 not yet calculated CVE-2022-26498
MISC
MISC
MISC
asterisk — asterisk
 
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it’s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. 2022-04-15 not yet calculated CVE-2022-26499
MISC
MISC
MISC
schneider_electric — ecostruxure
 
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-04-14 not yet calculated CVE-2022-26507
MISC
MISC
pluck_cms — pluck_cms
 
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. 2022-04-13 not yet calculated CVE-2022-26589
MISC
MISC
liferay — portal
 
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field’s help text to (1) Forms module’s form builder, or (2) App Builder module’s object form view’s form builder. 2022-04-15 not yet calculated CVE-2022-26594
MISC
MISC
easyio — cpt_graphics
 
An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. 2022-04-13 not yet calculated CVE-2022-26643
MISC
MISC
MISC
asterisk — asterisk
 
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. 2022-04-15 not yet calculated CVE-2022-26651
MISC
MISC
MISC
zoho — manageengine_remote_access_plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). 2022-04-16 not yet calculated CVE-2022-26653
CONFIRM
zoho — manageengine_remote_access_plus Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. 2022-04-16 not yet calculated CVE-2022-26777
CONFIRM
microsoft — windows Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26785. 2022-04-15 not yet calculated CVE-2022-26783
N/A
microsoft — windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-24538. 2022-04-15 not yet calculated CVE-2022-26784
N/A
microsoft — windows Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26783. 2022-04-15 not yet calculated CVE-2022-26785
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26786
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26787
N/A
microsoft — powershell
 
PowerShell Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26788
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26789
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26790
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26791
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26792
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26793
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26794
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26795
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26796
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26797
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26798
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26802, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26801
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26803. 2022-04-15 not yet calculated CVE-2022-26802
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802. 2022-04-15 not yet calculated CVE-2022-26803
N/A
microsoft — windows Windows Work Folder Service Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26807
N/A
microsoft — windows Windows File Explorer Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26808
N/A
microsoft — windows Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. 2022-04-15 not yet calculated CVE-2022-26809
N/A
microsoft — windows Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827. 2022-04-15 not yet calculated CVE-2022-26810
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26811
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26812
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26813
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26814
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26815
N/A
microsoft — windows Windows DNS Server Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-26816
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26817
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26818
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26819
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26820
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26821
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26822
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26823
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26824
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26825
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829. 2022-04-15 not yet calculated CVE-2022-26826
N/A
microsoft — windows Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26810. 2022-04-15 not yet calculated CVE-2022-26827
N/A
microsoft — windows Windows Bluetooth Driver Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26828
N/A
microsoft — windows Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826. 2022-04-15 not yet calculated CVE-2022-26829
N/A
microsoft — windows DiskUsage.exe Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-26830
N/A
microsoft — windows Windows LDAP Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-26831
N/A
microsoft — windows .NET Framework Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-26832
N/A
microsoft — windows Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26897. 2022-04-15 not yet calculated CVE-2022-26896
N/A
microsoft — windows Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26896. 2022-04-15 not yet calculated CVE-2022-26897
N/A
microsoft — windows Azure Site Recovery Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-26898
N/A
microsoft — windows Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473. 2022-04-15 not yet calculated CVE-2022-26901
N/A
microsoft — windows Windows Graphics Component Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-26903
N/A
microsoft — windows Windows User Profile Service Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26904
N/A
microsoft — windows Azure SDK for .NET Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-26907
N/A
microsoft — skype Skype for Business and Lync Spoofing Vulnerability. 2022-04-15 not yet calculated CVE-2022-26910
N/A
microsoft — skype Skype for Business Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-26911
N/A
microsoft — windows Win32k Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26914
N/A
microsoft — windows Windows Secure Channel Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-26915
N/A
microsoft — windows Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918. 2022-04-15 not yet calculated CVE-2022-26916
N/A
microsoft — windows Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918. 2022-04-15 not yet calculated CVE-2022-26917
N/A
microsoft — windows Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917. 2022-04-15 not yet calculated CVE-2022-26918
N/A
microsoft — windows Windows LDAP Remote Code Execution Vulnerability. 2022-04-15 not yet calculated CVE-2022-26919
N/A
microsoft — windows Windows Graphics Component Information Disclosure Vulnerability. 2022-04-15 not yet calculated CVE-2022-26920
N/A
microsoft — windows Visual Studio Code Elevation of Privilege Vulnerability. 2022-04-15 not yet calculated CVE-2022-26921
N/A
microsoft — windows YARP Denial of Service Vulnerability. 2022-04-15 not yet calculated CVE-2022-26924
N/A
microsoft — windows nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). 2022-04-14 not yet calculated CVE-2022-27007
MISC
MISC
microsoft — windows nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. 2022-04-14 not yet calculated CVE-2022-27008
MISC
MISC
microsoft — windows Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 – 2.3.6 Neptune is vulnerable to Directory Traversal. 2022-04-15 not yet calculated CVE-2022-27043
MISC
moxa — mgate A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. 2022-04-15 not yet calculated CVE-2022-27048
MISC
github — ghost An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. 2022-04-12 not yet calculated CVE-2022-27139
MISC
github — express_fileupload An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-12 not yet calculated CVE-2022-27140
MISC
pearweb — pearweb pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. 2022-04-15 not yet calculated CVE-2022-27157
MISC
pearweb — pearweb pearweb < 1.32 suffers from Deserialization of Untrusted Data. 2022-04-15 not yet calculated CVE-2022-27158
MISC
csz — cms Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers 2022-04-12 not yet calculated CVE-2022-27161
MISC
csz — cms CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser 2022-04-12 not yet calculated CVE-2022-27162
MISC
csz — cms CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser 2022-04-12 not yet calculated CVE-2022-27163
MISC
csz — cms CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers 2022-04-12 not yet calculated CVE-2022-27164
MISC
csz — cms CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus 2022-04-12 not yet calculated CVE-2022-27165
MISC

