US-CERT Bulletin (SB22-017):Vulnerability Summary for the Week of January 10, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
agoric — realms-shim All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. 2022-01-10 7.5 CVE-2021-23543
MISC
MISC
agoric — realms-shim All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. 2022-01-10 7.5 CVE-2021-23594
MISC
MISC
checkpoint — endpoint_security Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. 2022-01-10 7.2 CVE-2021-30360
MISC
MISC
chshcms — cscms cscms v4.1 allows for SQL injection via the “page_del” function. 2022-01-11 7.5 CVE-2020-28103
MISC
chshcms — cscms cscms v4.1 allows for SQL injection via the “js_del” function. 2022-01-11 7.5 CVE-2020-28102
MISC
cisco — unified_contact_center_express A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials. 2022-01-14 8.5 CVE-2022-20658
CISCO
eggjs — extend2 The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. 2022-01-10 7.5 CVE-2021-23568
MISC
MISC
MISC
MISC
fanuc — r-30ia_firmware The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. 2022-01-10 10 CVE-2021-32998
MISC
fanuc — r-30ia_firmware The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. 2022-01-10 7.8 CVE-2021-32996
MISC
google — android In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542 2022-01-14 7.2 CVE-2021-39620
MISC
google — android In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648 2022-01-14 7.2 CVE-2021-39622
MISC
google — android In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-200284993 2022-01-14 7.2 CVE-2021-0959
MISC
google — android In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999 2022-01-14 7.2 CVE-2021-39618
MISC
google — android In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284 2022-01-14 7.2 CVE-2021-1035
MISC
google — android In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348 2022-01-14 10 CVE-2021-39623
MISC
huawei — emui There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. 2022-01-10 7.5 CVE-2021-39993
MISC
huawei — harmonyos There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. 2022-01-10 7.8 CVE-2021-39998
MISC
MISC
huawei — harmonyos The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. 2022-01-10 7.5 CVE-2021-40010
MISC
huawei — harmonyos There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow. 2022-01-10 7.5 CVE-2021-39996
MISC
MISC
laundry_booking_management_system_project — laundry_booking_management_system Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the “image” parameter that can execute a webshell payload. 2022-01-10 7.5 CVE-2021-45003
MISC
libexpat_project — libexpat defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-10 7.5 CVE-2022-22824
MISC
libexpat_project — libexpat build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-10 7.5 CVE-2022-22823
MISC
libexpat_project — libexpat addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-10 7.5 CVE-2022-22822
MISC
microsoft — 365_apps Microsoft Excel Remote Code Execution Vulnerability. 2022-01-11 9.3 CVE-2022-21841
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21855, CVE-2022-21969. 2022-01-11 8.3 CVE-2022-21846
MISC
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21969. 2022-01-11 7.7 CVE-2022-21855
MISC
microsoft — sharepoint_foundation Microsoft SharePoint Server Remote Code Execution Vulnerability. 2022-01-11 9 CVE-2022-21837
MISC
microsoft — windows_10 Active Directory Domain Services Elevation of Privilege Vulnerability. 2022-01-11 9 CVE-2022-21857
MISC
microsoft — windows_10 Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21850. 2022-01-11 9.3 CVE-2022-21851
MISC
microsoft — windows_10 Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21851. 2022-01-11 9.3 CVE-2022-21850
MISC
microsoft — windows_10 Windows IKE Extension Remote Code Execution Vulnerability. 2022-01-11 9.3 CVE-2022-21849
MISC
microsoft — windows_10 Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890. 2022-01-11 7.1 CVE-2022-21848
MISC
microsoft — windows_10 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability. 2022-01-11 7.2 CVE-2022-21834
MISC
microsoft — windows_10 Microsoft Cryptographic Services Elevation of Privilege Vulnerability. 2022-01-11 7.2 CVE-2022-21835
MISC
microsoft — windows_10 Windows Certificate Spoofing Vulnerability. 2022-01-11 7.2 CVE-2022-21836
MISC
microsoft — windows_10 Windows Cleanup Manager Elevation of Privilege Vulnerability. 2022-01-11 7.2 CVE-2022-21838
MISC
MISC
microsoft — windows_10 Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21896, CVE-2022-21902. 2022-01-11 7.2 CVE-2022-21852
MISC
microsoft — windows_10 Windows Bind Filter Driver Elevation of Privilege Vulnerability. 2022-01-11 7.2 CVE-2022-21858
MISC
microsoft — windows_10 Task Flow Data Engine Elevation of Privilege Vulnerability. 2022-01-11 7.2 CVE-2022-21861
MISC
microsoft — windows_10 Virtual Machine IDE Drive Elevation of Privilege Vulnerability. 2022-01-11 7.2 CVE-2022-21833
MISC
online_thesis_archiving_system_project — online_thesis_archiving_system Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection 2022-01-10 7.5 CVE-2021-45334
MISC
MISC
solarwinds — serv-u Serv-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented. 2022-01-10 7.5 CVE-2021-35247
MISC
trendmicro — apex_one A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-01-10 7.2 CVE-2021-45441
MISC
MISC
trendmicro — apex_one A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-01-10 7.2 CVE-2021-45440
MISC
MISC
trendmicro — apex_one A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-01-10 7.2 CVE-2021-45231
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accu-time — maximus_firmware Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash 2022-01-10 5 CVE-2021-45856
MISC
adobe — experience_manager AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser 2022-01-13 4.3 CVE-2021-44178
MISC
adobe — experience_manager AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2022-01-13 4.3 CVE-2021-43765
MISC
adobe — experience_manager AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2022-01-13 4.3 CVE-2021-44177
MISC
adobe — experience_manager AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2022-01-13 4.3 CVE-2021-44176
MISC
adobe — incopy Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-13 6.8 CVE-2021-45055
MISC
adobe — incopy Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-13 6.8 CVE-2021-45056
MISC
adobe — incopy Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-13 6.8 CVE-2021-45053
MISC
adobe — incopy Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-13 4.3 CVE-2021-45054
MISC
adobe — indesign Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file. 2022-01-13 6.8 CVE-2021-45058
MISC
adobe — indesign Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file. 2022-01-13 6.8 CVE-2021-45057
MISC
adobe — indesign Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-13 4.3 CVE-2021-45059
MISC
apache — guacamole Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user’s active use of that same connection. 2022-01-11 4 CVE-2021-41767
CONFIRM
MLIST
apache — guacamole Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. 2022-01-11 6 CVE-2021-43999
CONFIRM
MLIST
atlassian — data_center Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. 2022-01-10 4 CVE-2021-43951
MISC
atlassian — data_center Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. 2022-01-10 4 CVE-2021-43949
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14883. 2022-01-13 4.3 CVE-2021-34910
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14865. 2022-01-13 6.8 CVE-2021-34898
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14862. 2022-01-13 6.8 CVE-2021-34895
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14863. 2022-01-13 6.8 CVE-2021-34896
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15052. 2022-01-13 4.3 CVE-2021-34944
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15051. 2022-01-13 4.3 CVE-2021-34943
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14894. 2022-01-13 4.3 CVE-2021-34916
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14828. 2022-01-13 6.8 CVE-2021-34876
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14695. 2022-01-13 6.8 CVE-2021-34871
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14737. 2022-01-13 6.8 CVE-2021-34872
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14696. 2022-01-13 6.8 CVE-2021-34873
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14736. 2022-01-13 6.8 CVE-2021-34874
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14827. 2022-01-13 6.8 CVE-2021-34875
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14864. 2022-01-13 6.8 CVE-2021-34897
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14830. 2022-01-13 6.8 CVE-2021-34878
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14900. 2022-01-13 6.8 CVE-2021-34922
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14885. 2022-01-13 6.8 CVE-2021-34912
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14892. 2022-01-13 6.8 CVE-2021-34914
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14899. 2022-01-13 6.8 CVE-2021-34921
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14882. 2022-01-13 6.8 CVE-2021-34909
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14867. 2022-01-13 6.8 CVE-2021-34900
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. Crafted data in a BMP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14876. 2022-01-13 6.8 CVE-2021-34903
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14877. 2022-01-13 6.8 CVE-2021-34904
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878. 2022-01-13 6.8 CVE-2021-34905
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14879. 2022-01-13 6.8 CVE-2021-34906
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14880. 2022-01-13 6.8 CVE-2021-34907
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14881. 2022-01-13 6.8 CVE-2021-34908
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14884. 2022-01-13 6.8 CVE-2021-34911
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14898. 2022-01-13 6.8 CVE-2021-34920
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14838. 2022-01-13 6.8 CVE-2021-34885
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14831. 2022-01-13 6.8 CVE-2021-34913
