US-CERT Bulletin (SB22-066):Vulnerability Summary for the Week of February 28, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
jetbrains — teamcity | In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | 2022-02-25 | 7.5 | CVE-2022-24331 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 2022-02-25 | 7.5 | CVE-2022-24340 MISC MISC |
jetbrains — youtrack | JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | 2022-02-25 | 7.5 | CVE-2022-24442 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — airflow | It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. | 2022-02-25 | 4.3 | CVE-2021-45229 MISC |
apache — airflow | In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | 2022-02-25 | 6.5 | CVE-2022-24288 MISC |
apache — jspwiki | Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. | 2022-02-25 | 6.8 | CVE-2022-24947 MISC MLIST |
apache — jspwiki | A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. | 2022-02-25 | 4.3 | CVE-2022-24948 MISC MLIST |
dolibarr — dolibarr | Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | 2022-02-25 | 4 | CVE-2022-0746 CONFIRM MISC |
hashicorp — terraform_enterprise | HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. | 2022-02-25 | 5 | CVE-2022-25374 MISC MISC |
jetbrains — hub | In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | 2022-02-25 | 5 | CVE-2022-24327 MISC MISC |
jetbrains — hub | In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | 2022-02-25 | 4 | CVE-2022-24328 MISC MISC |
jetbrains — hub | JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | 2022-02-25 | 4.3 | CVE-2022-25259 MISC MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. | 2022-02-25 | 4.6 | CVE-2022-24345 MISC MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | 2022-02-25 | 4.6 | CVE-2022-24346 MISC MISC |
jetbrains — kotlin | In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | 2022-02-25 | 5 | CVE-2022-24329 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | 2022-02-25 | 4 | CVE-2022-24337 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. | 2022-02-25 | 4 | CVE-2022-24333 MISC MISC |
jetbrains — teamcity | JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. | 2022-02-25 | 6.8 | CVE-2022-24335 MISC MISC |
jetbrains — teamcity | JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | 2022-02-25 | 4.3 | CVE-2022-24338 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | 2022-02-25 | 6.8 | CVE-2022-24342 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn’t terminate sessions of the edited user. | 2022-02-25 | 5 | CVE-2022-24341 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | 2022-02-25 | 5 | CVE-2022-24336 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. | 2022-02-25 | 5 | CVE-2022-24334 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2, a logout action didn’t remove a Remember Me cookie. | 2022-02-25 | 5 | CVE-2022-24332 MISC MISC |
jetbrains — teamcity | In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | 2022-02-25 | 5.8 | CVE-2022-24330 MISC MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | 2022-02-25 | 4 | CVE-2022-24343 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
eyesofnetwork — eyesofnetwork | An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. | 2022-02-25 | 3.5 | CVE-2022-24612 MISC |
google — fscrypt | fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. | 2022-02-25 | 2.1 | CVE-2022-25326 CONFIRM |
ibm — vios | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. | 2022-02-25 | 2.1 | CVE-2021-38993 XF CONFIRM |
jetbrains — teamcity | JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | 2022-02-25 | 3.5 | CVE-2022-24339 MISC MISC |
jetbrains — youtrack | JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | 2022-02-25 | 3.5 | CVE-2022-24344 MISC MISC |
jetbrains — youtrack | JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | 2022-02-25 | 3.5 | CVE-2022-24347 MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
15zine — 15zine |
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting | 2022-02-28 | not yet calculated | CVE-2020-36510 MISC |
academy_software_foundation — openexr | A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. | 2022-03-04 | not yet calculated | CVE-2021-20303 MISC MISC MISC |
academy_software_foundation — openexr | A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. | 2022-03-04 | not yet calculated | CVE-2021-20302 MISC MISC MISC |
academy_software_foundation — openexr |
A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. | 2022-03-04 | not yet calculated | CVE-2021-20300 MISC MISC MISC |
air_cargo_management_system — air_cargo_management_system |
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | 2022-03-02 | not yet calculated | CVE-2022-26169 MISC |
alfresco — alfresco_community_edition |
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | 2022-03-04 | not yet calculated | CVE-2020-18327 MISC MISC |
algorithmia — msol |
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. | 2022-03-01 | not yet calculated | CVE-2021-42951 MISC MISC |
ametys — cms |
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. | 2022-02-28 | not yet calculated | CVE-2022-26159 MISC MISC MISC |
ansible — ansible_engine | A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | 2022-03-03 | not yet calculated | CVE-2021-3620 MISC MISC MISC |
any23 — any23 |
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. | 2022-03-05 | not yet calculated | CVE-2022-25312 MISC MLIST |
apache — poi |
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. | 2022-03-04 | not yet calculated | CVE-2022-26336 CONFIRM |
archeevo — archeevo |
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. | 2022-03-01 | not yet calculated | CVE-2022-23377 MISC |
argus — surveillance_dvr |
Argus Surveillance DVR v4.0 employs weak password encryption. | 2022-03-01 | not yet calculated | CVE-2022-25012 MISC MISC |
arm — arm |
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function. | 2022-03-03 | not yet calculated | CVE-2022-22706 MISC MISC |
arm — astenc |
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | 2022-02-28 | not yet calculated | CVE-2021-44331 MISC |
arm — astenc |
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in “/Source/astcenc_compress_symbolic.cpp”. | 2022-02-28 | not yet calculated | CVE-2021-43086 MISC |
aruba — aos-cx |
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | 2022-03-02 | not yet calculated | CVE-2021-41000 MISC |
aruba — aos-cx |
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. | 2022-03-02 | not yet calculated | CVE-2021-41001 MISC |
aruba — aos-cx |
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | 2022-03-02 | not yet calculated | CVE-2021-41003 MISC |
aruba — aos-cx |
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | 2022-03-02 | not yet calculated | CVE-2021-41002 MISC |
asgaros_forum — asgaros_forum |
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | 2022-02-28 | not yet calculated | CVE-2022-0411 MISC CONFIRM |
