US-CERT Bulletin (SB22-066):Vulnerability Summary for the Week of February 28, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. 2022-02-25 7.5 CVE-2022-24340
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. 2022-02-25 7.5 CVE-2022-24442
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — airflow It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. 2022-02-25 4.3 CVE-2021-45229
MISC
apache — airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. 2022-02-25 6.5 CVE-2022-24288
MISC
apache — jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 6.8 CVE-2022-24947
MISC
MLIST
apache — jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 4.3 CVE-2022-24948
MISC
MLIST
dolibarr — dolibarr Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. 2022-02-25 4 CVE-2022-0746
CONFIRM
MISC
hashicorp — terraform_enterprise HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. 2022-02-25 5 CVE-2022-25374
MISC
MISC
jetbrains — hub In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. 2022-02-25 5 CVE-2022-24327
MISC
MISC
jetbrains — hub In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. 2022-02-25 4 CVE-2022-24328
MISC
MISC
jetbrains — hub JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. 2022-02-25 4.3 CVE-2022-25259
MISC
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. 2022-02-25 4.6 CVE-2022-24345
MISC
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. 2022-02-25 4.6 CVE-2022-24346
MISC
MISC
jetbrains — kotlin In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. 2022-02-25 5 CVE-2022-24329
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. 2022-02-25 4 CVE-2022-24337
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. 2022-02-25 4 CVE-2022-24333
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. 2022-02-25 6.8 CVE-2022-24335
MISC
MISC
jetbrains — teamcity JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. 2022-02-25 4.3 CVE-2022-24338
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. 2022-02-25 6.8 CVE-2022-24342
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn’t terminate sessions of the edited user. 2022-02-25 5 CVE-2022-24341
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. 2022-02-25 5 CVE-2022-24336
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. 2022-02-25 5 CVE-2022-24334
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2, a logout action didn’t remove a Remember Me cookie. 2022-02-25 5 CVE-2022-24332
MISC
MISC
jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. 2022-02-25 5.8 CVE-2022-24330
MISC
MISC
jetbrains — youtrack In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. 2022-02-25 4 CVE-2022-24343
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
eyesofnetwork — eyesofnetwork An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. 2022-02-25 3.5 CVE-2022-24612
MISC
google — fscrypt fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. 2022-02-25 2.1 CVE-2022-25326
CONFIRM
ibm — vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. 2022-02-25 2.1 CVE-2021-38993
XF
CONFIRM
jetbrains — teamcity JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. 2022-02-25 3.5 CVE-2022-24339
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. 2022-02-25 3.5 CVE-2022-24344
MISC
MISC
jetbrains — youtrack JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. 2022-02-25 3.5 CVE-2022-24347
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info

15zine — 15zine

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2020-36510
MISC
academy_software_foundation — openexr A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. 2022-03-04 not yet calculated CVE-2021-20303
MISC
MISC
MISC
academy_software_foundation — openexr A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-20302
MISC
MISC
MISC
academy_software_foundation — openexr
 
A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-20300
MISC
MISC
MISC
air_cargo_management_system — air_cargo_management_system
 
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. 2022-03-02 not yet calculated CVE-2022-26169
MISC
alfresco — alfresco_community_edition
 
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 2022-03-04 not yet calculated CVE-2020-18327
MISC
MISC
algorithmia — msol
 
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. 2022-03-01 not yet calculated CVE-2021-42951
MISC
MISC
ametys — cms
 
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. 2022-02-28 not yet calculated CVE-2022-26159
MISC
MISC
MISC
ansible — ansible_engine A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. 2022-03-03 not yet calculated CVE-2021-3620
MISC
MISC
MISC
any23 — any23
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. 2022-03-05 not yet calculated CVE-2022-25312
MISC
MLIST
apache — poi
 
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. 2022-03-04 not yet calculated CVE-2022-26336
CONFIRM
archeevo — archeevo
 
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. 2022-03-01 not yet calculated CVE-2022-23377
MISC
argus — surveillance_dvr
 
Argus Surveillance DVR v4.0 employs weak password encryption. 2022-03-01 not yet calculated CVE-2022-25012
MISC
MISC
arm — arm
 
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function. 2022-03-03 not yet calculated CVE-2022-22706
MISC
MISC
arm — astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). 2022-02-28 not yet calculated CVE-2021-44331
MISC
arm — astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in “/Source/astcenc_compress_symbolic.cpp”. 2022-02-28 not yet calculated CVE-2021-43086
MISC
aruba — aos-cx
 
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41000
MISC
aruba — aos-cx
 
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. 2022-03-02 not yet calculated CVE-2021-41001
MISC
aruba — aos-cx
 
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41003
MISC
aruba — aos-cx
 
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. 2022-03-02 not yet calculated CVE-2021-41002
MISC
asgaros_forum — asgaros_forum
 
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection 2022-02-28 not yet calculated CVE-2022-0411
MISC
CONFIRM
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. 2022-02-28 not yet calculated CVE-2021-43945
MISC
audio_file — audio_file
 
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. 2022-02-28 not yet calculated CVE-2022-25023
MISC
auto_spare_parts_management — auto_spare_parts_management
 
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. 2022-03-02 not yet calculated CVE-2022-25398
MISC
axelor — open_suite Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. 2022-03-03 not yet calculated CVE-2022-25138
MISC
MISC
aya — ayacms
 