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14866. 2022-01-13 6.8 CVE-2021-34899
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14893. 2022-01-13 6.8 CVE-2021-34915
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14895. 2022-01-13 6.8 CVE-2021-34917
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14896. 2022-01-13 6.8 CVE-2021-34918
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14897. 2022-01-13 6.8 CVE-2021-34919
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14833. 2022-01-13 6.8 CVE-2021-34880
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14832. 2022-01-13 6.8 CVE-2021-34879
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14844. 2022-01-13 6.8 CVE-2021-34891
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15039. 2022-01-13 6.8 CVE-2021-34940
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15040. 2022-01-13 6.8 CVE-2021-34941
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14842. 2022-01-13 4.3 CVE-2021-34889
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14996. 2022-01-13 6.8 CVE-2021-34939
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14905. 2022-01-13 6.8 CVE-2021-34927
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14906. 2022-01-13 6.8 CVE-2021-34928
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14907. 2022-01-13 6.8 CVE-2021-34929
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14845. 2022-01-13 6.8 CVE-2021-34892
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14910. 2022-01-13 6.8 CVE-2021-34932
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15054. 2022-01-13 6.8 CVE-2021-34945
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14911. 2022-01-13 6.8 CVE-2021-34933
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14909. 2022-01-13 6.8 CVE-2021-34931
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14913. 2022-01-13 6.8 CVE-2021-34935
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14914. 2022-01-13 6.8 CVE-2021-34936
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14915. 2022-01-13 6.8 CVE-2021-34937
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14995. 2022-01-13 6.8 CVE-2021-34938
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912. 2022-01-13 6.8 CVE-2021-34934
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15041. 2022-01-13 6.8 CVE-2021-34942
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14908. 2022-01-13 6.8 CVE-2021-34930
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15055. 2022-01-13 6.8 CVE-2021-34946
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835. 2022-01-13 4.3 CVE-2021-34882
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14846. 2022-01-13 6.8 CVE-2021-34893
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14847. 2022-01-13 6.8 CVE-2021-34894
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14829. 2022-01-13 6.8 CVE-2021-34877
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14901. 2022-01-13 6.8 CVE-2021-34923
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14903. 2022-01-13 6.8 CVE-2021-34925
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14904. 2022-01-13 6.8 CVE-2021-34926
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14834. 2022-01-13 4.3 CVE-2021-34881
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14836. 2022-01-13 4.3 CVE-2021-34883
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14875. 2022-01-13 4.3 CVE-2021-34902
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837. 2022-01-13 4.3 CVE-2021-34884
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14839. 2022-01-13 4.3 CVE-2021-34886
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14840. 2022-01-13 4.3 CVE-2021-34887
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14841. 2022-01-13 4.3 CVE-2021-34888
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14902. 2022-01-13 6.8 CVE-2021-34924
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14843. 2022-01-13 4.3 CVE-2021-34890
MISC
MISC
bentley — bentley_view This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14874. 2022-01-13 4.3 CVE-2021-34901
MISC
MISC
daybydaycrm — daybyday In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. 2022-01-13 5.5 CVE-2022-22113
MISC
MISC
dst-admin_project — dst-admin An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information. 2022-01-10 5 CVE-2021-44586
MISC
fastlinemedia — beaver_builder In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. 2022-01-10 5 CVE-2021-42748
MISC
MISC
fastlinemedia — beaver_themer In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set. 2022-01-10 5 CVE-2021-42749
MISC
MISC
framasoft — peertube peertube is vulnerable to Improper Access Control 2022-01-10 5 CVE-2022-0133
CONFIRM
MISC
framasoft — peertube peertube is vulnerable to Server-Side Request Forgery (SSRF) 2022-01-10 5 CVE-2022-0132
MISC
CONFIRM
google — android An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. 2022-01-10 4.6 CVE-2022-22265
MISC
google — android In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347 2022-01-14 6.9 CVE-2021-39625
MISC
google — android An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. 2022-01-10 4.3 CVE-2022-22270
MISC
google — google-protobuf An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. 2022-01-10 4.3 CVE-2021-22569
MISC
MISC
MLIST
MLIST
gpac — gpac A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. 2022-01-10 4.3 CVE-2021-46049
MISC
gpac — gpac A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. 2022-01-13 6.8 CVE-2021-40568
MISC
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566. 2022-01-13 4.3 CVE-2021-40575
MISC
MISC
gpac — gpac A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . 2022-01-10 4.3 CVE-2021-46051
MISC
gpac — gpac A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). 2022-01-10 4.3 CVE-2021-46046
MISC
gpac — gpac A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. 2022-01-10 4.3 CVE-2021-46047
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service. 2022-01-13 4.3 CVE-2021-40572
MISC
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service. 2022-01-13 4.3 CVE-2021-40576
MISC
MISC
gpac — gpac GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). 2022-01-10 4.3 CVE-2021-46045
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. 2022-01-13 4.3 CVE-2021-40573
MISC
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. 2022-01-13 6.8 CVE-2021-40574
MISC
MISC
gpac — gpac The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. 2022-01-13 4.3 CVE-2021-40569
MISC
MISC
gpac — gpac A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. 2022-01-12 4.3 CVE-2021-40566
MISC
MISC
gpac — gpac A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. 2022-01-12 4.3 CVE-2021-40565
MISC
MISC
gpac — gpac A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. 2022-01-12 4.3 CVE-2021-40564
MISC
MISC
gpac — gpac A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. 2022-01-12 4.3 CVE-2021-40563
MISC
MISC
gpac — gpac A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. 2022-01-12 4.3 CVE-2021-40562
MISC
MISC
gpac — gpac A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. 2022-01-12 4.3 CVE-2021-40559
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. 2022-01-13 6.8 CVE-2021-40571
MISC
MISC
gpac — gpac The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. 2022-01-13 6.8 CVE-2021-40570
MISC
MISC
gpac — gpac A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file. 2022-01-12 6.8 CVE-2021-36417
MISC
gpac — gpac Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. 2022-01-13 4.3 CVE-2021-40567
MISC
MISC
htmldoc_project — htmldoc A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. 2022-01-10 6.8 CVE-2021-43579
MISC
MISC
MISC
MISC
huawei — emui There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. 2022-01-10 5 CVE-2021-40031
MISC
huawei — emui There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-10 5 CVE-2021-40020
MISC
huawei — emui There is an Uncontrolled resource consumption vulnerability in the display module in smartphones. Successful exploitation of this vulnerability may affect service integrity. 2022-01-10 6.4 CVE-2021-40011
MISC
huawei — harmonyos The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40032
MISC
huawei — harmonyos The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. 2022-01-10 5.8 CVE-2021-40000
MISC
huawei — harmonyos The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity. 2022-01-10 5 CVE-2021-40028
MISC
huawei — harmonyos The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40027
MISC
huawei — harmonyos There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. 2022-01-10 5 CVE-2021-40026
MISC
MISC
huawei — harmonyos The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40025
MISC
huawei — harmonyos The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40022
MISC
huawei — harmonyos There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. 2022-01-10 5 CVE-2021-40009
MISC
MISC
huawei — harmonyos The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40021
MISC
huawei — harmonyos There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. 2022-01-10 5 CVE-2021-40038
MISC
MISC
huawei — harmonyos There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. 2022-01-10 5 CVE-2021-40029
MISC
MISC
huawei — harmonyos There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. 2022-01-10 5 CVE-2021-40039
MISC
MISC
huawei — harmonyos There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. 2022-01-10 5 CVE-2021-40035
MISC
MISC
huawei — harmonyos HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40003
MISC
huawei — harmonyos The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40005
MISC
huawei — harmonyos The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. 2022-01-10 5 CVE-2021-40001
MISC
huawei — harmonyos There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. 2022-01-10 4.9 CVE-2021-40037
MISC
MISC
huawei — harmonyos The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40014
MISC
huawei — harmonyos The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40004
MISC
huawei — harmonyos The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 5 CVE-2021-40018
MISC
huawei — harmonyos The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. 2022-01-10 5.8 CVE-2021-40002