yokogawa — centum

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. 2022-04-15 not yet calculated CVE-2022-27188
MISC
MISC
seimens — simatic A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. 2022-04-12 not yet calculated CVE-2022-27194
CONFIRM
seimens — mendix
 
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. 2022-04-12 not yet calculated CVE-2022-27241
CONFIRM
hubzilla — hubzilla
 
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. 2022-04-13 not yet calculated CVE-2022-27256
MISC
MISC
MISC
hubzilla — hubzilla
 
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. 2022-04-15 not yet calculated CVE-2022-27257
MISC
MISC
hubzilla — hubzilla
 
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. 2022-04-15 not yet calculated CVE-2022-27258
MISC
MISC
buttercms — buttercms
 
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. 2022-04-12 not yet calculated CVE-2022-27260
MISC
MISC
MISC
express — express_fileupload An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. 2022-04-12 not yet calculated CVE-2022-27261
MISC
MISC
skipper — skipper
 
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. 2022-04-12 not yet calculated CVE-2022-27262
MISC
MISC
strapi — strapi
 
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. 2022-04-12 not yet calculated CVE-2022-27263
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27268
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27269
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27270
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27271
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router
 
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27272
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27273
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router
 
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27274
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27275
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet. 2022-04-10 not yet calculated CVE-2022-27276
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. 2022-04-10 not yet calculated CVE-2022-27277
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. 2022-04-10 not yet calculated CVE-2022-27279
MISC
MISC
inhand_networks — inrouter_900_industrial_ 4g_router InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. 2022-04-10 not yet calculated CVE-2022-27280
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. 2022-04-10 not yet calculated CVE-2022-27286
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. 2022-04-10 not yet calculated CVE-2022-27287
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. 2022-04-10 not yet calculated CVE-2022-27288
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. 2022-04-10 not yet calculated CVE-2022-27289
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. 2022-04-10 not yet calculated CVE-2022-27290
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. 2022-04-10 not yet calculated CVE-2022-27291
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. 2022-04-10 not yet calculated CVE-2022-27292
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. 2022-04-10 not yet calculated CVE-2022-27293
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. 2022-04-10 not yet calculated CVE-2022-27294
MISC
MISC
d-link — dir_619_ ax_ v1.00 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. 2022-04-10 not yet calculated CVE-2022-27295
MISC
MISC
cscms — music_portal_system Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. 2022-04-15 not yet calculated CVE-2022-27365
MISC
cscms — music_portal_system Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. 2022-04-15 not yet calculated CVE-2022-27366
MISC
cscms — music_portal_system Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. 2022-04-15 not yet calculated CVE-2022-27367
MISC
cscms — music_portal_system Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. 2022-04-15 not yet calculated CVE-2022-27368
MISC
cscms — music_portal_system Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. 2022-04-15 not yet calculated CVE-2022-27369