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, 2022-03-01 not yet calculated CVE-2021-44238
MISC
bank_management_system — bank_management_system
 
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. 2022-03-02 not yet calculated CVE-2022-26171
MISC
basebmpsupportlib — basebmpsupportlib Heap Overflow in BaseBmpSupportLib. 2022-03-03 not yet calculated CVE-2021-38577
MISC
batflat– cms
 
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. 2022-03-01 not yet calculated CVE-2021-41652
MISC
MISC
big_fix_compliance — big_fix_compliance
 
“TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” 2022-03-04 not yet calculated CVE-2021-27756
MISC
big_fix_insights — big_fix_insights
 
“Insecure password storage issue. The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” 2022-03-04 not yet calculated CVE-2021-27757
MISC
bluez — bluetoothd
 
bluetoothd from bluez incorrectly saves adapters’ Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. 2022-03-02 not yet calculated CVE-2021-3658
MISC
MISC
MISC
MISC
buildah — buildah
 
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). 2022-03-03 not yet calculated CVE-2021-3602
MISC
MISC
MISC
MISC
cacti — cacti
 
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. 2022-03-03 not yet calculated CVE-2022-0730
MISC
car_driving_school_management_system — car_driving_school_management_system

 
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. 2022-02-28 not yet calculated CVE-2022-24572
MISC
car_driving_school_management_system — car_driving_school_management_system
 
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. 2022-02-28 not yet calculated CVE-2022-24571
MISC
MISC
MISC
cedar_gate — ez-net
 
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. 2022-03-04 not yet calculated CVE-2022-23397
MISC
cherwell — cherwell service_management An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. 2022-02-28 not yet calculated CVE-2022-26155
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. 2022-02-28 not yet calculated CVE-2022-26157
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 2022-02-28 not yet calculated CVE-2022-26158
MISC
MISC
cherwell — cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker’s server. 2022-02-28 not yet calculated CVE-2022-26156
MISC
MISC
cipi — cipi
 
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. 2022-03-01 not yet calculated CVE-2022-26332
MISC
MISC
clair — claircore
 
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. 2022-03-03 not yet calculated CVE-2021-3762
MISC
MISC
MISC
MISC
MISC
MISC
cmark-grm — cmark-gfm
 
cmark-gfm is GitHub’s extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm’s table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who’s marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. 2022-03-03 not yet calculated CVE-2022-24724
CONFIRM
cms_made_simple — cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. 2022-02-28 not yet calculated CVE-2022-23906
MISC
cms_made_simple — cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. 2022-02-28 not yet calculated CVE-2022-23907
MISC
codeigniter4 — codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. 2022-02-28 not yet calculated CVE-2022-24711
MISC
CONFIRM
codeigniter4 — codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. 2022-02-28 not yet calculated CVE-2022-24712
MISC
CONFIRM
contact_forms-drag_and_drop_contact_form_builder — contact_forms-drag_and_drop_contact_form_builder
 
The Contact Forms – Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack 2022-02-28 not yet calculated CVE-2021-24689
MISC
contaierd — containerd
 
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. 2022-03-03 not yet calculated CVE-2022-23648
CONFIRM
MISC
MISC
MISC
MISC
core_tweaks_wp_setup — core_tweaks_wp_setup
 
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks 2022-02-28 not yet calculated CVE-2021-24803
MISC
coreos-installer — coreos-installer
 
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. 2022-03-04 not yet calculated CVE-2021-20319
MISC
MISC
MISC
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. 2022-03-02 not yet calculated CVE-2022-25395
MISC
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. 2022-03-02 not yet calculated CVE-2022-25396
MISC
cost _calculator — cost_calculator
 
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout 2022-02-28 not yet calculated CVE-2021-24820
MISC
crazy_bone — crazy_bone
 
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting 2022-02-28 not yet calculated CVE-2022-0385
MISC
customize — customize
 
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). 2022-02-28 not yet calculated CVE-2022-0345
MISC
cyberark — identity
 
CyberArk Identity versions up to and including 22.1 in the ‘StartAuthentication’ resource, exposes the response header ‘X-CFY-TX-TM’. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. 2022-03-03 not yet calculated CVE-2022-22700
MISC
MISC
d-link — dap-1620
 
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. 2022-03-04 not yet calculated CVE-2021-46381
MISC
MISC
d-link — dir-859
 
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2022-03-04 not yet calculated CVE-2022-25106
MISC
MISC
MISC
datarobot — datarobot
 
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. 2022-02-28 not yet calculated CVE-2021-45414
MISC
dell — emc_enterprise_storage_analytics_for_vrealize_operations
 
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-03-04 not yet calculated CVE-2021-43590
MISC
devolutions — password_hub_for_ios
 
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. 2022-03-03 not yet calculated CVE-2022-23849
MISC
MISC
dlink — dir-x1860
 
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. 2022-03-04 not yet calculated CVE-2021-46353
MISC
MISC
dlink — dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. 2022-03-04 not yet calculated CVE-2021-46379
MISC
MISC
dlink — dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. 2022-03-04 not yet calculated CVE-2021-46378
MISC
MISC
dolibarr — dolibarr
 