MISC
ibm — security_verify_access IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. 2022-01-10 5 CVE-2021-38957
CONFIRM
XF
ibm — security_verify_access IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. 2022-01-10 5 CVE-2021-38921
CONFIRM
XF
ibm — security_verify_access IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 2022-01-10 5 CVE-2021-38956
XF
CONFIRM
ibm — security_verify_access IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. 2022-01-10 4 CVE-2021-38894
CONFIRM
XF
ibm — vios IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. 2022-01-10 4.6 CVE-2021-38990
XF
CONFIRM
CONFIRM
kentico — kentico_cms Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. 2022-01-10 4.3 CVE-2021-46163
MISC
kubernetes — kubernetes kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. 2022-01-07 5.8 CVE-2021-25743
CONFIRM
libexpat_project — libexpat lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-10 6.8 CVE-2022-22825
MISC
libexpat_project — libexpat nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-10 6.8 CVE-2022-22826
MISC
libexpat_project — libexpat storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-10 6.8 CVE-2022-22827
MISC
libmeshb_project — libmeshb A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file. 2022-01-12 4.3 CVE-2021-46225
MISC
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search. 2022-01-10 5 CVE-2021-46149
MISC
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. 2022-01-10 6.8 CVE-2021-46147
MISC
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance. 2022-01-10 4 CVE-2021-46148
MISC
MISC
MISC
metagauss — registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue 2022-01-10 6.5 CVE-2021-24862
MISC
microsoft — excel Microsoft Office Remote Code Execution Vulnerability. 2022-01-11 6.8 CVE-2022-21840
MISC
microsoft — sharepoint_enterprise_server Microsoft Word Remote Code Execution Vulnerability. 2022-01-11 6.8 CVE-2022-21842
MISC
microsoft — windows_10 Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890. 2022-01-11 4.3 CVE-2022-21843
MISC
microsoft — windows_10 Windows Push Notifications Apps Elevation Of Privilege Vulnerability. 2022-01-11 6.9 CVE-2022-21867
MISC
microsoft — windows_10 Windows Accounts Control Elevation of Privilege Vulnerability. 2022-01-11 6.9 CVE-2022-21859
MISC
microsoft — windows_10 Windows Hyper-V Denial of Service Vulnerability. 2022-01-11 4.9 CVE-2022-21847
MISC
microsoft — windows_10 Windows Devices Human Interface Elevation of Privilege Vulnerability. 2022-01-11 6.9 CVE-2022-21868
MISC
microsoft — windows_10 Windows StateRepository API Server file Elevation of Privilege Vulnerability. 2022-01-11 6.9 CVE-2022-21863
MISC
microsoft — windows_10 Windows Application Model Core API Elevation of Privilege Vulnerability. 2022-01-11 6.9 CVE-2022-21862
MISC
mitre — caldera An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded “SVG” parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.). 2022-01-12 6.5 CVE-2021-42560
MISC
MISC
philips — engage The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. 2022-01-10 4 CVE-2021-23173
MISC
pluginus — woocommerce_currency_switcher The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue 2022-01-10 4.3 CVE-2021-25043
CONFIRM
MISC
qnap — qts A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later 2022-01-07 4.3 CVE-2021-38674
MISC
qualcomm — apq8009w_firmware Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-01-13 5 CVE-2021-30300
CONFIRM
qualcomm — ar8031_firmware Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-13 4.6 CVE-2021-30285
CONFIRM
qualcomm — ar8035_firmware Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-13 5 CVE-2021-30287
CONFIRM
qualcomm — ar8035_firmware Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT 2022-01-13 5 CVE-2021-30307
CONFIRM
qualcomm — ar8035_firmware Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-13 5 CVE-2021-30301
CONFIRM
rubyonrails — rails A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. 2022-01-10 5.8 CVE-2021-44528
MISC
siemens — comos A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks. 2022-01-11 6.8 CVE-2021-37198
MISC
siemens — comos A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. 2022-01-11 4 CVE-2021-37196
MISC
siemens — comos A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. 2022-01-11 6.5 CVE-2021-37197
MISC
siemens — comos A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. 2022-01-11 4.3 CVE-2021-37195
MISC
sismics — teedy In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term” search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker. 2022-01-10 4.3 CVE-2022-22114
MISC
MISC
snipeitapp — snipe-it snipe-it is vulnerable to Improper Access Control 2022-01-12 4.9 CVE-2022-0179
CONFIRM
MISC
soketi_project — soketi soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it’s highly recommended to upgrade to the latest patch. There are no workarounds for this issue. 2022-01-10 5 CVE-2022-21667
MISC
CONFIRM
MISC
sphinxsearch — sphinx SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. 2022-01-10 5 CVE-2020-29050
MISC
MISC
MLIST
trendmicro — apex_one A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-01-10 6.6 CVE-2021-44024
MISC
MISC
trendmicro — apex_one A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-01-10 6.6 CVE-2021-45442
MISC
MISC
ultimaker — ultimaker_s3_firmware In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page. 2022-01-10 6.8 CVE-2021-34087
MISC
MISC
MISC
ultimaker — ultimaker_s3_firmware In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests. 2022-01-10 6.8 CVE-2021-34086
MISC
MISC
MISC
MISC
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2022-01-10 4.3 CVE-2022-0158
CONFIRM
MISC
FEDORA
MLIST
vim — vim vim is vulnerable to Use After Free 2022-01-10 4.3 CVE-2022-0156
MISC
CONFIRM
FEDORA
MLIST
vmware — spring_framework In Spring Framework versions 5.3.0 – 5.3.13, 5.2.0 – 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. 2022-01-10 4 CVE-2021-22060
MISC
webassembly — binaryen A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. 2022-01-10 4.3 CVE-2021-46050
MISC
webassembly — binaryen A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. 2022-01-10 4.3 CVE-2021-46053
MISC
webassembly — binaryen A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. 2022-01-10 4.3 CVE-2021-46048
MISC
webassembly — binaryen A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. 2022-01-10 4.3 CVE-2021-46052
MISC
webassembly — binaryen A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). 2022-01-10 4.3 CVE-2021-46054
MISC
webassembly — binaryen A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). 2022-01-10 4.3 CVE-2021-46055
MISC
wow-company — button_generator The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. 2022-01-10 5.1 CVE-2021-25052
CONFIRM
MISC
wow-company — modal_window The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. 2022-01-10 5.1 CVE-2021-25051
MISC
CONFIRM
wow-company — wp_coder The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. 2022-01-10 5.1 CVE-2021-25053
CONFIRM
MISC
wow-company — wpcalc The WPcalc WordPress plugin through 2.1 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. 2022-01-10 6.5 CVE-2021-25054
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. 2022-01-10 6.5 CVE-2021-46164
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file’s path might not be properly defined. 2022-01-10 4.6 CVE-2021-46165
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. 2022-01-10 4 CVE-2021-46166
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — experience_manager AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2022-01-13 3.5 CVE-2021-43764
MISC
fit2cloud — halo In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server. 2022-01-13 3.5 CVE-2022-22123
MISC
MISC
MISC
fit2cloud — halo In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser. 2022-01-13 3.5 CVE-2022-22124
MISC
MISC
MISC
google — android Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. 2022-01-10 2.1 CVE-2022-22263
MISC
google — android Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. 2022-01-10 3.6 CVE-2022-22264
MISC
google — android In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 2022-01-14 2.1 CVE-2021-39628
MISC
google — android Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. 2022-01-10 3.6 CVE-2022-22268
MISC
google — android (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. 2022-01-10 2.1 CVE-2022-22266
MISC
google — android Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. 2022-01-10 2.1 CVE-2022-22267
MISC
google — android Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. 2022-01-10 2.1 CVE-2022-22269
MISC
google — android A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. 2022-01-10 2.1 CVE-2022-22271
MISC
google — android Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission 2022-01-10 2.1 CVE-2022-22272
MISC
huawei — harmonyos The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality. 2022-01-10 2.1 CVE-2021-40006
MISC
huawei — ws318n-21_firmware There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6. 2022-01-10 1.9 CVE-2021-40041
MISC
ibm — security_verify_access IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. 2022-01-10 3.5 CVE-2021-38895
XF
CONFIRM
ivanti — workspace_control A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. 2022-01-10 2.1 CVE-2022-21823
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. 2022-01-10 3.5 CVE-2021-46150
MISC
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. 2022-01-10 3.5 CVE-2021-46146
MISC
MISC
microsoft — windows_10 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability. 2022-01-11 2.1 CVE-2022-21839
MISC
phoronix-media — phoronix_test_suite phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2022-01-10 3.5 CVE-2022-0157
CONFIRM
MISC
rangerstudio — directus In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered. 2022-01-10 3.5 CVE-2022-22117
MISC
MISC
rangerstudio — directus In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL. 2022-01-10 3.5 CVE-2022-22116
MISC
MISC
sismics — teedy In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation. 2022-01-10 3.5 CVE-2022-22115
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web_social_photo_feed — 10web_social_photo_feed
 