atlassian — jira_server |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. | 2022-02-28 | not yet calculated | CVE-2021-43945 MISC |
audio_file — audio_file |
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. | 2022-02-28 | not yet calculated | CVE-2022-25023 MISC |
auto_spare_parts_management — auto_spare_parts_management |
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | 2022-03-02 | not yet calculated | CVE-2022-25398 MISC |
axelor — open_suite | Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. | 2022-03-03 | not yet calculated | CVE-2022-25138 MISC MISC |
aya — ayacms |
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, | 2022-03-01 | not yet calculated | CVE-2021-44238 MISC |
bank_management_system — bank_management_system |
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. | 2022-03-02 | not yet calculated | CVE-2022-26171 MISC |
basebmpsupportlib — basebmpsupportlib | Heap Overflow in BaseBmpSupportLib. | 2022-03-03 | not yet calculated | CVE-2021-38577 MISC |
batflat– cms |
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. | 2022-03-01 | not yet calculated | CVE-2021-41652 MISC MISC |
big_fix_compliance — big_fix_compliance |
“TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” | 2022-03-04 | not yet calculated | CVE-2021-27756 MISC |
big_fix_insights — big_fix_insights |
“Insecure password storage issue. The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” | 2022-03-04 | not yet calculated | CVE-2021-27757 MISC |
bluez — bluetoothd |
bluetoothd from bluez incorrectly saves adapters’ Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. | 2022-03-02 | not yet calculated | CVE-2021-3658 MISC MISC MISC MISC |
buildah — buildah |
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). | 2022-03-03 | not yet calculated | CVE-2021-3602 MISC MISC MISC MISC |
cacti — cacti |
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | 2022-03-03 | not yet calculated | CVE-2022-0730 MISC |
car_driving_school_management_system — car_driving_school_management_system |
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | 2022-02-28 | not yet calculated | CVE-2022-24572 MISC |
car_driving_school_management_system — car_driving_school_management_system |
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. | 2022-02-28 | not yet calculated | CVE-2022-24571 MISC MISC MISC |
cedar_gate — ez-net |
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. | 2022-03-04 | not yet calculated | CVE-2022-23397 MISC |
cherwell — cherwell service_management | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | 2022-02-28 | not yet calculated | CVE-2022-26155 MISC MISC |
cherwell — cherwell service_management |
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. | 2022-02-28 | not yet calculated | CVE-2022-26157 MISC MISC |
cherwell — cherwell service_management |
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | 2022-02-28 | not yet calculated | CVE-2022-26158 MISC MISC |
cherwell — cherwell service_management |
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker’s server. | 2022-02-28 | not yet calculated | CVE-2022-26156 MISC MISC |
cipi — cipi |
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. | 2022-03-01 | not yet calculated | CVE-2022-26332 MISC MISC |
clair — claircore |
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | 2022-03-03 | not yet calculated | CVE-2021-3762 MISC MISC MISC MISC MISC MISC |
cmark-grm — cmark-gfm |
cmark-gfm is GitHub’s extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm’s table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who’s marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. | 2022-03-03 | not yet calculated | CVE-2022-24724 CONFIRM |
cms_made_simple — cms_made_simple |
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | 2022-02-28 | not yet calculated | CVE-2022-23906 MISC |
cms_made_simple — cms_made_simple |
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | 2022-02-28 | not yet calculated | CVE-2022-23907 MISC |
codeigniter4 — codeigniter4 |
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. | 2022-02-28 | not yet calculated | CVE-2022-24711 MISC CONFIRM |
codeigniter4 — codeigniter4 |
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. | 2022-02-28 | not yet calculated | CVE-2022-24712 MISC CONFIRM |
contact_forms-drag_and_drop_contact_form_builder — contact_forms-drag_and_drop_contact_form_builder |
The Contact Forms – Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack | 2022-02-28 | not yet calculated | CVE-2021-24689 MISC |
contaierd — containerd |
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. | 2022-03-03 | not yet calculated | CVE-2022-23648 CONFIRM MISC MISC MISC MISC |
core_tweaks_wp_setup — core_tweaks_wp_setup |
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks | 2022-02-28 | not yet calculated | CVE-2021-24803 MISC |
coreos-installer — coreos-installer |
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. | 2022-03-04 | not yet calculated | CVE-2021-20319 MISC MISC MISC |
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store |
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. | 2022-03-02 | not yet calculated | CVE-2022-25395 MISC |
cosmetics_and_beauty_product_online_store — cosmetics_and_beauty_product_online_store |
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | 2022-03-02 | not yet calculated | CVE-2022-25396 MISC |
cost _calculator — cost_calculator |
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout | 2022-02-28 | not yet calculated | CVE-2021-24820 MISC |
crazy_bone — crazy_bone |
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting | 2022-02-28 | not yet calculated | CVE-2022-0385 MISC |
customize — customize |
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). | 2022-02-28 | not yet calculated | CVE-2022-0345 MISC |
cyberark — identity |
CyberArk Identity versions up to and including 22.1 in the ‘StartAuthentication’ resource, exposes the response header ‘X-CFY-TX-TM’. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. | 2022-03-03 | not yet calculated | CVE-2022-22700 MISC MISC |
d-link — dap-1620 |
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | 2022-03-04 | not yet calculated | CVE-2021-46381 MISC MISC |
d-link — dir-859 |
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2022-03-04 | not yet calculated | CVE-2022-25106 MISC MISC MISC |
datarobot — datarobot |
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | 2022-02-28 | not yet calculated | CVE-2021-45414 MISC |
dell — emc_enterprise_storage_analytics_for_vrealize_operations |
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 2022-03-04 | not yet calculated | CVE-2021-43590 MISC |
devolutions — password_hub_for_ios |
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. | 2022-03-03 | not yet calculated | CVE-2022-23849 MISC MISC |
dlink — dir-x1860 |
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | 2022-03-04 | not yet calculated | CVE-2021-46353 MISC MISC |