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. 2022-03-02 not yet calculated CVE-2022-0819
MISC
CONFIRM
dropbox — lepton
 
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. 2022-02-28 not yet calculated CVE-2022-26181
MISC
MISC
MISC
dynamic_widgets — dynamic_widgets
 
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2021-24933
MISC
easy_drag_and_drop_all_import — easy_drag_and_drop_all_import
 
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2022-0360
MISC
CONFIRM
editabletable — editabletable
 
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-28 not yet calculated CVE-2021-24898
MISC
elasticsearch — elasticsearch
 
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. 2022-03-03 not yet calculated CVE-2022-23710
MISC
elastisearch — elastisearch
 
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. 2022-03-03 not yet calculated CVE-2022-23708
MISC
element-it — http_commander
 
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. 2022-03-03 not yet calculated CVE-2022-24573
MISC
MISC
espruino — espruino
 
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. 2022-03-05 not yet calculated CVE-2022-25044
MISC
MISC
espruno — espruno
 
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. 2022-03-05 not yet calculated CVE-2022-25465
MISC
event_managemnt — event_management Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. 2022-03-02 not yet calculated CVE-2022-25114
MISC
excel_streaming_reader — excel_streaming_reader
 
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround. 2022-03-02 not yet calculated CVE-2022-23640
CONFIRM
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. 2022-03-01 not yet calculated CVE-2022-24253
MISC
MISC
MISC
extensis — portfolio
 
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. 2022-03-01 not yet calculated CVE-2022-24254
MISC
MISC
MISC
MISC
extensis — portfolio
 
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. 2022-03-01 not yet calculated CVE-2022-24252
MISC
MISC
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. 2022-03-01 not yet calculated CVE-2022-24255
MISC
MISC
MISC
extensis — portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. 2022-03-01 not yet calculated CVE-2022-24251
MISC
MISC
MISC
f-secure — f-secure
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. 2022-03-01 not yet calculated CVE-2021-44747
MISC
finastra — ssr-pages ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4. 2022-03-01 not yet calculated CVE-2022-24718
MISC
MISC
CONFIRM
finastra — ssr-pages
 
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5. 2022-03-01 not yet calculated CVE-2022-24717
MISC
MISC
MISC
CONFIRM
fluture-js — fluture-node
 
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in [email protected]. 2022-03-01 not yet calculated CVE-2022-24719
MISC
MISC
MISC
CONFIRM
fortinet — fortianalyzer A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. 2022-03-01 not yet calculated CVE-2022-22300
CONFIRM
fortinet — fortiap-c
 
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. 2022-03-02 not yet calculated CVE-2022-22301
CONFIRM
fortinet — fortigate
 
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. 2022-03-01 not yet calculated CVE-2020-15936
CONFIRM
fortinet — fortimail
 
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. 2022-03-01 not yet calculated CVE-2021-32586
CONFIRM
fortinet — fortimail
 
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account’s authentication token by means of the observation of certain system’s properties. 2022-03-01 not yet calculated CVE-2021-36166
CONFIRM
fortinet — fortimanager
 
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. 2022-03-02 not yet calculated CVE-2022-22303
CONFIRM
fortinet — fortiportal
 
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. 2022-03-01 not yet calculated CVE-2021-36171
CONFIRM
fortinet — fortitoken_mobile
 
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user’s password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. 2022-03-02 not yet calculated CVE-2021-44166
CONFIRM
fortinet — fortiwlm
 
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. 2022-03-02 not yet calculated CVE-2021-43070
CONFIRM
fortinet — fortiwlm
 
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. 2022-03-01 not yet calculated CVE-2021-43075
CONFIRM
fortinet — fortiwlm
 
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. 2022-03-01 not yet calculated CVE-2021-43077
CONFIRM
frrouting — frrouting Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. 2022-03-03 not yet calculated CVE-2022-26125
MISC
frrouting — frrouting A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26127
MISC
frrouting — frrouting A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26128
MISC
frrouting — frrouting Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. 2022-03-03 not yet calculated CVE-2022-26126
MISC
frrouting — frrouting
 
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. 2022-03-03 not yet calculated CVE-2022-26129
MISC
fulifilm — docucenter-vi
 
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. 2022-03-03 not yet calculated CVE-2021-43774
MISC
MISC
genixcms — genixcms
 
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options” via the intro_title and intro_image parameters. 2022-03-03 not yet calculated CVE-2022-24563
MISC
MISC
MISC
getgrav — grav
 
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. 2022-02-28 not yet calculated CVE-2022-0743
MISC
CONFIRM
go-ethereum — go-ethereum
 
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node’s memory pool, causing a denial of service (DoS). 2022-03-04 not yet calculated CVE-2022-23327
MISC
MISC
MISC
MISC
go-ethereum — go-ethereum
 
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node’s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). 2022-03-04 not yet calculated CVE-2022-23328
MISC
MISC
MISC
MISC
golang — go
 
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 2022-03-05 not yet calculated CVE-2022-24921
CONFIRM
grand_flagallery — grand_flagallery
 
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2021-24903
MISC
grcp — grcp
 
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. 2022-02-28 not yet calculated CVE-2022-26315
MISC
hakimel — revealjs
 
Cross-site Scripting (XSS) – DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. 2022-03-01 not yet calculated CVE-2022-0776
MISC
CONFIRM
haproxy — haproxy
 