MISC
mariadb — mariadb_server MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27376
MISC
mariadb — mariadb_server MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27377
MISC
mariadb — mariadb_server An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27378
MISC
mariadb — mariadb_server An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27379
MISC
mariadb — mariadb_server An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27380
MISC
mariadb — mariadb_server An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27381
MISC
mariadb — mariadb_server MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. 2022-04-12 not yet calculated CVE-2022-27382
MISC
mariadb — mariadb_server MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27383
MISC
mariadb — mariadb_server An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27384
MISC
mariadb — mariadb_server An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27385
MISC
mariadb — mariadb_server MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. 2022-04-12 not yet calculated CVE-2022-27386
MISC
mariadb — mariadb_server MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. 2022-04-12 not yet calculated CVE-2022-27387
MISC
tcpreplay — tcpreplay Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. 2022-04-12 not yet calculated CVE-2022-27416
MISC
tcpreplay — tcpreplay Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. 2022-04-12 not yet calculated CVE-2022-27418
MISC
chamilo — chamilo_lms
 
rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. 2022-04-12 not yet calculated CVE-2022-27419
MISC
chamilo — chamilo_lms Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. 2022-04-15 not yet calculated CVE-2022-27421
MISC
chamilo — chamilo_lms A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. 2022-04-15 not yet calculated CVE-2022-27422
MISC
chamilo — chamilo_lms Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. 2022-04-15 not yet calculated CVE-2022-27423
MISC
chamilo — chamilo_lms Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. 2022-04-15 not yet calculated CVE-2022-27425
MISC
chamilo — chamilo_lms A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. 2022-04-15 not yet calculated CVE-2022-27426
MISC
chamilo — chamilo_lms A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin. 2022-04-15 not yet calculated CVE-2022-27427
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. 2022-04-14 not yet calculated CVE-2022-27444
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. 2022-04-14 not yet calculated CVE-2022-27445
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. 2022-04-14 not yet calculated CVE-2022-27446
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. 2022-04-14 not yet calculated CVE-2022-27447
MISC
mariadb — mariadb_server There is an Assertion failure in MariaDB Server v10.9 and below via ‘node->pcur->rel_pos == BTR_PCUR_ON’ at /row/row0mysql.cc. 2022-04-14 not yet calculated CVE-2022-27448
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. 2022-04-14 not yet calculated CVE-2022-27449
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. 2022-04-14 not yet calculated CVE-2022-27451
MISC
mariadb — mariadb_server MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. 2022-04-14 not yet calculated CVE-2022-27452
MISC
mariadb — mariadb_server MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. 2022-04-14 not yet calculated CVE-2022-27455
MISC
mariadb — mariadb_server MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. 2022-04-14 not yet calculated CVE-2022-27456
MISC
mariadb — mariadb_server MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. 2022-04-14 not yet calculated CVE-2022-27457
MISC
mariadb — mariadb_server MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. 2022-04-14 not yet calculated CVE-2022-27458
MISC
roothub — roothub SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the “s” parameter remotely. 2022-04-12 not yet calculated CVE-2022-27472
MISC
MISC
roothub — roothub
 