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users 2022-01-10 not yet calculated CVE-2021-25047
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44704
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44712
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44713
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click ‘allow’ on the warning message of a malicious file. 2022-01-14 not yet calculated CVE-2021-44714
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44709
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44715
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44707
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44708
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44710
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44706
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45063
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44703
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44740
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44701
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44742
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45060
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45061
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45062
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44741
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45064
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45067
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45068
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44705
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44711
MISC
adobe — acrobat_reader_dc_activex_control
 
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. 2022-01-14 not yet calculated CVE-2021-44739
MISC
adobe — acrobat_reader_dc_activex_control
 
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. 2022-01-14 not yet calculated CVE-2021-44702
MISC
adobe — adobe_experience_manager
 
AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability. 2022-01-13 not yet calculated CVE-2021-43762
MISC
adobe — adobe_experience_manager
 
AEM’s Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2022-01-13 not yet calculated CVE-2021-43761
MISC
adobe — bridge
 
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44743
MISC
adobe — bridge
 
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-45051
MISC
adobe — bridge
 
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. 2022-01-14 not yet calculated CVE-2021-45052
MISC
adobe — experience_manager
 
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. 2022-01-13 not yet calculated CVE-2021-40722
MISC
adobe — illustrator
 
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-43752
MISC
adobe — illustrator
 
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-01-14 not yet calculated CVE-2021-44700
MISC
apache — dubbo
 
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5. 2022-01-10 not yet calculated CVE-2021-43297
MISC
arista — eos
 
An issue has recently been discovered in Arista EOS where the incorrect use of EOS’s AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. 2022-01-14 not yet calculated CVE-2021-28500
MISC
arista — eos
 
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. 2022-01-14 not yet calculated CVE-2021-28507
MISC
arista — eos
 
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. 2022-01-14 not yet calculated CVE-2021-28506
MISC
arista — eos
 
An issue has recently been discovered in Arista EOS where the incorrect use of EOS’s AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. 2022-01-14 not yet calculated CVE-2021-28501
MISC
arm — mali_gpu_kernel_driver
 
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes. 2022-01-14 not yet calculated CVE-2021-44828
MISC
asus — rt-ax56u
 
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. 2022-01-14 not yet calculated CVE-2022-22054
MISC
authzed — spicedb
 
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as “accessible” if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup’s dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don’t make use of wildcards on the right side of intersections or within exclusions. 2022-01-11 not yet calculated CVE-2022-21646
MISC
MISC
CONFIRM
MISC
bentley — contextcapture
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14785. 2022-01-13 not yet calculated CVE-2021-34985
MISC
MISC
bentley — contextcapture
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14784. 2022-01-13 not yet calculated CVE-2021-34984
MISC
MISC
bytecode_viewer — bytecode_viewer
 
Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA “Zip Slip”). The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The Zip Slip vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. The impact of a Zip Slip vulnerability would allow an attacker to create or overwrite existing files on the filesystem. In the context of a web application, a web shell could be placed within the application directory to achieve code execution. All users should upgrade to BCV v2.11.0 when possible to receive a patch. There are no recommended workarounds aside from upgrading. 2022-01-12 not yet calculated CVE-2022-21675
MISC
CONFIRM
MISC
MISC
checkmk — checkmk
 
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. 2022-01-15 not yet calculated CVE-2020-28919
MISC
MISC
MISC
MISC
china_mobile — an_lianbao_wf-1_router
 
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. 2022-01-14 not yet calculated CVE-2021-33962
MISC
MISC
MISC
MISC
china_mobile — an_lianbao_wf-1_router
 
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. 2022-01-15 not yet calculated CVE-2021-33963
MISC
MISC
MISC
MISC
chronoforms — chronoforms
 
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. 2022-01-12 not yet calculated CVE-2021-28376
MISC
chronoforums — chronoforums
 
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. 2022-01-12 not yet calculated CVE-2021-28377
MISC
cisco — ip_phone_models
 
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks. 2022-01-14 not yet calculated CVE-2022-20660
CISCO
FULLDISC
cisco — multiple_products
 
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-01-11 not yet calculated CVE-2021-1573
CISCO
cisco — multiple_products
 
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-01-11 not yet calculated CVE-2021-34704
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20643
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20636
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20635
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20646
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20645
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20647
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20642
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20644
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20640
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20639
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20637
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20641
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-01-14 not yet calculated CVE-2022-20638
CISCO
clam_antivirus_software — vlam_antivirus_software
 
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. 2022-01-14 not yet calculated CVE-2022-20698
CISCO
colors.js — colors.js
 
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers’ controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0 2022-01-14 not yet calculated CVE-2021-23567
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
commvault — commcell
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706. 2022-01-13 not yet calculated CVE-2021-34993
MISC
commvault — commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. The issue results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. Was ZDI-CAN-13755. 2022-01-13 not yet calculated CVE-2021-34994
MISC
commvault — commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756. 2022-01-13 not yet calculated CVE-2021-34995
MISC
commvault — commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Demo_ExecuteProcessOnGroup workflow. By creating a workflow, an attacker can specify an arbitrary command to be executed. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-13889. 2022-01-13 not yet calculated CVE-2021-34996
MISC
commvault — commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894. 2022-01-13 not yet calculated CVE-2021-34997
MISC
coreftp — server
 
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. 2022-01-10 not yet calculated CVE-2022-22836
MISC
MISC
corenlp — corenlp
 
corenlp is vulnerable to Improper Restriction of XML External Entity Reference 2022-01-13 not yet calculated CVE-2022-0198
MISC
CONFIRM
cortex_xdr — cortex_xdr
 
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9. 2022-01-12 not yet calculated CVE-2022-0015
MISC
cortex_xdr — cortex_xdr
 
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. 2022-01-12 not yet calculated CVE-2022-0013
MISC
cortex_xdr — cortex_xdr
 
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. 2022-01-12 not yet calculated CVE-2022-0014
MISC
cortex_xdr — cortex_xdr
 
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. 2022-01-12 not yet calculated CVE-2022-0012
MISC
crater — crater
 
crater is vulnerable to Unrestricted Upload of File with Dangerous Type 2022-01-12 not yet calculated CVE-2021-4080
CONFIRM
MISC
crestron — multiple_devices
 
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. 2022-01-15 not yet calculated CVE-2022-23178
MISC
crow — crow
 
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. 2022-01-13 not yet calculated CVE-2021-23514
CONFIRM
CONFIRM
CONFIRM
crow — crow
 
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability. 2022-01-13 not yet calculated CVE-2021-23824
MISC
MISC
MISC
cyberark — endpoint_privilege_manager
 
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user’s Temp directory. 2022-01-15 not yet calculated CVE-2021-44049
CONFIRM
MISC
MISC
MISC
dahua — multiple_products
 