A flaw was found in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. 2022-03-02 not yet calculated CVE-2022-0711
MISC
MISC
MISC
hashicorp — nomad
 
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. 2022-02-28 not yet calculated CVE-2022-24685
MISC
MISC
hazelcast — hazelcast
 
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1. 2022-03-03 not yet calculated CVE-2022-0265
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-04 not yet calculated CVE-2022-0752
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. 2022-03-04 not yet calculated CVE-2022-0838
MISC
CONFIRM
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-03 not yet calculated CVE-2022-0753
MISC
CONFIRM
hicos — hicos
 
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. 2022-03-01 not yet calculated CVE-2020-12775
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. 2022-02-28 not yet calculated CVE-2022-25028
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. 2022-03-02 not yet calculated CVE-2022-25045
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2. 2022-02-28 not yet calculated CVE-2022-25029
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. 2022-03-02 not yet calculated CVE-2022-25115
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. 2022-02-26 not yet calculated CVE-2022-25096
MISC
MISC
MISC
home_owners_collection_management_system — home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-03-02 not yet calculated CVE-2022-25016
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25409
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25408
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. 2022-02-28 not yet calculated CVE-2022-25407
MISC
hoteldruid — hoteldruid
 
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. 2022-03-03 not yet calculated CVE-2022-22909
MISC
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23953
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23958
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23957
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23956
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23955
MISC
hp — hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. 2022-03-02 not yet calculated CVE-2022-23954
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. 2022-03-03 not yet calculated CVE-2021-26259
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. 2022-03-02 not yet calculated CVE-2021-23180
MISC
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. 2022-03-02 not yet calculated CVE-2021-23206
MISC
MISC
MISC
MISC
htmldoc — htmldoc
 
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. 2022-03-03 not yet calculated CVE-2021-26948
MISC
htmldoc — htmldoc
 
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. 2022-03-02 not yet calculated CVE-2021-23191
MISC
MISC
MISC
MISC
htmly — htmly
 
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. 2022-03-01 not yet calculated CVE-2022-25022
MISC
MISC
MISC
MISC
MISC
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. 2022-03-01 not yet calculated CVE-2021-38955
CONFIRM
XF
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. 2022-03-02 not yet calculated CVE-2022-22350
XF
CONFIRM
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076. 2022-03-02 not yet calculated CVE-2021-38996
CONFIRM
XF
ibm — mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942. 2022-03-01 not yet calculated CVE-2021-38986
XF
CONFIRM
ibm — mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. 2022-03-01 not yet calculated CVE-2022-22321
XF
CONFIRM
ice — hrm Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “m” parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link. 2022-02-28 not yet calculated CVE-2022-25014
MISC
ice — hrm A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. 2022-02-28 not yet calculated CVE-2022-25015
MISC
ice — hrm
 
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the “key” and “fm” parameters in the component login.php. 2022-02-28 not yet calculated CVE-2022-25013
MISC
icl — scadaflex_ii_scada_controller
 
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. 2022-02-26 not yet calculated CVE-2022-25359
MISC
MISC
imagemagick_graphicsMagick — imagemagick_graphicsMagick
 
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. 2022-03-01 not yet calculated CVE-2022-24720
MISC
CONFIRM
incapptic — connect
 
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. 2022-03-04 not yet calculated CVE-2022-21828
MISC
jfrog — artifactory
 
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. 2022-03-02 not yet calculated CVE-2021-45074
MISC
MISC
jfrog — artifactory
 
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. 2022-03-02 not yet calculated CVE-2021-46270
MISC
MISC
jquery_cookie — jquery_cookie
 
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). 2022-03-02 not yet calculated CVE-2022-23395
MISC
kde — kcron
 
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. 2022-02-26 not yet calculated CVE-2022-24986
MISC
MISC
kibana — kibana
 
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. 2022-03-03 not yet calculated CVE-2022-23709
MISC
learnpress — learnpress
 
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a “POST” request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site. 2022-02-28 not yet calculated CVE-2022-0377
MISC
MISC
MISC
lg — devices
 
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. 2022-03-04 not yet calculated CVE-2022-23729
MISC
librenms — librenms
 
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.2.2. 2022-02-27 not yet calculated CVE-2022-0772
CONFIRM
MISC
libslic — libslic
 
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. 2022-03-01 not yet calculated CVE-2021-44961
MISC
MISC
MISC
libslic — libslic
 
An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 2022-03-01 not yet calculated CVE-2021-44962
MISC
MISC
MISC
libtpms — libtpms
 
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. 2022-03-02 not yet calculated CVE-2021-3623
MISC
MISC
MISC
MISC
MISC
libvirt — libvirt
 
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. 2022-03-02 not yet calculated CVE-2021-3631
MISC
MISC
MISC
MISC
libvirt — libvirt
 
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. 2022-03-02 not yet calculated CVE-2021-3667
MISC
MISC
MISC
libxml2 — libxml2
 
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. 2022-02-26 not yet calculated CVE-2022-23308
MISC
CONFIRM
liferay — portal
 
Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. 2022-03-03 not yet calculated CVE-2021-38265
MISC
MISC
liferay — portal
 
Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module. 2022-03-03 not yet calculated CVE-2021-38267
MISC
MISC
liferay — portal
 