dlink — dir850_et850-1.08trb03 |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | 2022-03-04 | not yet calculated | CVE-2021-46379 MISC MISC |
dlink — dir850_et850-1.08trb03 |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | 2022-03-04 | not yet calculated | CVE-2021-46378 MISC MISC |
dolibarr — dolibarr |
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | 2022-03-02 | not yet calculated | CVE-2022-0819 MISC CONFIRM |
dropbox — lepton |
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. | 2022-02-28 | not yet calculated | CVE-2022-26181 MISC MISC MISC |
dynamic_widgets — dynamic_widgets |
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue | 2022-02-28 | not yet calculated | CVE-2021-24933 MISC |
easy_drag_and_drop_all_import — easy_drag_and_drop_all_import |
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | 2022-02-28 | not yet calculated | CVE-2022-0360 MISC CONFIRM |
editabletable — editabletable |
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-02-28 | not yet calculated | CVE-2021-24898 MISC |
elasticsearch — elasticsearch |
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | 2022-03-03 | not yet calculated | CVE-2022-23710 MISC |
elastisearch — elastisearch |
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | 2022-03-03 | not yet calculated | CVE-2022-23708 MISC |
element-it — http_commander |
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | 2022-03-03 | not yet calculated | CVE-2022-24573 MISC MISC |
espruino — espruino |
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. | 2022-03-05 | not yet calculated | CVE-2022-25044 MISC MISC |
espruno — espruno |
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. | 2022-03-05 | not yet calculated | CVE-2022-25465 MISC |
event_managemnt — event_management | Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. | 2022-03-02 | not yet calculated | CVE-2022-25114 MISC |
excel_streaming_reader — excel_streaming_reader |
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround. | 2022-03-02 | not yet calculated | CVE-2022-23640 CONFIRM MISC |
extensis — portfolio |
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | 2022-03-01 | not yet calculated | CVE-2022-24253 MISC MISC MISC |
extensis — portfolio |
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | 2022-03-01 | not yet calculated | CVE-2022-24254 MISC MISC MISC MISC |
extensis — portfolio |
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | 2022-03-01 | not yet calculated | CVE-2022-24252 MISC MISC MISC |
extensis — portfolio |
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. | 2022-03-01 | not yet calculated | CVE-2022-24255 MISC MISC MISC |
extensis — portfolio |
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | 2022-03-01 | not yet calculated | CVE-2022-24251 MISC MISC MISC |
f-secure — f-secure |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | 2022-03-01 | not yet calculated | CVE-2021-44747 MISC |
finastra — ssr-pages | ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4. | 2022-03-01 | not yet calculated | CVE-2022-24718 MISC MISC CONFIRM |
finastra — ssr-pages |
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5. | 2022-03-01 | not yet calculated | CVE-2022-24717 MISC MISC MISC CONFIRM |
fluture-js — fluture-node |
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in [email protected]. | 2022-03-01 | not yet calculated | CVE-2022-24719 MISC MISC MISC CONFIRM |
fortinet — fortianalyzer | A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. | 2022-03-01 | not yet calculated | CVE-2022-22300 CONFIRM |
fortinet — fortiap-c |
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | 2022-03-02 | not yet calculated | CVE-2022-22301 CONFIRM |
fortinet — fortigate |
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | 2022-03-01 | not yet calculated | CVE-2020-15936 CONFIRM |
fortinet — fortimail |
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. | 2022-03-01 | not yet calculated | CVE-2021-32586 CONFIRM |
fortinet — fortimail |
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account’s authentication token by means of the observation of certain system’s properties. | 2022-03-01 | not yet calculated | CVE-2021-36166 CONFIRM |
fortinet — fortimanager |
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | 2022-03-02 | not yet calculated | CVE-2022-22303 CONFIRM |
fortinet — fortiportal |
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | 2022-03-01 | not yet calculated | CVE-2021-36171 CONFIRM |
fortinet — fortitoken_mobile |
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user’s password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. | 2022-03-02 | not yet calculated | CVE-2021-44166 CONFIRM |
fortinet — fortiwlm |
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 2022-03-02 | not yet calculated | CVE-2021-43070 CONFIRM |
fortinet — fortiwlm |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | 2022-03-01 | not yet calculated | CVE-2021-43075 CONFIRM |
fortinet — fortiwlm |
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. | 2022-03-01 | not yet calculated | CVE-2021-43077 CONFIRM |
frrouting — frrouting | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | 2022-03-03 | not yet calculated | CVE-2022-26125 MISC |
frrouting — frrouting | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | 2022-03-03 | not yet calculated | CVE-2022-26127 MISC |
frrouting — frrouting | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. | 2022-03-03 | not yet calculated | CVE-2022-26128 MISC |
frrouting — frrouting | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | 2022-03-03 | not yet calculated | CVE-2022-26126 MISC |
frrouting — frrouting |
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. | 2022-03-03 | not yet calculated | CVE-2022-26129 MISC |
fulifilm — docucenter-vi |
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. | 2022-03-03 | not yet calculated | CVE-2021-43774 MISC MISC |
genixcms — genixcms |
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options” via the intro_title and intro_image parameters. | 2022-03-03 | not yet calculated | CVE-2022-24563 MISC MISC MISC |
getgrav — grav |
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. | 2022-02-28 | not yet calculated | CVE-2022-0743 MISC CONFIRM |
go-ethereum — go-ethereum |
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node’s memory pool, causing a denial of service (DoS). | 2022-03-04 | not yet calculated | CVE-2022-23327 MISC MISC MISC MISC |
go-ethereum — go-ethereum |
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node’s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). | 2022-03-04 | not yet calculated | CVE-2022-23328 MISC MISC MISC MISC |
golang — go |
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 2022-03-05 | not yet calculated | CVE-2022-24921 CONFIRM |
grand_flagallery — grand_flagallery |
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | 2022-02-28 | not yet calculated | CVE-2021-24903 MISC |