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords. 2022-01-13 not yet calculated CVE-2021-33046
MISC
CONFIRM
CONFIRM
daybyday — crm
 
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser. 2022-01-13 not yet calculated CVE-2022-22112
MISC
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. 2022-01-13 not yet calculated CVE-2022-21684
MISC
CONFIRM
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users’ pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse. 2022-01-13 not yet calculated CVE-2022-21678
MISC
CONFIRM
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group’s members visibility set to public as well. However, a group’s visibility and the group’s members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group’s visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading. 2022-01-14 not yet calculated CVE-2022-21677
MISC
CONFIRM
django — django_cms
 
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user. 2022-01-12 not yet calculated CVE-2021-44649
MISC
MISC
dnslib — dnslib
 
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. 2022-01-10 not yet calculated CVE-2022-22846
MISC
docker — docker_desktop
 
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user’s machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. 2022-01-12 not yet calculated CVE-2021-45449
MISC
dolibarr — dolibarr
 
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command 2022-01-14 not yet calculated CVE-2022-0224
MISC
CONFIRM
dolibarr — dolibarr
 
dolibarr is vulnerable to Business Logic Errors 2022-01-10 not yet calculated CVE-2022-0174
MISC
CONFIRM
download_monitor — download_monitor
 
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). 2022-01-14 not yet calculated CVE-2021-36920
CONFIRM
CONFIRM
edgerover — desktop
 
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. 2022-01-13 not yet calculated CVE-2022-22988
MISC
element-it — http_commander
 
A cross-site scripting (XSS) vulnerability in the “Zip content” feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. 2022-01-13 not yet calculated CVE-2021-40813
MISC
MISC
elementor-pro — elementor-pro
 
The Plus Addons for Elementor – Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts 2022-01-10 not yet calculated CVE-2021-24948
MISC
MISC
elementor-pro — elementor-pro
 
The “WP Search Filters” widget of The Plus Addons for Elementor – Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection 2022-01-10 not yet calculated CVE-2021-24949
MISC
MISC
eyoucms — eyoucms
 
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. 2022-01-14 not yet calculated CVE-2021-46255
MISC
fig2dev — fig2dev
 
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. 2022-01-12 not yet calculated CVE-2021-37530
MISC
fig2dev — fig2dev
 
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). 2022-01-12 not yet calculated CVE-2021-37529
MISC
flatpak — flatpak
 
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata. 2022-01-12 not yet calculated CVE-2021-43860
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
FEDORA
flatpak — flatpak
 
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `–mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build –nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `–nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `–nofilesystem=home` and `–nofilesystem=host`. 2022-01-13 not yet calculated CVE-2022-21682
CONFIRM
MISC
MISC
FEDORA
follow-redirects — follow-redirects
 
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 2022-01-10 not yet calculated CVE-2022-0155
CONFIRM
MISC
formpipe — lasernet
 
Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). 2022-01-10 not yet calculated CVE-2022-22847
CONFIRM
gcc — gcc
 
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. 2022-01-14 not yet calculated CVE-2021-46195
MISC
gnome — gnome
 
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. 2022-01-12 not yet calculated CVE-2021-44648
MISC
MISC
gnu — recutils
 
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. 2022-01-14 not yet calculated CVE-2021-46021
MISC
gnu — recutils
 
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. 2022-01-14 not yet calculated CVE-2021-46022
MISC
gnu — recutils
 
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. 2022-01-14 not yet calculated CVE-2021-46019
MISC
gnu_c_library — gnu_c_library
 
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. 2022-01-14 not yet calculated CVE-2022-23218
MISC
gnu_c_library — gnu_c_library
 
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. 2022-01-14 not yet calculated CVE-2022-23219
MISC
google — android
 
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709 2022-01-14 not yet calculated CVE-2021-39632
MISC
google — android
 
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659 2022-01-14 not yet calculated CVE-2021-39659
MISC
google — android
 
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A 2022-01-14 not yet calculated CVE-2021-39682
MISC
google — android
 
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A 2022-01-14 not yet calculated CVE-2021-39683
MISC
google — android
 
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A 2022-01-14 not yet calculated CVE-2021-39684
MISC
google — android
 
In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A 2022-01-14 not yet calculated CVE-2021-39678
MISC
google — android
 
In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A 2022-01-14 not yet calculated CVE-2021-39679
MISC
google — android
 
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497 2022-01-14 not yet calculated CVE-2021-39626
MISC
google — android
 
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel 2022-01-14 not yet calculated CVE-2021-39633
MISC
google — android
 
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A 2022-01-14 not yet calculated CVE-2021-39681
MISC
google — android
 
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292 2022-01-14 not yet calculated CVE-2021-39630
MISC
google — android
 
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344 2022-01-14 not yet calculated CVE-2021-39629
MISC
google — android
 
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549 2022-01-14 not yet calculated CVE-2021-39627
MISC
google — android
 
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319 2022-01-14 not yet calculated CVE-2021-39621
MISC
google — android
 
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722 2022-01-14 not yet calculated CVE-2021-1049
MISC
google — android
 
The broadcast that DevicePickerFragment sends when a new device is paired doesn’t have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 2022-01-14 not yet calculated CVE-2021-1037
MISC
google — android
 
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182812255 2022-01-14 not yet calculated CVE-2021-1036
MISC
google — android
 
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel 2022-01-14 not yet calculated CVE-2021-39634
MISC
google — android
 
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A 2022-01-14 not yet calculated CVE-2021-39680
MISC
gpac — gpac
 
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-01-14 not yet calculated CVE-2021-45760
MISC
gpac — gpac
 
GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS). 2022-01-14 not yet calculated CVE-2021-45767
MISC
gpac — gpac
 
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2022-01-10 not yet calculated CVE-2021-36414
MISC
gpac — gpac
 
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command, 2022-01-10 not yet calculated CVE-2021-36412
MISC
gpac — gpac
 
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-01-14 not yet calculated CVE-2021-45762
MISC
gpac — gpac
 
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). 2022-01-14 not yet calculated CVE-2021-45763
MISC
gpac — gpac
 
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). 2022-01-14 not yet calculated CVE-2021-45764
MISC
h2database — h2databse
 
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. 2022-01-10 not yet calculated CVE-2021-42392
MISC
MISC
halo — halo
 
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server. 2022-01-13 not yet calculated CVE-2022-22125
MISC
MISC
MISC
hermes — hermes
 
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0. 2022-01-15 not yet calculated CVE-2021-24044
CONFIRM
hp — designjet_products
 
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. 2022-01-14 not yet calculated CVE-2021-3965
MISC
ibm — aix_and_vios
 
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953. 2022-01-11 not yet calculated CVE-2021-38991
XF
CONFIRM
ibm — extended_dynamic_remote_sql_server
 
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. 2022-01-13 not yet calculated CVE-2021-39056
XF
CONFIRM
ibm — multiple_products
 
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authenticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. 2022-01-11 not yet calculated CVE-2021-29701
CONFIRM
XF
ibm — planning analytics_and_planning_analytics_workspace
 
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511. 2022-01-12 not yet calculated CVE-2021-38892
XF
CONFIRM
ibm — sterling_gentran:server_for_windows
 
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. 2022-01-14 not yet calculated CVE-2021-39032
XF
CONFIRM
imperva — web_application_firewall
 
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use “Content-Encoding: gzip” to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. 2022-01-14 not yet calculated CVE-2021-45468
MISC
jenkins — jenkins Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. 2022-01-12 not yet calculated CVE-2022-23110
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job’s SCM repository. 2022-01-12 not yet calculated CVE-2022-20617
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-01-12 not yet calculated CVE-2022-20621
CONFIRM
MLIST
jenkins — jenkins
 