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the “s” parameter remotely. 2022-04-12 not yet calculated CVE-2022-27473
MISC
MISC
github — mount4m
 
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. 2022-04-15 not yet calculated CVE-2022-27474
MISC
MISC
tramyardg — hotel_mgmt_system
 
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. 2022-04-13 not yet calculated CVE-2022-27475
MISC
MISC
newbee_ltd — newbee_mall
 
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. 2022-04-10 not yet calculated CVE-2022-27476
MISC
apache — apache_superset
 
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. 2022-04-13 not yet calculated CVE-2022-27479
CONFIRM
CONFIRM
MLIST
seimens — sicam
 
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. 2022-04-12 not yet calculated CVE-2022-27480
CONFIRM
FULLDISC
MISC
seimens — scalance A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device. 2022-04-12 not yet calculated CVE-2022-27481
CONFIRM
citrix — storefront Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 2022-04-13 not yet calculated CVE-2022-27503
MISC
citrix — sd_wan Reflected cross site scripting (XSS) 2022-04-13 not yet calculated CVE-2022-27505
MISC
citrix — sd_wan_cli Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI 2022-04-13 not yet calculated CVE-2022-27506
MISC
autodesk — trueview A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-04-13 not yet calculated CVE-2022-27523
MISC
autodesk — trueview An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-04-13 not yet calculated CVE-2022-27524
MISC
autodesk — navisworks
 
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. 2022-04-11 not yet calculated CVE-2022-27528
MISC
samsung — google_and_samsung Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. 2022-04-11 not yet calculated CVE-2022-27567
MISC
samsung — google_and_samsung Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. 2022-04-11 not yet calculated CVE-2022-27568
MISC
samsung — google_and_samsung Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. 2022-04-11 not yet calculated CVE-2022-27569
MISC
samsung — google_and_samsung Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. 2022-04-11 not yet calculated CVE-2022-27570
MISC
samsung — google_and_samsung Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. 2022-04-11 not yet calculated CVE-2022-27571
MISC
samsung — google_and_samsung Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. 2022-04-11 not yet calculated CVE-2022-27572
MISC
samsung — mobile
 
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. 2022-04-11 not yet calculated CVE-2022-27573
MISC
samsung — mobile
 
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. 2022-04-11 not yet calculated CVE-2022-27574
MISC
samsung — one_ui_home
 
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. 2022-04-11 not yet calculated CVE-2022-27575
MISC
samsung — dex_home
 
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission 2022-04-11 not yet calculated CVE-2022-27576
MISC
sick_ag — msc800 The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version. 2022-04-11 not yet calculated CVE-2022-27577
MISC
sick_ag — oee An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. 2022-04-11 not yet calculated CVE-2022-27578
MISC
sap — 3d_visual
 
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2022-04-12 not yet calculated CVE-2022-27654
MISC
MISC
sap — universal_3d
 
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2022-04-12 not yet calculated CVE-2022-27655
MISC
MISC
sap — focused_run
 
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) – version 1.0. 2022-04-12 not yet calculated CVE-2022-27657
MISC
MISC
sap — businessobjects_business_intelligence
 
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) – version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. 2022-04-12 not yet calculated CVE-2022-27667
MISC
MISC
sap — xml_data_archiving_service
 
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java – version 7.50, to which access should be restricted. This may result in an escalation of privileges. 2022-04-12 not yet calculated CVE-2022-27669
MISC
MISC
sap — sql
 
SAP SQL Anywhere – version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. 2022-04-12 not yet calculated CVE-2022-27670
MISC
MISC
sap — csrf
 