grcp — grcp |
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. | 2022-02-28 | not yet calculated | CVE-2022-26315 MISC |
hakimel — revealjs |
Cross-site Scripting (XSS) – DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. | 2022-03-01 | not yet calculated | CVE-2022-0776 MISC CONFIRM |
haproxy — haproxy |
A flaw was found in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | 2022-03-02 | not yet calculated | CVE-2022-0711 MISC MISC MISC |
hashicorp — nomad |
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. | 2022-02-28 | not yet calculated | CVE-2022-24685 MISC MISC |
hazelcast — hazelcast |
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1. | 2022-03-03 | not yet calculated | CVE-2022-0265 MISC CONFIRM |
hestiacp — hestiacp |
Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 2022-03-04 | not yet calculated | CVE-2022-0752 MISC CONFIRM |
hestiacp — hestiacp |
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | 2022-03-04 | not yet calculated | CVE-2022-0838 MISC CONFIRM |
hestiacp — hestiacp |
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 2022-03-03 | not yet calculated | CVE-2022-0753 MISC CONFIRM |
hicos — hicos |
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. | 2022-03-01 | not yet calculated | CVE-2020-12775 MISC MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | 2022-02-28 | not yet calculated | CVE-2022-25028 MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 2022-03-02 | not yet calculated | CVE-2022-25045 MISC MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2. | 2022-02-28 | not yet calculated | CVE-2022-25029 MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | 2022-03-02 | not yet calculated | CVE-2022-25115 MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | 2022-02-26 | not yet calculated | CVE-2022-25096 MISC MISC MISC |
home_owners_collection_management_system — home_owners_collection_management_system |
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-03-02 | not yet calculated | CVE-2022-25016 MISC |
hospital_management_system — hospital_management_system |
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | 2022-02-28 | not yet calculated | CVE-2022-25409 MISC |
hospital_management_system — hospital_management_system |
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | 2022-02-28 | not yet calculated | CVE-2022-25408 MISC |
hospital_management_system — hospital_management_system |
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | 2022-02-28 | not yet calculated | CVE-2022-25407 MISC |
hoteldruid — hoteldruid |
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | 2022-03-03 | not yet calculated | CVE-2022-22909 MISC MISC |
hp — hp |
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 2022-03-02 | not yet calculated | CVE-2022-23953 MISC |
hp — hp |
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 2022-03-02 | not yet calculated | CVE-2022-23958 MISC |
hp — hp |
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 2022-03-02 | not yet calculated | CVE-2022-23957 MISC |
hp — hp |
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 2022-03-02 | not yet calculated | CVE-2022-23956 MISC |
hp — hp |
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 2022-03-02 | not yet calculated | CVE-2022-23955 MISC |
hp — hp |
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | 2022-03-02 | not yet calculated | CVE-2022-23954 MISC |
htmldoc — htmldoc |
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | 2022-03-03 | not yet calculated | CVE-2021-26259 MISC MISC |
htmldoc — htmldoc |
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. | 2022-03-02 | not yet calculated | CVE-2021-23180 MISC MISC MISC MISC |
htmldoc — htmldoc |
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | 2022-03-02 | not yet calculated | CVE-2021-23206 MISC MISC MISC MISC |
htmldoc — htmldoc |
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. | 2022-03-03 | not yet calculated | CVE-2021-26948 MISC |
htmldoc — htmldoc |
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. | 2022-03-02 | not yet calculated | CVE-2021-23191 MISC MISC MISC MISC |
htmly — htmly |
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | 2022-03-01 | not yet calculated | CVE-2022-25022 MISC MISC MISC MISC MISC |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825. | 2022-03-01 | not yet calculated | CVE-2021-38955 CONFIRM XF |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. | 2022-03-02 | not yet calculated | CVE-2022-22350 XF CONFIRM |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076. | 2022-03-02 | not yet calculated | CVE-2021-38996 CONFIRM XF |
ibm — mq_appliance |
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942. | 2022-03-01 | not yet calculated | CVE-2021-38986 XF CONFIRM |
ibm — mq_appliance |
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. | 2022-03-01 | not yet calculated | CVE-2022-22321 XF CONFIRM |
ice — hrm | Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “m” parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link. | 2022-02-28 | not yet calculated | CVE-2022-25014 MISC |
ice — hrm | A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. | 2022-02-28 | not yet calculated | CVE-2022-25015 MISC |
ice — hrm |
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the “key” and “fm” parameters in the component login.php. | 2022-02-28 | not yet calculated | CVE-2022-25013 MISC |
icl — scadaflex_ii_scada_controller |
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | 2022-02-26 | not yet calculated | CVE-2022-25359 MISC MISC |
imagemagick_graphicsMagick — imagemagick_graphicsMagick |
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. | 2022-03-01 | not yet calculated | CVE-2022-24720 MISC CONFIRM |
incapptic — connect |
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. | 2022-03-04 | not yet calculated | CVE-2022-21828 MISC |
jfrog — artifactory |
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | 2022-03-02 | not yet calculated | CVE-2021-45074 MISC MISC |
jfrog — artifactory |
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | 2022-03-02 | not yet calculated | CVE-2021-46270 MISC MISC |
jquery_cookie — jquery_cookie |
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). | 2022-03-02 | not yet calculated | CVE-2022-23395 MISC |
kde — kcron |
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | 2022-02-26 | not yet calculated | CVE-2022-24986 MISC MISC |
kibana — kibana |
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. | 2022-03-03 | not yet calculated | CVE-2022-23709 MISC |
learnpress — learnpress |
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a “POST” request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site. | 2022-02-28 | not yet calculated | CVE-2022-0377 MISC MISC MISC |
lg — devices |
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | 2022-03-04 | not yet calculated | CVE-2022-23729 MISC |
librenms — librenms |