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. 2022-03-03 not yet calculated CVE-2022-25146
MISC
MISC
MISC
liferay — portal
 
Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module. 2022-03-03 not yet calculated CVE-2021-38263
MISC
MISC
liferay — portal
 
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP. 2022-03-02 not yet calculated CVE-2021-38266
MISC
MISC
liferay — portal
 
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API. 2022-03-02 not yet calculated CVE-2021-38268
MISC
MISC
liferay– portal
 
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the keywords parameter under the Frontend Taglib module. 2022-03-03 not yet calculated CVE-2021-38264
MISC
MISC
liferay– portal
 
Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module. 2022-03-03 not yet calculated CVE-2021-38269
MISC
MISC
linux — linux_kernal
 
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. 2022-03-03 not yet calculated CVE-2022-0492
MISC
MISC
linux — linux_kernel .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. 2022-03-03 not yet calculated CVE-2021-3609
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. 2022-03-04 not yet calculated CVE-2021-3428
MISC
MISC
MISC
linux — linux_kernel
 
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. 2022-03-03 not yet calculated CVE-2021-4002
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. 2022-02-26 not yet calculated CVE-2020-36516
MISC
linux — linux_kernel
 
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. 2022-03-03 not yet calculated CVE-2021-3640
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. 2022-03-04 not yet calculated CVE-2021-3744
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the “Routing decision” classifier in the Linux kernel’s Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2022-03-02 not yet calculated CVE-2021-3715
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-3743
MISC
MISC
MISC
MISC
MISC
MISC
linux — sctp_stack
 
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. 2022-03-02 not yet calculated CVE-2021-3772
MISC
MISC
MISC
MISC
liquibase — liquibase
 
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. 2022-03-04 not yet calculated CVE-2022-0839
MISC
CONFIRM
ljharb — npm-lockfile
 
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. 2022-03-03 not yet calculated CVE-2022-0841
MISC
CONFIRM
logo_showcase_with_slick_slider — logo_showcase_with_slick_slider
 
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. 2022-02-28 not yet calculated CVE-2021-24730
MISC
logo_showcase_with_slick_slider — logo_showcase_with_slick_slider
 
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. 2022-02-28 not yet calculated CVE-2021-24913
MISC
CONFIRM
maps_plugin_using_google_maps — maps_plugin_using_google_maps
 
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin’s settings via a CSRF attack 2022-02-28 not yet calculated CVE-2021-25081
MISC
CONFIRM
maps_plugin_using_google_maps — maps_plugin_using_google_maps
 
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin’s settings. 2022-02-28 not yet calculated CVE-2021-25011
MISC
CONFIRM
mark_text — mark_text
 
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. 2022-03-05 not yet calculated CVE-2022-25069
MISC
MISC
maxsite_cms — maxsite_cms
 
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. 2022-02-28 not yet calculated CVE-2022-25411
MISC
maxsite_cms — maxsite_cms
 
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. 2022-02-28 not yet calculated CVE-2022-25410
MISC
maxsite_cms — maxsite_cms
 
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. 2022-02-28 not yet calculated CVE-2022-25412
MISC
maxsite_cms — maxsite_cms
 
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. 2022-02-28 not yet calculated CVE-2022-25413
MISC
mcms — mcms
 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. 2022-03-03 not yet calculated CVE-2022-23899
MISC
mcms — mcms
 
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${“freemarker.template.utility.Execute”?new()(“calc”)}. MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. 2022-03-04 not yet calculated CVE-2021-46384
MISC
mcms — mcms
 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. 2022-03-03 not yet calculated CVE-2022-23898
MISC
mcms — mcms
 
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. 2022-03-03 not yet calculated CVE-2022-25125
MISC
medical_store_management_system — medical_store_management_system
 
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. 2022-03-02 not yet calculated CVE-2022-25394
MISC
microweber — microweber
 
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. 2022-03-01 not yet calculated CVE-2022-0777
CONFIRM
MISC
microweber — microweber
 
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. 2022-03-04 not yet calculated CVE-2022-0855
MISC
CONFIRM
microweber — microweber
 
Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.2.11. 2022-02-26 not yet calculated CVE-2022-0723
MISC
CONFIRM
microweber — microweber
 
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. 2022-02-26 not yet calculated CVE-2022-0762
MISC
CONFIRM
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3. 2022-02-26 not yet calculated CVE-2022-0763
CONFIRM
MISC
migration,_backup,_staging  — migration,_backup,_staging
 
The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2021-24994
MISC
mikrotik — routeros
 
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. 2022-02-28 not yet calculated CVE-2020-22845
MISC
MISC
mikrotik — routeros
 
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. 2022-02-28 not yet calculated CVE-2020-22844
MISC
MISC
mini-inventory-and-sales-management-system — mini-inventory-and-sales-management-system
 
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. 2022-03-04 not yet calculated CVE-2021-44321
MISC
MISC
modx — revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. 2022-02-26 not yet calculated CVE-2022-26149
MISC
nbdkit — nbdkit
 
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. 2022-03-02 not yet calculated CVE-2021-3716
MISC
MISC
MISC
MISC
MISC
neo4j_graph — neo4j_graph
 