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. 2022-01-12 not yet calculated CVE-2022-20620
CONFIRM
MLIST
jenkins — jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-01-12 not yet calculated CVE-2022-20619
CONFIRM
MLIST
jenkins — jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. 2022-01-12 not yet calculated CVE-2022-20612
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. 2022-01-12 not yet calculated CVE-2022-23105
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. 2022-01-12 not yet calculated CVE-2022-23106
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. 2022-01-12 not yet calculated CVE-2022-23107
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-01-12 not yet calculated CVE-2022-23108
CONFIRM
MLIST
jenkins — jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. 2022-01-12 not yet calculated CVE-2022-23111
CONFIRM
MLIST
jenkins — jenkins
 
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. 2022-01-12 not yet calculated CVE-2022-23112
CONFIRM
MLIST
jenkins — jenkins
 
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. 2022-01-12 not yet calculated CVE-2022-20618
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. 2022-01-12 not yet calculated CVE-2022-23113
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. 2022-01-12 not yet calculated CVE-2022-23109
CONFIRM
MLIST
jenkins — jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. 2022-01-12 not yet calculated CVE-2022-20613
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. 2022-01-12 not yet calculated CVE-2022-20616
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. 2022-01-12 not yet calculated CVE-2022-23118
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. 2022-01-12 not yet calculated CVE-2022-23117
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-01-12 not yet calculated CVE-2022-23114
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. 2022-01-12 not yet calculated CVE-2022-23116
CONFIRM
MLIST
jenkins — jenkins
 
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. 2022-01-12 not yet calculated CVE-2022-20615
CONFIRM
MLIST
jenkins — jenkins
 
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. 2022-01-12 not yet calculated CVE-2022-20614
CONFIRM
MLIST
jenkins — jenkins
 
Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. 2022-01-12 not yet calculated CVE-2022-23115
CONFIRM
MLIST
jerryscript — jerryscript
 
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file. 2022-01-14 not yet calculated CVE-2021-46170
MISC
jpress — jpress
 
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. 2022-01-13 not yet calculated CVE-2021-45806
MISC
MISC
MISC
jpress — jpress
 
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. 2022-01-13 not yet calculated CVE-2021-45807
MISC
MISC
MISC
keystonejs — keystone
 
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2022-01-12 not yet calculated CVE-2022-0087
CONFIRM
MISC
le-yan — dental_management_system
 
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service. 2022-01-14 not yet calculated CVE-2022-22056
MISC
le-yan — dental_management_system
 
The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service. 2022-01-14 not yet calculated CVE-2022-22055
MISC
lens — lens
 
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user’s shell. Arguments can be provided which cause arbitrary shell commands to run on the system. 2022-01-10 not yet calculated CVE-2021-23154
MISC
lens — lens
 
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim’s browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user. 2022-01-10 not yet calculated CVE-2021-44458
MISC
libreswan — libreswan
 
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. 2022-01-15 not yet calculated CVE-2022-23094
MISC
MISC
DEBIAN
libtiff — libtiff
 
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. 2022-01-10 not yet calculated CVE-2022-22844
MISC
MISC
linux — kernel
 
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. 2022-01-14 not yet calculated CVE-2022-23222
MISC
MLIST
linux — linux_kernel
 
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. 2022-01-11 not yet calculated CVE-2021-46283
MISC
MISC
MISC
livehelperchat — livehelperchat
 
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2022-01-14 not yet calculated CVE-2022-0226
CONFIRM
MISC
livehelperchat — livehelperchat
 
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2022-01-14 not yet calculated CVE-2022-0231
MISC
CONFIRM
lorensberg — connect
 
** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator. 2022-01-12 not yet calculated CVE-2021-43960
MISC
MISC
lua — lua
 
Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. 2022-01-11 not yet calculated CVE-2021-44647
MISC
MISC
make-ca — make-ca
 
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor. 2022-01-10 not yet calculated CVE-2022-21672
CONFIRM
MISC
MISC
MISC
markdown-it — markdown-it
 
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading. 2022-01-10 not yet calculated CVE-2022-21670
MISC
CONFIRM
markedjs — marked
 
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. 2022-01-14 not yet calculated CVE-2022-21680
CONFIRM
MISC
MISC
markedjs — marked
 
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. 2022-01-14 not yet calculated CVE-2022-21681
CONFIRM
MISC
martdevelopers_inc — iresturant
 
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. 2022-01-12 not yet calculated CVE-2021-43436
MISC
MISC
mattermost — focalboard
 
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account. 2022-01-13 not yet calculated CVE-2022-22122
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mcafee — techcheck
 
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from. 2022-01-11 not yet calculated CVE-2022-0129
CONFIRM
micro_focus — arcsight_enterprise_security_manager
 
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). 2022-01-14 not yet calculated CVE-2021-38126
MISC
micro_focus — arcsight_enterprise_security_manager
 
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). 2022-01-14 not yet calculated CVE-2021-38127
MISC
microsoft — .net_framework
 
.NET Framework Denial of Service Vulnerability. 2022-01-11 not yet calculated CVE-2022-21911
MISC
microsoft — dynamics_365_customer_engagement
 
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. 2022-01-11 not yet calculated CVE-2022-21932
MISC
microsoft — dynamics_365_sales
 
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. 2022-01-11 not yet calculated CVE-2022-21891
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931. 2022-01-11 not yet calculated CVE-2022-21929
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970. 2022-01-11 not yet calculated CVE-2022-21954
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21931. 2022-01-11 not yet calculated CVE-2022-21930
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21930. 2022-01-11 not yet calculated CVE-2022-21931
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954. 2022-01-11 not yet calculated CVE-2022-21970
MISC
microsoft — exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855. 2022-01-11 not yet calculated CVE-2022-21969
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21917
MISC
microsoft — windows Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21889, CVE-2022-21890. 2022-01-11 not yet calculated CVE-2022-21883
MISC
microsoft — windows
 
Windows GDI Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21903
MISC
microsoft — windows
 
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21912. 2022-01-11 not yet calculated CVE-2022-21898
MISC
microsoft — windows
 
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880. 2022-01-11 not yet calculated CVE-2022-21915
MISC
microsoft — windows
 
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability. 2022-01-11 not yet calculated CVE-2022-21899
MISC
MISC
microsoft — windows
 
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905. 2022-01-11 not yet calculated CVE-2022-21900
MISC
microsoft — windows
 
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21896. 2022-01-11 not yet calculated CVE-2022-21902
MISC
microsoft — windows
 
Windows Modern Execution Server Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21888
MISC
microsoft — windows
 
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21885. 2022-01-11 not yet calculated CVE-2022-21914
MISC
microsoft — windows
 
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass. 2022-01-11 not yet calculated CVE-2022-21913
MISC
microsoft — windows
 
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21898. 2022-01-11 not yet calculated CVE-2022-21912
MISC
microsoft — windows
 
Windows Geolocation Service Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21878
MISC
microsoft — windows
 
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21910
MISC
microsoft — windows
 
Windows Installer Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21908
MISC
microsoft — windows
 
HTTP Protocol Stack Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21907
MISC
MISC
MISC
microsoft — windows
 
Windows GDI Information Disclosure Vulnerability. 2022-01-11 not yet calculated CVE-2022-21904
MISC
microsoft — windows
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21916. 2022-01-11 not yet calculated CVE-2022-21897
MISC
microsoft — windows
 
Windows Kerberos Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21920
MISC
microsoft — windows
 
Storage Spaces Controller Information Disclosure Vulnerability. 2022-01-11 not yet calculated CVE-2022-21877
MISC
MISC
microsoft — windows
 
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889. 2022-01-11 not yet calculated CVE-2022-21890
MISC
microsoft — windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21922
MISC
microsoft — windows
 
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21919. 2022-01-11 not yet calculated CVE-2022-21895
MISC
MISC
microsoft — windows
 
Windows Defender Credential Guard Security Feature Bypass Vulnerability. 2022-01-11 not yet calculated CVE-2022-21921
MISC
microsoft — windows
 
Secure Boot Security Feature Bypass Vulnerability. 2022-01-11 not yet calculated CVE-2022-21894
MISC
microsoft — windows
 
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21902. 2022-01-11 not yet calculated CVE-2022-21896
MISC
microsoft — windows
 
Remote Desktop Protocol Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21893
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21892
MISC
microsoft — windows
 
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21890. 2022-01-11 not yet calculated CVE-2022-21889
MISC
microsoft — windows
 