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. 2022-04-12 not yet calculated CVE-2022-27671
MISC
MISC
swhkd — swhkd SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. 2022-04-14 not yet calculated CVE-2022-27814
MISC
MISC
swhkd — swhkd SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. 2022-04-14 not yet calculated CVE-2022-27817
MISC
MISC
samsung — mobile Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. 2022-04-11 not yet calculated CVE-2022-27821
MISC
samsung — mobile Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. 2022-04-11 not yet calculated CVE-2022-27822
MISC
samsung — libsapeextractor Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. 2022-04-11 not yet calculated CVE-2022-27823
MISC
samsung — libsapeextractor Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file 2022-04-11 not yet calculated CVE-2022-27824
MISC
samsung — libsapeextractor Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. 2022-04-11 not yet calculated CVE-2022-27825
MISC
samsung — semsuspenddialoginfo Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. 2022-04-11 not yet calculated CVE-2022-27826
MISC
samsung — mediamonitordimension Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. 2022-04-11 not yet calculated CVE-2022-27827
MISC
samsung — mediamonitorevent Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. 2022-04-11 not yet calculated CVE-2022-27828
MISC
samsung — verifycredentialresponse Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. 2022-04-11 not yet calculated CVE-2022-27829
MISC
samsung — semblurinfo Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. 2022-04-11 not yet calculated CVE-2022-27830
MISC
samsung — libsapeextractor Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. 2022-04-11 not yet calculated CVE-2022-27831
MISC
samsung — media_extractor Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. 2022-04-11 not yet calculated CVE-2022-27832
MISC
samsung — dsp_driver Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. 2022-04-11 not yet calculated CVE-2022-27833
MISC
samsung — dsp_contect_unload_graph
 
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. 2022-04-11 not yet calculated CVE-2022-27834
MISC
samsung — uwb Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. 2022-04-11 not yet calculated CVE-2022-27835
MISC
samsung — storagemanager Improper access control and path traversal vulnerability in StroageManager and StroageManagerService prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. 2022-04-11 not yet calculated CVE-2022-27836
MISC
samsung — pendingintent A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. 2022-04-11 not yet calculated CVE-2022-27837
MISC
samsung — factorycamera Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. 2022-04-11 not yet calculated CVE-2022-27838
MISC
samsung — secret_mode Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. 2022-04-11 not yet calculated CVE-2022-27839
MISC
samsung — samsung_recovery Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. 2022-04-11 not yet calculated CVE-2022-27840
MISC
samsung — samsung_pass Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication 2022-04-11 not yet calculated CVE-2022-27841
MISC
samsung — smart_switch DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. 2022-04-11 not yet calculated CVE-2022-27842
MISC
samsung — kies DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. 2022-04-11 not yet calculated CVE-2022-27843
MISC
wordpress — wpvivid Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 2022-04-11 not yet calculated CVE-2022-27844
CONFIRM
CONFIRM
wordpress — plausiblehq_plausible_analytics
 
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 2022-04-11 not yet calculated CVE-2022-27845
CONFIRM
CONFIRM
wordpress — yooslider_yoo_slider Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. 2022-04-13 not yet calculated CVE-2022-27846
CONFIRM
CONFIRM
wordpress — yooslider_yoo_slider Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. 2022-04-13 not yet calculated CVE-2022-27847
CONFIRM
CONFIRM
wordpress — modern_events_calendar_lite Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 2022-04-14 not yet calculated CVE-2022-27848
CONFIRM
CONFIRM
wordpress — simple_ajax_chat
 