A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files. 2022-03-01 not yet calculated CVE-2021-42767
MISC
MISC
netgear — wac120_ac
 
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. 2022-03-04 not yet calculated CVE-2021-46382
MISC
MISC
obyte_wallet — obyte_wallet
 
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. 2022-02-28 not yet calculated CVE-2022-25642
MISC
MISC
MISC
ohio_supercomputer_center_open — ondemand
 
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. 2022-02-26 not yet calculated CVE-2020-27958
MISC
CONFIRM
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in “/ok_png.c”. 2022-03-03 not yet calculated CVE-2021-44343
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in “/ok_jpg.c:513” . 2022-02-28 not yet calculated CVE-2021-44334
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in “/ok_png.c:533”. 2022-03-03 not yet calculated CVE-2021-44335
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in -fi”/ok_jpg.c:403″. 2022-02-28 not yet calculated CVE-2021-44340
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in “/ok_png.c:712”. 2022-02-28 not yet calculated CVE-2021-44339
MISC
ok-file-fomats — ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in “/ok_png.c:494”. 2022-02-28 not yet calculated CVE-2021-44342
MISC
openemr– openemr
 
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. 2022-03-03 not yet calculated CVE-2022-25471
MISC
MISC
MISC
openjpeg — openjpeg
 
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. 2022-03-04 not yet calculated CVE-2021-3575
MISC
MISC
MISC
openstack-nova — novnc
 
A vulnerability was found in openstack-nova’s console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. 2022-03-02 not yet calculated CVE-2021-3654
MISC
MISC
MISC
MISC
MISC
MISC
MISC
os4ed — opensis
 
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. 2022-03-03 not yet calculated CVE-2021-40635
MISC
os4ed — opensis
 
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. 2022-03-03 not yet calculated CVE-2021-40636
MISC
os4ed — opensis
 
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user’s cookie and take over the working session of user. 2022-03-03 not yet calculated CVE-2021-40637
MISC
part-db — part-db
 
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. 2022-03-04 not yet calculated CVE-2022-0848
CONFIRM
MISC
petereport — petereport
 
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. 2022-03-03 not yet calculated CVE-2022-25220
MISC
MISC
petereport — petereport
 
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an ‘Attack Tree’ by modifying the ‘svg_file’ parameter. 2022-03-03 not yet calculated CVE-2022-23051
MISC
MISC
petereport — petereport
 
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. 2022-03-03 not yet calculated CVE-2022-23052
MISC
MISC
pfsense — pfsense
 
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. 2022-03-01 not yet calculated CVE-2021-41282
MISC
MISC
MISC
MISC
php — php
 
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. 2022-02-27 not yet calculated CVE-2021-21708
CONFIRM
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 not yet calculated CVE-2022-0832
MISC
CONFIRM
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 not yet calculated CVE-2022-0831
CONFIRM
MISC
pluxml — pluxml Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. 2022-03-01 not yet calculated CVE-2022-25018
MISC
MISC
MISC
MISC
pluxml — pluxml
 
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. 2022-03-01 not yet calculated CVE-2022-25020
MISC
MISC
MISC
MISC
post_snippets — post_snippets
 
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2021-25010
MISC
postgres — postgres A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “virt_ext” field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. 2022-03-04 not yet calculated CVE-2021-3656
MISC
MISC
MISC
MISC
postgres — postgres
 
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption. 2022-03-02 not yet calculated CVE-2021-23222
MISC
MISC
MISC
MISC
postgres — postgres
 
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. 2022-03-04 not yet calculated CVE-2021-23214
MISC
MISC
MISC
MISC
postgresql — postgresql
 
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. 2022-03-02 not yet calculated CVE-2021-3677
MISC
MISC
printix — secure_cloud_print_management
 
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE. 2022-03-03 not yet calculated CVE-2022-25089
MISC
MISC
MISC
puppetlabs — firewall
 
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. 2022-03-02 not yet calculated CVE-2022-0675
MISC
python — cpython A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-3737
MISC
MISC
MISC
MISC
MISC
pytorchlightning — pytorch
 
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. 2022-03-05 not yet calculated CVE-2022-0845
CONFIRM
MISC
qemu — qemu
 
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. 2022-03-03 not yet calculated CVE-2021-3638
MISC
MISC
MISC
qt — qt
 
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. 2022-03-02 not yet calculated CVE-2022-25634
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
radareorg — radare2
 
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. 2022-03-05 not yet calculated CVE-2022-0849
MISC
CONFIRM
remote_desktop_commander_suite_agent — remote_desktop_commander_suite_agent
 
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-03-03 not yet calculated CVE-2022-25031
MISC
MISC
rhinode — trading_paints
 
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. 2022-03-04 not yet calculated CVE-2021-40846
MISC
MISC
rog — live_service
 
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. 2022-03-01 not yet calculated CVE-2022-22262
MISC
rtl_433 — rtl_433 An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. 2022-03-02 not yet calculated CVE-2022-25051
MISC
MISC
MISC
rtl_433 — rtl_433
 
rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. 2022-03-02 not yet calculated CVE-2022-25050
MISC
MISC
MISC
rudloff — alltube
 
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. 2022-02-28 not yet calculated CVE-2022-0768
MISC
CONFIRM
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds. 2022-02-28 not yet calculated CVE-2021-41112
CONFIRM
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds. 2022-02-28 not yet calculated CVE-2021-41111
CONFIRM
MISC
samba — samba
 