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability. 2022-01-11 not yet calculated CVE-2022-21925
MISC
microsoft — windows
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21897. 2022-01-11 not yet calculated CVE-2022-21916
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21928
MISC
microsoft — windows
 
DirectX Graphics Kernel File Denial of Service Vulnerability. 2022-01-11 not yet calculated CVE-2022-21918
MISC
microsoft — windows
 
Windows Event Tracing Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21872
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21962
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21962, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21961
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962. 2022-01-11 not yet calculated CVE-2022-21963
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21960
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21959
MISC
microsoft — windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. 2022-01-11 not yet calculated CVE-2022-21958
MISC
microsoft — windows
 
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21900. 2022-01-11 not yet calculated CVE-2022-21905
MISC
microsoft — windows
 
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. 2022-01-11 not yet calculated CVE-2022-21964
MISC
microsoft — windows
 
Clipboard User Service Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21869
MISC
microsoft — windows
 
Win32k Information Disclosure Vulnerability. 2022-01-11 not yet calculated CVE-2022-21876
MISC
MISC
microsoft — windows
 
Windows Storage Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21875
MISC
microsoft — windows
 
Windows Security Center API Remote Code Execution Vulnerability. 2022-01-11 not yet calculated CVE-2022-21874
MISC
microsoft — windows
 
Tile Data Repository Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21873
MISC
microsoft — windows
 
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895. 2022-01-11 not yet calculated CVE-2022-21919
MISC
microsoft — windows
 
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21871
MISC
microsoft — windows
 
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21915. 2022-01-11 not yet calculated CVE-2022-21880
MISC
microsoft — windows
 
Windows Defender Application Control Security Feature Bypass Vulnerability. 2022-01-11 not yet calculated CVE-2022-21906
MISC
microsoft — windows
 
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882. 2022-01-11 not yet calculated CVE-2022-21887
MISC
microsoft — windows
 
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887. 2022-01-11 not yet calculated CVE-2022-21882
MISC
microsoft — windows
 
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21870
MISC
microsoft — windows
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879. 2022-01-11 not yet calculated CVE-2022-21881
MISC
microsoft — windows
 
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21884
MISC
microsoft — windows
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21881. 2022-01-11 not yet calculated CVE-2022-21879
MISC
microsoft — windows
 
Windows AppContracts API Server Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21860
MISC
microsoft — windows
 
Windows UI Immersive Server API Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21864
MISC
microsoft — windows
 
Connected Devices Platform Service Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21865
MISC
microsoft — windows
 
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21914. 2022-01-11 not yet calculated CVE-2022-21885
MISC
microsoft — windows
 
Windows System Launcher Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21866
MISC
microsoft — windows
 
Windows Hyper-V Elevation of Privilege Vulnerability. 2022-01-11 not yet calculated CVE-2022-21901
MISC
microsoft — workstation
 
Workstation Service Remote Protocol Security Feature Bypass Vulnerability. 2022-01-11 not yet calculated CVE-2022-21924
MISC
mirantis — container_runtime
 
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service. 2022-01-10 not yet calculated CVE-2021-23218
MISC
mitre — caldera
 
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users. 2022-01-12 not yet calculated CVE-2021-42562
MISC
MISC
mitre — caldera
 
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers. 2022-01-12 not yet calculated CVE-2021-42558
MISC
MISC
mitre — caldera
 
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python “os.system” function. This allows attackers to use shell metacharacters (e.g., backticks ““” or dollar parenthesis “$()” ) in order to escape the current command and execute arbitrary shell commands. 2022-01-12 not yet calculated CVE-2021-42561
MISC
MISC
mitre — caldera
 
An issue was discovered in CALDERA 2.8.1. It contains multiple startup “requirements” that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted. 2022-01-12 not yet calculated CVE-2021-42559
MISC
MISC
mitsubishi_electric — melsec_f_series_firmware
 
Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery. 2022-01-14 not yet calculated CVE-2021-20613
MISC
MISC
MISC
mitsubishi_electric — melsec_f_series_firmware
 
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery. 2022-01-14 not yet calculated CVE-2021-20612
MISC
MISC
MISC
modex — modex
 
Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache. 2022-01-14 not yet calculated CVE-2021-46169
MISC
modex — modex
 
Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c. 2022-01-14 not yet calculated CVE-2021-46171
MISC
mp4box-gpac — mp4box-gpac
 
A Null pointer dereference vulnerability exits in MP4Box – GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. 2022-01-10 not yet calculated CVE-2020-25427
MISC
MISC
mruby — mruby
 
An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash. 2022-01-14 not yet calculated CVE-2021-46020
MISC
my_cloud — os_5
 
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. 2022-01-13 not yet calculated CVE-2022-22990
MISC
my_cloud — os_5
 
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP. 2022-01-13 not yet calculated CVE-2022-22991
MISC
my_cloud — os_5
 
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues. 2022-01-13 not yet calculated CVE-2022-22989
MISC
mzautomation — lib60870
 
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash. 2022-01-14 not yet calculated CVE-2021-45773
MISC
mzautomation — libiec61870
 
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. 2022-01-14 not yet calculated CVE-2021-45769
MISC
nanoid — nanoid
 
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. 2022-01-14 not yet calculated CVE-2021-23566
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
netbiblio — webopac
 
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions. 2022-01-14 not yet calculated CVE-2021-42551
CONFIRM
netgear — r6260_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512. 2022-01-13 not yet calculated CVE-2021-34979
MISC
MISC
netgear — r6260_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511. 2022-01-13 not yet calculated CVE-2021-34978
MISC
MISC
netgear — r6260_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107. 2022-01-13 not yet calculated CVE-2021-34980
MISC
MISC
netgear — r7000_routers
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483. 2022-01-13 not yet calculated CVE-2021-34977
MISC
MISC
nocobd — nocobd
 
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn’t registered within the system. This allows attackers to enumerate the registered users’ email addresses. 2022-01-10 not yet calculated CVE-2022-22120
MISC
MISC
nocobd — nocobd
 
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. 2022-01-10 not yet calculated CVE-2022-22121
MISC
MISC
nuuo — nvrmini2
 
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. 2022-01-14 not yet calculated CVE-2022-23227
MISC
MISC
MISC
MISC
nvidia — nemo
 
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. 2022-01-10 not yet calculated CVE-2022-22821
MISC
october_cms — october_cms
 
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. 2022-01-14 not yet calculated CVE-2021-32650
CONFIRM
MISC
october_cms — october_cms
 
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with “create, modify and delete website pages” privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. 2022-01-14 not yet calculated CVE-2021-32649
CONFIRM
MISC
omron — cx-one
 
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. 2022-01-14 not yet calculated CVE-2022-21137
MISC
open_design_alliance — drawings_sdk
 
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. 2022-01-15 not yet calculated CVE-2022-23095
MISC
opensuse — opensuse
 
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. 2022-01-14 not yet calculated CVE-2021-36781
CONFIRM
orchardcore — orchardcore
 
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2022-01-12 not yet calculated CVE-2022-0159
CONFIRM
MISC
owncloud — owncloud
 
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection. 2022-01-15 not yet calculated CVE-2021-33828
MISC
MISC
owncloud — owncloud
 
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. 2022-01-15 not yet calculated CVE-2021-33827
MISC
MISC
owncloud — owncloud_client
 
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. 2022-01-15 not yet calculated CVE-2021-44537
MISC
panda_security — free_antivirus
 
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-14208. 2022-01-13 not yet calculated CVE-2021-34998
MISC
MISC
paritytech — frontier
 
Frontier is Substrate’s Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier’s MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549. 2022-01-14 not yet calculated CVE-2022-21685
CONFIRM
MISC
MISC
partkeeper — partkeeper
 
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the ‘file://’ URI scheme, allowing an authenticated user to read local files. 2022-01-10 not yet calculated CVE-2022-22701
MISC
MISC
partkeepr — partkeepr
 
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. 2022-01-10 not yet calculated CVE-2022-22702
MISC
MISC
peertube — peertube
 
peertube is vulnerable to Improper Access Control 2022-01-11 not yet calculated CVE-2022-0170
CONFIRM
MISC
pexip_infinity — pexip_infinity
 