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 2022-04-15 not yet calculated CVE-2022-27849
CONFIRM
CONFIRM
wordpress — simple_ajax_chat Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. 2022-04-15 not yet calculated CVE-2022-27850
CONFIRM
CONFIRM
wordpress — use_any_font Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. 2022-04-15 not yet calculated CVE-2022-27851
CONFIRM
CONFIRM
wordpress — kb_support Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 2022-04-15 not yet calculated CVE-2022-27852
CONFIRM
CONFIRM
wordpress — payloadcms An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. 2022-04-12 not yet calculated CVE-2022-27952
MISC
MISC
github — AtomCMS 2.0 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php 2022-04-12 not yet calculated CVE-2022-28032
MISC
github — AtomCMS 2.0 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php 2022-04-12 not yet calculated CVE-2022-28033
MISC
github — AtomCMS 2.0 AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php 2022-04-12 not yet calculated CVE-2022-28034
MISC
github — AtomCMS 2.0 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php 2022-04-12 not yet calculated CVE-2022-28035
MISC
github — AtomCMS 2.0 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php 2022-04-12 not yet calculated CVE-2022-28036
MISC
github — stb
 
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-04-15 not yet calculated CVE-2022-28041
MISC
MISC
githib — stb
 
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. 2022-04-15 not yet calculated CVE-2022-28042
MISC
MISC
github — stb Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. 2022-04-15 not yet calculated CVE-2022-28044
MISC
MISC
github — stb STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. 2022-04-15 not yet calculated CVE-2022-28048
MISC
MISC
njs — nginx NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. 2022-04-15 not yet calculated CVE-2022-28049
MISC
MISC
roothub — roothub Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution. 2022-04-13 not yet calculated CVE-2022-28052
MISC
MISC
selenium — selenium_grid
 
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine. 2022-04-15 not yet calculated CVE-2022-28109
MISC
MISC
MLIST
fantec_gmbh — mwids_ds_firmware
 
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. 2022-04-15 not yet calculated CVE-2022-28113
MISC
MISC
MISC
MISC
sap — businessobject_business_intelligence_platform
 
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform – version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. 2022-04-12 not yet calculated CVE-2022-28213
MISC
MISC
sap — netweaver_abap_server_andabap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform – versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. 2022-04-12 not yet calculated CVE-2022-28215
MISC
MISC
sap — businessobject_business_intelligence_platform
 
SAP BusinessObjects Business Intelligence Platform (BI Workspace) – version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. 2022-04-12 not yet calculated CVE-2022-28216
MISC
MISC
seimens — scalance
 
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition. 2022-04-12 not yet calculated CVE-2022-28328
CONFIRM
seimens — scalance
 
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature. 2022-04-12 not yet calculated CVE-2022-28329
CONFIRM
signal_app — ios
 
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively. 2022-04-15 not yet calculated CVE-2022-28345
MISC
MISC
MISC
django — django
 
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. 2022-04-12 not yet calculated CVE-2022-28346
MISC
MISC
MISC
MISC
MLIST
django — django
 
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. 2022-04-12 not yet calculated CVE-2022-28347
MISC
MISC
MISC
MISC
apostrophe — apostrophe_cms
 
Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs. 2022-04-12 not yet calculated CVE-2022-28396
MISC
ghost — cms
 
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. 2022-04-12 not yet calculated CVE-2022-28397
MISC
MISC
MISC
MISC
MISC
samsung — samsung_update
 
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. 2022-04-11 not yet calculated CVE-2022-28541
MISC
samsung — galaxy_store
 
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. 2022-04-11 not yet calculated CVE-2022-28542
MISC
samsung — flow
 
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. 2022-04-11 not yet calculated CVE-2022-28543
MISC
samsung — galaxy
 
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. 2022-04-11 not yet calculated CVE-2022-28544
MISC
siemens — simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114) 2022-04-12 not yet calculated CVE-2022-28661
CONFIRM
siemens — simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307) 2022-04-12 not yet calculated CVE-2022-28662
CONFIRM
siemens — simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592) 2022-04-12 not yet calculated CVE-2022-28663
CONFIRM
talosintelligence — ardupilot_apweb_master_branch
 
A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac – master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. 2022-04-14 not yet calculated CVE-2022-28711
MISC
sap — sapui5_library
 
Due to insufficient input validation, SAPUI5 library(vbm) – versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. 2022-04-12 not yet calculated CVE-2022-28770
MISC
MISC
sap — web_dispatcher
 