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.2.2. | 2022-02-27 | not yet calculated | CVE-2022-0772 CONFIRM MISC |
libslic — libslic |
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. | 2022-03-01 | not yet calculated | CVE-2021-44961 MISC MISC MISC |
libslic — libslic |
An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2022-03-01 | not yet calculated | CVE-2021-44962 MISC MISC MISC |
libtpms — libtpms |
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. | 2022-03-02 | not yet calculated | CVE-2021-3623 MISC MISC MISC MISC MISC |
libvirt — libvirt |
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | 2022-03-02 | not yet calculated | CVE-2021-3631 MISC MISC MISC MISC |
libvirt — libvirt |
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | 2022-03-02 | not yet calculated | CVE-2021-3667 MISC MISC MISC |
libxml2 — libxml2 |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 2022-02-26 | not yet calculated | CVE-2022-23308 MISC CONFIRM |
liferay — portal |
Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. | 2022-03-03 | not yet calculated | CVE-2021-38265 MISC MISC |
liferay — portal |
Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module. | 2022-03-03 | not yet calculated | CVE-2021-38267 MISC MISC |
liferay — portal |
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. | 2022-03-03 | not yet calculated | CVE-2022-25146 MISC MISC MISC |
liferay — portal |
Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module. | 2022-03-03 | not yet calculated | CVE-2021-38263 MISC MISC |
liferay — portal |
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP. | 2022-03-02 | not yet calculated | CVE-2021-38266 MISC MISC |
liferay — portal |
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API. | 2022-03-02 | not yet calculated | CVE-2021-38268 MISC MISC |
liferay– portal |
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the keywords parameter under the Frontend Taglib module. | 2022-03-03 | not yet calculated | CVE-2021-38264 MISC MISC |
liferay– portal |
Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module. | 2022-03-03 | not yet calculated | CVE-2021-38269 MISC MISC |
linux — linux_kernal |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | 2022-03-03 | not yet calculated | CVE-2022-0492 MISC MISC |
linux — linux_kernel | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | 2022-03-03 | not yet calculated | CVE-2021-3609 MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. | 2022-03-04 | not yet calculated | CVE-2021-3428 MISC MISC MISC |
linux — linux_kernel |
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | 2022-03-03 | not yet calculated | CVE-2021-4002 MISC MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. | 2022-02-26 | not yet calculated | CVE-2020-36516 MISC |
linux — linux_kernel |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | 2022-03-03 | not yet calculated | CVE-2021-3640 MISC MISC MISC MISC MISC |
linux — linux_kernel |
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | 2022-03-04 | not yet calculated | CVE-2021-3744 MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the “Routing decision” classifier in the Linux kernel’s Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2022-03-02 | not yet calculated | CVE-2021-3715 MISC MISC MISC MISC |
linux — linux_kernel |
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | 2022-03-04 | not yet calculated | CVE-2021-3743 MISC MISC MISC MISC MISC MISC |
linux — sctp_stack |
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | 2022-03-02 | not yet calculated | CVE-2021-3772 MISC MISC MISC MISC |
liquibase — liquibase |
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. | 2022-03-04 | not yet calculated | CVE-2022-0839 MISC CONFIRM |
ljharb — npm-lockfile |
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | 2022-03-03 | not yet calculated | CVE-2022-0841 MISC CONFIRM |
logo_showcase_with_slick_slider — logo_showcase_with_slick_slider |
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. | 2022-02-28 | not yet calculated | CVE-2021-24730 MISC |
logo_showcase_with_slick_slider — logo_showcase_with_slick_slider |
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. | 2022-02-28 | not yet calculated | CVE-2021-24913 MISC CONFIRM |
maps_plugin_using_google_maps — maps_plugin_using_google_maps |
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin’s settings via a CSRF attack | 2022-02-28 | not yet calculated | CVE-2021-25081 MISC CONFIRM |
maps_plugin_using_google_maps — maps_plugin_using_google_maps |
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin’s settings. | 2022-02-28 | not yet calculated | CVE-2021-25011 MISC CONFIRM |
mark_text — mark_text |
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. | 2022-03-05 | not yet calculated | CVE-2022-25069 MISC MISC |
maxsite_cms — maxsite_cms |
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-02-28 | not yet calculated | CVE-2022-25411 MISC |
maxsite_cms — maxsite_cms |
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | 2022-02-28 | not yet calculated | CVE-2022-25410 MISC |
maxsite_cms — maxsite_cms |
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. | 2022-02-28 | not yet calculated | CVE-2022-25412 MISC |
maxsite_cms — maxsite_cms |
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. | 2022-02-28 | not yet calculated | CVE-2022-25413 MISC |
mcms — mcms |
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | 2022-03-03 | not yet calculated | CVE-2022-23899 MISC |
mcms — mcms |
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${“freemarker.template.utility.Execute”?new()(“calc”)}. MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. | 2022-03-04 | not yet calculated | CVE-2021-46384 MISC |
mcms — mcms |
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | 2022-03-03 | not yet calculated | CVE-2022-23898 MISC |
mcms — mcms |
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | 2022-03-03 | not yet calculated | CVE-2022-25125 MISC |
medical_store_management_system — medical_store_management_system |
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | 2022-03-02 | not yet calculated | CVE-2022-25394 MISC |
microweber — microweber |
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | 2022-03-01 | not yet calculated | CVE-2022-0777 CONFIRM MISC |
microweber — microweber |
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. | 2022-03-04 | not yet calculated | CVE-2022-0855 MISC CONFIRM |
microweber — microweber |
Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.2.11. | 2022-02-26 | not yet calculated | CVE-2022-0723 MISC CONFIRM |
microweber — microweber |
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. | 2022-02-26 | not yet calculated | CVE-2022-0762 MISC CONFIRM |
microweber — microweber |
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3. | 2022-02-26 | not yet calculated | CVE-2022-0763 CONFIRM MISC |
migration,_backup,_staging — migration,_backup,_staging |
The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue | 2022-02-28 | not yet calculated | CVE-2021-24994 MISC |