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called ‘association groups’. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid ‘struct session_info’. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. 2022-03-02 not yet calculated CVE-2021-3738
MISC
MISC
MISC
samba — samba
 
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. 2022-03-02 not yet calculated CVE-2021-23192
MISC
MISC
MISC
sangfor — vdi_client
 
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. 2022-02-26 not yet calculated CVE-2022-22908
MISC
scrapy — scrapy Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. 2022-03-02 not yet calculated CVE-2022-0577
MISC
CONFIRM
seacms — seacms
 
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. 2022-03-02 not yet calculated CVE-2022-23878
MISC
secomea — gatemanager This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. 2022-03-04 not yet calculated CVE-2021-32008
MISC
security_audit — security_audit
 
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2021-24901
MISC
shescape — shescape
 
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, “\\~”)`. 2022-03-03 not yet calculated CVE-2022-24725
MISC
MISC
CONFIRM
simple_bakery_shop_management — simpole_bakery_shop_management
 
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. 2022-03-02 not yet calculated CVE-2022-25393
MISC
simple_membership — simple_membership
 
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack 2022-02-28 not yet calculated CVE-2022-0328
MISC
CONFIRM
simple_mobile_comparison_website — simple_mobile_comparison_website
 
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. 2022-03-02 not yet calculated CVE-2022-26170
MISC
simple_real_estate_portal_system — simple_real_estate_portal_system
 
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. 2022-03-02 not yet calculated CVE-2022-25399
MISC
smmentrypoint — smmentrypoint
 
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. 2022-03-03 not yet calculated CVE-2021-38578
MISC
spectrum — scale
 
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. 2022-03-01 not yet calculated CVE-2020-4925
CONFIRM
XF
statcounter — statcounter
 
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-02-28 not yet calculated CVE-2021-24920
CONFIRM
MISC
stepmania — stepmania
 
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. 2022-03-01 not yet calculated CVE-2022-25010
MISC
stmicroelectronics — stsafej
 
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 not yet calculated CVE-2021-43393
MISC
MISC
stmicroelectronics — stsafej
 
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 not yet calculated CVE-2021-43392
MISC
MISC
storagegrid — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. 2022-03-04 not yet calculated CVE-2022-23233
MISC
storagegrid — storagegrid
 
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). 2022-03-04 not yet calculated CVE-2022-23232
MISC
strapi — strapi
 
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. 2022-02-26 not yet calculated CVE-2022-0764
CONFIRM
MISC
subrion — cms Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. 2022-03-04 not yet calculated CVE-2020-18326
MISC
MISC
MISC
subrion — cms Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. 2022-03-04 not yet calculated CVE-2020-18325
MISC
MISC
MISC
subrion — cms
 
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. 2022-03-04 not yet calculated CVE-2020-18324
MISC
MISC
MISC
support_board — support_board
 
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files 2022-02-28 not yet calculated CVE-2021-24823
MISC
MISC
symentec — management_agent
 
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. 2022-03-04 not yet calculated CVE-2022-25623
MISC
tang — tang
 
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. 2022-03-02 not yet calculated CVE-2021-4076
MISC
MISC
MISC
taocms — taocms
 
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. 2022-03-01 not yet calculated CVE-2022-23380
MISC
taocms — taocms
 
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. 2022-03-01 not yet calculated CVE-2022-23387
MISC
MISC
tenda — tenda_ax3
 
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 not yet calculated CVE-2021-46393
MISC
tenda — tenda_ax3
 
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 not yet calculated CVE-2021-46394
MISC
testimonial — testimonial
 
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection 2022-02-28 not yet calculated CVE-2022-23911
CONFIRM
MISC
testimonial — testimonial
 
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting 2022-02-28 not yet calculated CVE-2022-23912
MISC
CONFIRM
ti_woocommerce_wishlist — ti_woocommerce_wishlist The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks 2022-02-28 not yet calculated CVE-2022-0412
MISC
CONFIRM
tor — browser
 
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn’t properly free memory. 2022-02-26 not yet calculated CVE-2021-46702
MISC
tp-link — archer
 
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. 2022-03-04 not yet calculated CVE-2021-44827
MISC
MISC
MISC
transloadit — transloadit
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1. 2022-03-03 not yet calculated CVE-2022-0528
CONFIRM
MISC
tricentis — qtest
 
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. 2022-02-26 not yet calculated CVE-2022-26146
MISC
MISC
trusted_firmware — mA
 
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. 2022-03-01 not yet calculated CVE-2021-43619
CONFIRM
MISC
MISC
MISC
tsmuxer — tsmuxer
 
An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. 2022-03-02 not yet calculated CVE-2021-45860
MISC
MISC
tsmuxer — tsmuxer
 
There is an Assertion `num <= INT_BIT’ failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. 2022-03-02 not yet calculated CVE-2021-45861
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. 2022-03-02 not yet calculated CVE-2021-45863
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. 2022-03-02 not yet calculated CVE-2021-45864
MISC
MISC
twisted — twisted
 
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer’s SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. 2022-03-03 not yet calculated CVE-2022-21716
MISC
CONFIRM
MISC
MISC
uri.js — uri.js
 