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher – versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. 2022-04-12 not yet calculated CVE-2022-28772
MISC
MISC
sap — web_dispatcher
 
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. 2022-04-12 not yet calculated CVE-2022-28773
MISC
MISC
samsung — flow
 
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. 2022-04-11 not yet calculated CVE-2022-28775
MISC
samsung — galaxy
 
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. 2022-04-11 not yet calculated CVE-2022-28776
MISC
samsung — members
 
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. 2022-04-11 not yet calculated CVE-2022-28777
MISC
samsung — security_supporter
 
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission 2022-04-11 not yet calculated CVE-2022-28778
MISC
samsung — 
android_usb_driver 
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. 2022-04-11 not yet calculated CVE-2022-28779
MISC
avira — password_manager_browser_extensions
 
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. 2022-04-12 not yet calculated CVE-2022-28795
MISC
f-secure — safe_browser
 
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. 2022-04-15 not yet calculated CVE-2022-28868
MISC
MISC
f-secure — safe_browser
 
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. 2022-04-15 not yet calculated CVE-2022-28869
MISC
MISC
f-secure — safe_browser
 
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. 2022-04-15 not yet calculated CVE-2022-28870
MISC
MISC
wasm3 — wasm3
 
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c). 2022-04-16 not yet calculated CVE-2022-28966
MISC
forestblog — forestblog
 
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. 2022-04-16 not yet calculated CVE-2022-29020
MISC
jenkins — credentials_plugin Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29036
CONFIRM
jenkins — cvs_plugin
 
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29037
CONFIRM
jenkins — extended_choice_parameter_plugin
 
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29038
CONFIRM
jenkins — gerrit_trigger_plugin
 
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29039
CONFIRM
jenkins — git_parameter
 
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29040
CONFIRM
jenkins — jira_plugin
 
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29041
CONFIRM
jenkins — job_generator_plugin
 
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs’ Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29042
CONFIRM
jenkins — mask_passwords_plugin
 
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29043
CONFIRM
jenkins — node_and_label_parameter_plugin
 
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29044
CONFIRM
jenkins — jenkins
 
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29045
CONFIRM
jenkins — subversion_plugin
 
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-04-12 not yet calculated CVE-2022-29046
CONFIRM
jenkins — pipeline
 
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. 2022-04-12 not yet calculated CVE-2022-29047
CONFIRM
jenkins — subversion_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. 2022-04-12 not yet calculated CVE-2022-29048
CONFIRM
jenkins — jenkins
 
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. 2022-04-12 not yet calculated CVE-2022-29049
CONFIRM
jenkins — publish_over_ftp_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. 2022-04-12 not yet calculated CVE-2022-29050
CONFIRM
jenkins — publish_over_ftp_plugin
 
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. 2022-04-12 not yet calculated CVE-2022-29051
CONFIRM
jenkins — google_compute_engine_plugin
 
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2022-04-12 not yet calculated CVE-2022-29052
CONFIRM
microsoft — windows
 
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, 2022-04-15 not yet calculated CVE-2022-29072
MISC
MISC
MISC
npm — npm
 
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. 2022-04-12 not yet calculated CVE-2022-29080
MISC
MISC
linux — linux_kernel
 
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. 2022-04-13 not yet calculated CVE-2022-29156
MISC
MISC
bitrix — bitrix
 
Bitrix through 7.5.0 allows remote attackers to execute arbitrary code by using the restore.php Upload From Local Disk feature. 2022-04-15 not yet calculated CVE-2022-29268
MISC
notable — notable_insiders
 
Notable before 1.9.0-beta.8 doesn’t effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). 2022-04-15 not yet calculated CVE-2022-29281
MISC
MISC
kentico — kentico_cms
 
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password). 2022-04-16 not yet calculated CVE-2022-29287
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.