mikrotik — routeros |
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. | 2022-02-28 | not yet calculated | CVE-2020-22845 MISC MISC |
mikrotik — routeros |
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | 2022-02-28 | not yet calculated | CVE-2020-22844 MISC MISC |
mini-inventory-and-sales-management-system — mini-inventory-and-sales-management-system |
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. | 2022-03-04 | not yet calculated | CVE-2021-44321 MISC MISC |
modx — revolution | MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | 2022-02-26 | not yet calculated | CVE-2022-26149 MISC |
nbdkit — nbdkit |
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. | 2022-03-02 | not yet calculated | CVE-2021-3716 MISC MISC MISC MISC MISC |
neo4j_graph — neo4j_graph |
A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files. | 2022-03-01 | not yet calculated | CVE-2021-42767 MISC MISC |
netgear — wac120_ac |
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | 2022-03-04 | not yet calculated | CVE-2021-46382 MISC MISC |
obyte_wallet — obyte_wallet |
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. | 2022-02-28 | not yet calculated | CVE-2022-25642 MISC MISC MISC |
ohio_supercomputer_center_open — ondemand |
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | 2022-02-26 | not yet calculated | CVE-2020-27958 MISC CONFIRM MISC |
ok-file-fomats — ok-file-fomats |
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in “/ok_png.c”. | 2022-03-03 | not yet calculated | CVE-2021-44343 MISC |
ok-file-fomats — ok-file-fomats |
David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in “/ok_jpg.c:513” . | 2022-02-28 | not yet calculated | CVE-2021-44334 MISC |
ok-file-fomats — ok-file-fomats |
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in “/ok_png.c:533”. | 2022-03-03 | not yet calculated | CVE-2021-44335 MISC |
ok-file-fomats — ok-file-fomats |
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in -fi”/ok_jpg.c:403″. | 2022-02-28 | not yet calculated | CVE-2021-44340 MISC |
ok-file-fomats — ok-file-fomats |
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in “/ok_png.c:712”. | 2022-02-28 | not yet calculated | CVE-2021-44339 MISC |
ok-file-fomats — ok-file-fomats |
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in “/ok_png.c:494”. | 2022-02-28 | not yet calculated | CVE-2021-44342 MISC |
openemr– openemr |
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. | 2022-03-03 | not yet calculated | CVE-2022-25471 MISC MISC MISC |
openjpeg — openjpeg |
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. | 2022-03-04 | not yet calculated | CVE-2021-3575 MISC MISC MISC |
openstack-nova — novnc |
A vulnerability was found in openstack-nova’s console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | 2022-03-02 | not yet calculated | CVE-2021-3654 MISC MISC MISC MISC MISC MISC MISC |
os4ed — opensis |
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. | 2022-03-03 | not yet calculated | CVE-2021-40635 MISC |
os4ed — opensis |
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | 2022-03-03 | not yet calculated | CVE-2021-40636 MISC |
os4ed — opensis |
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user’s cookie and take over the working session of user. | 2022-03-03 | not yet calculated | CVE-2021-40637 MISC |
part-db — part-db |
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | 2022-03-04 | not yet calculated | CVE-2022-0848 CONFIRM MISC |
petereport — petereport |
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. | 2022-03-03 | not yet calculated | CVE-2022-25220 MISC MISC |
petereport — petereport |
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an ‘Attack Tree’ by modifying the ‘svg_file’ parameter. | 2022-03-03 | not yet calculated | CVE-2022-23051 MISC MISC |
petereport — petereport |
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. | 2022-03-03 | not yet calculated | CVE-2022-23052 MISC MISC |
pfsense — pfsense |
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. | 2022-03-01 | not yet calculated | CVE-2021-41282 MISC MISC MISC MISC |
php — php |
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. | 2022-02-27 | not yet calculated | CVE-2021-21708 CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | 2022-03-04 | not yet calculated | CVE-2022-0832 MISC CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | 2022-03-04 | not yet calculated | CVE-2022-0831 CONFIRM MISC |
pluxml — pluxml | Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | 2022-03-01 | not yet calculated | CVE-2022-25018 MISC MISC MISC MISC |
pluxml — pluxml |
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | 2022-03-01 | not yet calculated | CVE-2022-25020 MISC MISC MISC MISC |
post_snippets — post_snippets |
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues | 2022-02-28 | not yet calculated | CVE-2021-25010 MISC |
postgres — postgres | A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “virt_ext” field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. | 2022-03-04 | not yet calculated | CVE-2021-3656 MISC MISC MISC MISC |
postgres — postgres |
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption. | 2022-03-02 | not yet calculated | CVE-2021-23222 MISC MISC MISC MISC |
postgres — postgres |
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 2022-03-04 | not yet calculated | CVE-2021-23214 MISC MISC MISC MISC |
postgresql — postgresql |
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | 2022-03-02 | not yet calculated | CVE-2021-3677 MISC MISC |
printix — secure_cloud_print_management |
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE. | 2022-03-03 | not yet calculated | CVE-2022-25089 MISC MISC MISC |
puppetlabs — firewall |
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. | 2022-03-02 | not yet calculated | CVE-2022-0675 MISC |
python — cpython | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | 2022-03-04 | not yet calculated | CVE-2021-3737 MISC MISC MISC MISC MISC |
pytorchlightning — pytorch |
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | 2022-03-05 | not yet calculated | CVE-2022-0845 CONFIRM MISC |
qemu — qemu |
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | 2022-03-03 | not yet calculated | CVE-2021-3638 MISC MISC MISC |
qt — qt |
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. | 2022-03-02 | not yet calculated | CVE-2022-25634 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
radareorg — radare2 |
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. | 2022-03-05 | not yet calculated | CVE-2022-0849 MISC CONFIRM |
remote_desktop_commander_suite_agent — remote_desktop_commander_suite_agent |
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 2022-03-03 | not yet calculated | CVE-2022-25031 MISC MISC |
rhinode — trading_paints |
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. | 2022-03-04 | not yet calculated | CVE-2021-40846 MISC MISC |