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround. 2022-03-03 not yet calculated CVE-2022-24723
CONFIRM
MISC
MISC
MISC
use_any_font_custom_font_uploader — use_any_font_custom_font_uploader
 
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues 2022-02-28 not yet calculated CVE-2021-24977
MISC
veritas — infoscale_operations_manager
 
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. 2022-03-04 not yet calculated CVE-2022-26484
MISC
veritas — infoscale_operations_manager
 
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). 2022-03-04 not yet calculated CVE-2022-26483
MISC
victor — cms
 
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. 2022-03-04 not yet calculated CVE-2022-26201
MISC
MISC
viewcomponent — viewcomponent
 
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them. 2022-03-02 not yet calculated CVE-2022-24722
MISC
CONFIRM
MISC
MISC
vmware — spring_cloud_gateway In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. 2022-03-03 not yet calculated CVE-2022-22947
MISC
vmware — spring_cloud_gateway
 
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. 2022-03-04 not yet calculated CVE-2022-22946
MISC
vmware — tools_for_windows
 
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. 2022-03-03 not yet calculated CVE-2022-22943
MISC
vmware — workspace_one_boxer
 
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user’s window. 2022-03-02 not yet calculated CVE-2022-22944
MISC
wago — 750-8212_pfc200_g2_2eth_rs
 
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking. 2022-03-04 not yet calculated CVE-2021-46380
MISC
watchguard — firebox
 
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 2022-03-04 not yet calculated CVE-2022-26318
CONFIRM
weblate — weblate
 
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. 2022-03-04 not yet calculated CVE-2022-23915
CONFIRM
CONFIRM
CONFIRM
CONFIRM
weblate — weblate
 
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn’t properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. 2022-03-04 not yet calculated CVE-2022-24727
MISC
CONFIRM
MISC
webmin — webmin
 
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. 2022-03-02 not yet calculated CVE-2022-0829
CONFIRM
MISC
webmin — webmin
 
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. 2022-03-02 not yet calculated CVE-2022-0824
MISC
CONFIRM
whmc_bridge — whmc_bridge
 
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2021-25112
CONFIRM
MISC
wire — wire-avs wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds. 2022-03-01 not yet calculated CVE-2021-41193
CONFIRM
MISC
wordline — hidccemonitorsvc Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-03-03 not yet calculated CVE-2021-45819
MISC
wp_accessibility_helper — wp_accessibility_helper
 
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue 2022-02-28 not yet calculated CVE-2022-0150
MISC
CONFIRM
wp_cloudy — wp_cloudy The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue 2022-02-28 not yet calculated CVE-2021-24864
MISC
CONFIRM
wp_paginate — wp_paginate The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-02-28 not yet calculated CVE-2021-4222
MISC
MISC
wp_responsive_menu — wp_responsive_menu
 
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin’s settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend 2022-02-28 not yet calculated CVE-2021-24971
MISC
wp_review_slider — wp_review_slider The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks 2022-02-28 not yet calculated CVE-2022-0383
CONFIRM
MISC
wp_rss_aggregator — wp_rss_aggregator
 
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting 2022-02-28 not yet calculated CVE-2022-0189
CONFIRM
MISC
wp_user — wp_user
 
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues 2022-02-28 not yet calculated CVE-2021-25034
MISC
wp_visitor_statistics — wp_visitor_statistics
 
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin 2022-02-28 not yet calculated CVE-2021-25042
MISC
wpscan — orange_form_wordpress_plugin
 
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) 2022-02-28 not yet calculated CVE-2021-24688
MISC
wpscan — orange_form_wordpress_plugin
 
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example 2022-02-28 not yet calculated CVE-2021-24704
MISC
ws_form — ws_form
 
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission 2022-02-28 not yet calculated CVE-2022-23988
MISC
ws_form — ws_form
 
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-02-28 not yet calculated CVE-2022-23987
MISC
yoast_seo — yoast_seo
 
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. 2022-02-28 not yet calculated CVE-2021-25118
CONFIRM
MISC
zepl — notebooks Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. 2022-03-03 not yet calculated CVE-2021-42950
MISC
MISC
zoho — manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. 2022-03-02 not yet calculated CVE-2022-23779
MISC
zoho — manageengine_key_manager_plus
 
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. 2022-03-02 not yet calculated CVE-2022-24447
MISC
MISC
zoho — manageengine_key_manager_plus
 
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. 2022-03-01 not yet calculated CVE-2022-24446
MISC
MISC
zoho — manageengine_sharepoint_manager_plus
 
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. 2022-03-02 not yet calculated CVE-2022-24306
MISC
zoho — manageengine_sharepoint_manager_plus
 
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. 2022-03-02 not yet calculated CVE-2022-24305
MISC
zulip — zulip
 
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. 2022-02-26 not yet calculated CVE-2021-3967
CONFIRM
MISC
zulip — zulip_server Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix. 2022-03-02 not yet calculated CVE-2022-23656
CONFIRM
MISC
zyxel — zywall_2_plus_internet_security_appliance
 
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. 2022-03-01 not yet calculated CVE-2021-46387
MISC
MISC
MISC
MISC
zyxel_networks — zyxel
 
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. 2022-03-01 not yet calculated CVE-2021-4039
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.