rog — live_service |
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | 2022-03-01 | not yet calculated | CVE-2022-22262 MISC |
rtl_433 — rtl_433 | An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. | 2022-03-02 | not yet calculated | CVE-2022-25051 MISC MISC MISC |
rtl_433 — rtl_433 |
rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | 2022-03-02 | not yet calculated | CVE-2022-25050 MISC MISC MISC |
rudloff — alltube |
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | 2022-02-28 | not yet calculated | CVE-2022-0768 MISC CONFIRM |
rundeck — rundeck |
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds. | 2022-02-28 | not yet calculated | CVE-2021-41112 CONFIRM |
rundeck — rundeck |
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds. | 2022-02-28 | not yet calculated | CVE-2021-41111 CONFIRM MISC |
samba — samba |
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called ‘association groups’. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid ‘struct session_info’. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. | 2022-03-02 | not yet calculated | CVE-2021-3738 MISC MISC MISC |
samba — samba |
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. | 2022-03-02 | not yet calculated | CVE-2021-23192 MISC MISC MISC |
sangfor — vdi_client |
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. | 2022-02-26 | not yet calculated | CVE-2022-22908 MISC |
scrapy — scrapy | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | 2022-03-02 | not yet calculated | CVE-2022-0577 MISC CONFIRM |
seacms — seacms |
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. | 2022-03-02 | not yet calculated | CVE-2022-23878 MISC |
secomea — gatemanager | This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. | 2022-03-04 | not yet calculated | CVE-2021-32008 MISC |
security_audit — security_audit |
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-02-28 | not yet calculated | CVE-2021-24901 MISC |
shescape — shescape |
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, “\\~”)`. | 2022-03-03 | not yet calculated | CVE-2022-24725 MISC MISC CONFIRM |
simple_bakery_shop_management — simpole_bakery_shop_management |
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 2022-03-02 | not yet calculated | CVE-2022-25393 MISC |
simple_membership — simple_membership |
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | 2022-02-28 | not yet calculated | CVE-2022-0328 MISC CONFIRM |
simple_mobile_comparison_website — simple_mobile_comparison_website |
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | 2022-03-02 | not yet calculated | CVE-2022-26170 MISC |
simple_real_estate_portal_system — simple_real_estate_portal_system |
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | 2022-03-02 | not yet calculated | CVE-2022-25399 MISC |
smmentrypoint — smmentrypoint |
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | 2022-03-03 | not yet calculated | CVE-2021-38578 MISC |
spectrum — scale |
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599. | 2022-03-01 | not yet calculated | CVE-2020-4925 CONFIRM XF |
statcounter — statcounter |
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-02-28 | not yet calculated | CVE-2021-24920 CONFIRM MISC |
stepmania — stepmania |
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. | 2022-03-01 | not yet calculated | CVE-2022-25010 MISC |
stmicroelectronics — stsafej |
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. | 2022-03-04 | not yet calculated | CVE-2021-43393 MISC MISC |
stmicroelectronics — stsafej |
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. | 2022-03-04 | not yet calculated | CVE-2021-43392 MISC MISC |
storagegrid — storagegrid | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. | 2022-03-04 | not yet calculated | CVE-2022-23233 MISC |
storagegrid — storagegrid |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). | 2022-03-04 | not yet calculated | CVE-2022-23232 MISC |
strapi — strapi |
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | 2022-02-26 | not yet calculated | CVE-2022-0764 CONFIRM MISC |
subrion — cms | Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | 2022-03-04 | not yet calculated | CVE-2020-18326 MISC MISC MISC |
subrion — cms | Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | 2022-03-04 | not yet calculated | CVE-2020-18325 MISC MISC MISC |
subrion — cms |
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | 2022-03-04 | not yet calculated | CVE-2020-18324 MISC MISC MISC |
support_board — support_board |
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files | 2022-02-28 | not yet calculated | CVE-2021-24823 MISC MISC |
symentec — management_agent |
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | 2022-03-04 | not yet calculated | CVE-2022-25623 MISC |
tang — tang |
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | 2022-03-02 | not yet calculated | CVE-2021-4076 MISC MISC MISC |
taocms — taocms |
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | 2022-03-01 | not yet calculated | CVE-2022-23380 MISC |
taocms — taocms |
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. | 2022-03-01 | not yet calculated | CVE-2022-23387 MISC MISC |
tenda — tenda_ax3 |
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. | 2022-03-04 | not yet calculated | CVE-2021-46393 MISC |
tenda — tenda_ax3 |
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. | 2022-03-04 | not yet calculated | CVE-2021-46394 MISC |
testimonial — testimonial |
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection | 2022-02-28 | not yet calculated | CVE-2022-23911 CONFIRM MISC |
testimonial — testimonial |
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting | 2022-02-28 | not yet calculated | CVE-2022-23912 MISC CONFIRM |
ti_woocommerce_wishlist — ti_woocommerce_wishlist | The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks | 2022-02-28 | not yet calculated | CVE-2022-0412 MISC CONFIRM |
tor — browser |
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn’t properly free memory. | 2022-02-26 | not yet calculated | CVE-2021-46702 MISC |
tp-link — archer |
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | 2022-03-04 | not yet calculated | CVE-2021-44827 MISC MISC MISC |
transloadit — transloadit |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1. | 2022-03-03 | not yet calculated | CVE-2022-0528 CONFIRM MISC |
tricentis — qtest |
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. | 2022-02-26 | not yet calculated | CVE-2022-26146 MISC MISC |
trusted_firmware — mA |
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | 2022-03-01 | not yet calculated | CVE-2021-43619 CONFIRM MISC MISC MISC |
tsmuxer — tsmuxer |
An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. | 2022-03-02 | not yet calculated | CVE-2021-45860 MISC MISC |
tsmuxer — tsmuxer |
There is an Assertion `num <= INT_BIT’ failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. | 2022-03-02 | not yet calculated | CVE-2021-45861 MISC MISC |
tsmuxer — tsmuxer |
tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. | 2022-03-02 | not yet calculated | CVE-2021-45863 MISC MISC |
tsmuxer — tsmuxer |
tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. | 2022-03-02 | not yet calculated | CVE-2021-45864 MISC MISC |
twisted — twisted |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer’s SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. | 2022-03-03 | not yet calculated | CVE-2022-21716 MISC CONFIRM MISC MISC |
uri.js — uri.js |
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround. | 2022-03-03 | not yet calculated | CVE-2022-24723 CONFIRM MISC MISC MISC |
use_any_font_custom_font_uploader — use_any_font_custom_font_uploader |
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues | 2022-02-28 | not yet calculated | CVE-2021-24977 MISC |
veritas — infoscale_operations_manager |
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | 2022-03-04 | not yet calculated | CVE-2022-26484 MISC |
veritas — infoscale_operations_manager |
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). | 2022-03-04 | not yet calculated | CVE-2022-26483 MISC |
victor — cms |
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. | 2022-03-04 | not yet calculated | CVE-2022-26201 MISC MISC |
viewcomponent — viewcomponent |
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them. | 2022-03-02 | not yet calculated | CVE-2022-24722 MISC CONFIRM MISC MISC |
vmware — spring_cloud_gateway | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | 2022-03-03 | not yet calculated | CVE-2022-22947 MISC |
vmware — spring_cloud_gateway |
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. | 2022-03-04 | not yet calculated | CVE-2022-22946 MISC |
vmware — tools_for_windows |
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. | 2022-03-03 | not yet calculated | CVE-2022-22943 MISC |
vmware — workspace_one_boxer |
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user’s window. | 2022-03-02 | not yet calculated | CVE-2022-22944 MISC |
wago — 750-8212_pfc200_g2_2eth_rs |
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking. | 2022-03-04 | not yet calculated | CVE-2021-46380 MISC |
watchguard — firebox |
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 2022-03-04 | not yet calculated | CVE-2022-26318 CONFIRM |
weblate — weblate |
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. | 2022-03-04 | not yet calculated | CVE-2022-23915 CONFIRM CONFIRM CONFIRM CONFIRM |
weblate — weblate |
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn’t properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. | 2022-03-04 | not yet calculated | CVE-2022-24727 MISC CONFIRM MISC |
webmin — webmin |
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | 2022-03-02 | not yet calculated | CVE-2022-0829 CONFIRM MISC |
webmin — webmin |
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 2022-03-02 | not yet calculated | CVE-2022-0824 MISC CONFIRM |
whmc_bridge — whmc_bridge |
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-02-28 | not yet calculated | CVE-2021-25112 CONFIRM MISC |
wire — wire-avs | wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds. | 2022-03-01 | not yet calculated | CVE-2021-41193 CONFIRM MISC |
wordline — hidccemonitorsvc | Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 2022-03-03 | not yet calculated | CVE-2021-45819 MISC |
wp_accessibility_helper — wp_accessibility_helper |
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue | 2022-02-28 | not yet calculated | CVE-2022-0150 MISC CONFIRM |
wp_cloudy — wp_cloudy | The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue | 2022-02-28 | not yet calculated | CVE-2021-24864 MISC CONFIRM |
wp_paginate — wp_paginate | The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 2022-02-28 | not yet calculated | CVE-2021-4222 MISC MISC |
wp_responsive_menu — wp_responsive_menu |
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin’s settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend | 2022-02-28 | not yet calculated | CVE-2021-24971 MISC |
wp_review_slider — wp_review_slider | The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks | 2022-02-28 | not yet calculated | CVE-2022-0383 CONFIRM MISC |
wp_rss_aggregator — wp_rss_aggregator |
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 2022-02-28 | not yet calculated | CVE-2022-0189 CONFIRM MISC |
wp_user — wp_user |
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues | 2022-02-28 | not yet calculated | CVE-2021-25034 MISC |
wp_visitor_statistics — wp_visitor_statistics |
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin | 2022-02-28 | not yet calculated | CVE-2021-25042 MISC |
wpscan — orange_form_wordpress_plugin |
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) | 2022-02-28 | not yet calculated | CVE-2021-24688 MISC |
wpscan — orange_form_wordpress_plugin |
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example | 2022-02-28 | not yet calculated | CVE-2021-24704 MISC |
ws_form — ws_form |
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission | 2022-02-28 | not yet calculated | CVE-2022-23988 MISC |
ws_form — ws_form |
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-02-28 | not yet calculated | CVE-2022-23987 MISC |
yoast_seo — yoast_seo |
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. | 2022-02-28 | not yet calculated | CVE-2021-25118 CONFIRM MISC |
zepl — notebooks | Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. | 2022-03-03 | not yet calculated | CVE-2021-42950 MISC MISC |
zoho — manageengine_desktop_central |
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | 2022-03-02 | not yet calculated | CVE-2022-23779 MISC |
zoho — manageengine_key_manager_plus |
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | 2022-03-02 | not yet calculated | CVE-2022-24447 MISC MISC |
zoho — manageengine_key_manager_plus |
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | 2022-03-01 | not yet calculated | CVE-2022-24446 MISC MISC |
zoho — manageengine_sharepoint_manager_plus |
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | 2022-03-02 | not yet calculated | CVE-2022-24306 MISC |
zoho — manageengine_sharepoint_manager_plus |
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | 2022-03-02 | not yet calculated | CVE-2022-24305 MISC |
zulip — zulip |
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | 2022-02-26 | not yet calculated | CVE-2021-3967 CONFIRM MISC |
zulip — zulip_server | Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix. | 2022-03-02 | not yet calculated | CVE-2022-23656 CONFIRM MISC |
zyxel — zywall_2_plus_internet_security_appliance |
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. | 2022-03-01 | not yet calculated | CVE-2021-46387 MISC MISC MISC MISC |
zyxel_networks — zyxel |
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 2022-03-01 | not yet calculated | CVE-2021-4039 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.