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). 2022-01-15 not yet calculated CVE-2021-33498
MISC
pexip_infinity — pexip_infinity
 
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). 2022-01-15 not yet calculated CVE-2021-33499
MISC
pexip_infinity — pexip_infinity
 
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. 2022-01-15 not yet calculated CVE-2021-42555
CONFIRM
pexip_infinity — pexip_infinity
 
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. 2022-01-15 not yet calculated CVE-2021-35969
MISC
pexip_infinity — pexip_infinity
 
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. 2022-01-15 not yet calculated CVE-2021-32545
MISC
phoronix-test-suite — phoronix-test-suite
 
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) 2022-01-13 not yet calculated CVE-2022-0196
CONFIRM
MISC
phoronix-test-suite — phoronix-test-suite
 
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) 2022-01-13 not yet calculated CVE-2022-0197
CONFIRM
MISC
php_everywhere — php_everywhere
 
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (<= 2.0.2). 2022-01-13 not yet calculated CVE-2021-23227
CONFIRM
CONFIRM
pillow — pillow
 
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. 2022-01-10 not yet calculated CVE-2022-22817
MISC
pillow — pillow
 
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. 2022-01-10 not yet calculated CVE-2022-22816
MISC
MISC
pillow — pillow
 
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. 2022-01-10 not yet calculated CVE-2022-22815
MISC
MISC
publishpress_capabilities — publishpress_capabilities
 
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin’s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role. 2022-01-10 not yet calculated CVE-2021-25032
CONFIRM
MISC
puddingbot — puddingbot
 
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date. 2022-01-11 not yet calculated CVE-2022-21669
CONFIRM
pypa — pipenv
 
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv’s parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims’ systems. If an attacker is able to hide a malicious `–index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim’s host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability. 2022-01-10 not yet calculated CVE-2022-21668
MISC
CONFIRM
MISC
qnap — multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later 2022-01-14 not yet calculated CVE-2021-38691
CONFIRM
qnap — multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later 2022-01-14 not yet calculated CVE-2021-38692
CONFIRM
qnap — multiple_nas_devices
 
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later 2022-01-14 not yet calculated CVE-2021-38678
CONFIRM
qnap — multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later 2022-01-14 not yet calculated CVE-2021-38690
CONFIRM
qnap — multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later 2022-01-14 not yet calculated CVE-2021-38689
CONFIRM
qnap — multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later 2022-01-14 not yet calculated CVE-2021-38682
CONFIRM
qnap — qcalagent
 
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later 2022-01-14 not yet calculated CVE-2021-38677
CONFIRM
qualcomm — multiple_products Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-13 not yet calculated CVE-2021-30313
CONFIRM
qualcomm — multiple_products
 
Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-13 not yet calculated CVE-2021-30308
CONFIRM
qualcomm — multiple_products
 
Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-01-13 not yet calculated CVE-2021-30353
CONFIRM
qualcomm — multiple_products
 
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-01-13 not yet calculated CVE-2021-30314
CONFIRM
qualcomm — multiple_products
 
Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-01-13 not yet calculated CVE-2021-30319
CONFIRM
qualcomm — multiple_products
 
Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables 2022-01-13 not yet calculated CVE-2021-30330
CONFIRM
qualcomm — multiple_products
 
Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-13 not yet calculated CVE-2021-30311
CONFIRM
qxip_sipcature — homer
 
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers’ installations. 2022-01-10 not yet calculated CVE-2022-22845
MISC
MISC
MISC
MISC
radare2 — radare2
 
radare2 is vulnerable to Out-of-bounds Read 2022-01-11 not yet calculated CVE-2022-0173
CONFIRM
MISC
ray-ban — stories
 
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0. 2022-01-14 not yet calculated CVE-2021-24046
CONFIRM
repirse — license_manager
 
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process “count” parameter via GET. No authentication is required. 2022-01-13 not yet calculated CVE-2021-45422
MISC
MISC
MISC
replit — crosis
 
@replit/crosis is a JavaScript client that speaks Replit’s container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so any communication done to the previous URL could potentially reach a server that is outside of Replit’s control and the token used to connect to the Repl could be obtained by an attacker, leading to full compromise of that Repl (not of the account). This was patched in version 7.3.1 by updating the address of the fallback WebSocket polling proxy to the new one. As a workaround, a user may specify the new address for the polling host (`gp-v2.replit.com`) in the `ConnectArgs`. More information about this workaround is available in the GitHub Security Advisory. 2022-01-11 not yet calculated CVE-2022-21671
CONFIRM
MISC
ropium — ropium
 
ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function. 2022-01-14 not yet calculated CVE-2021-45761
MISC
samba — samba
 
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. 2022-01-11 not yet calculated CVE-2021-43566
MISC
MISC
MISC
samsung — android_applications
 
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. 2022-01-10 not yet calculated CVE-2022-22285
MISC
samsung — android_applications
 
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. 2022-01-10 not yet calculated CVE-2022-22286
MISC
samsung — email
 
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. 2022-01-10 not yet calculated CVE-2022-22287
MISC
samsung — galaxy
 
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. 2022-01-10 not yet calculated CVE-2022-22288
MISC
samsung — health
 
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. 2022-01-10 not yet calculated CVE-2022-22283
MISC
samsung — internet
 
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. 2022-01-14 not yet calculated CVE-2022-22290
MISC
samsung — internet
 
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication 2022-01-10 not yet calculated CVE-2022-22284
MISC
samsung — s_assistant
 
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. 2022-01-10 not yet calculated CVE-2022-22289
MISC
sap — business+_one
 
SAP Business One – version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. 2022-01-14 not yet calculated CVE-2021-44234
MISC
MISC
sap — enterprise_threat_detection
 
SAP Enterprise Threat Detection (ETD) – version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI. 2022-01-14 not yet calculated CVE-2022-22529
MISC
MISC
sap — f0743_create_single_payment
 
The F0743 Create Single Payment application of SAP S/4HANA – versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. 2022-01-14 not yet calculated CVE-2022-22530
MISC
MISC
sap — f0743_create_single_payment
 
The F0743 Create Single Payment application of SAP S/4HANA – versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. 2022-01-14 not yet calculated CVE-2022-22531
MISC
MISC
sap — netweaver
 
In SAP NetWeaver AS for ABAP and ABAP Platform – versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible. 2022-01-14 not yet calculated CVE-2021-42067
MISC
MISC
sensormatics_electronics — videoedge
 
Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. 2022-01-14 not yet calculated CVE-2021-36199
CERT
CONFIRM
shelljs — shelljs
 
shelljs is vulnerable to Improper Privilege Management 2022-01-11 not yet calculated CVE-2022-0144
CONFIRM
MISC
siemens — cp-8000_master_module
 
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. 2022-01-11 not yet calculated CVE-2021-45034
MISC
siemens — cp-8000_master_module
 
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. 2022-01-11 not yet calculated CVE-2021-45033
MISC
siemens — sicam_pq_analyzer
 
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (“backdoors”) or cause a denial of service. 2022-01-11 not yet calculated CVE-2021-45460
MISC
siemens — siprotec_5_multiple_devices
 
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. 2022-01-11 not yet calculated CVE-2021-41769
MISC
smarty-php — smarty
 
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. 2022-01-10 not yet calculated CVE-2021-21408
MISC
MISC
CONFIRM
MISC
smarty-php — smarty
 
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. 2022-01-10 not yet calculated CVE-2021-29454
MISC
CONFIRM
MISC
MISC
MISC
MISC
snipe-it — snipe-it
 
snipe-it is vulnerable to Improper Access Control 2022-01-13 not yet calculated CVE-2022-0178
CONFIRM
MISC
socket.io — engine.io
 
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version. 2022-01-12 not yet calculated CVE-2022-21676
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
sonicos — firmware
 
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. 2022-01-10 not yet calculated CVE-2021-20048
CONFIRM
sonicos — firmware
 
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. 2022-01-10 not yet calculated CVE-2021-20046
CONFIRM
sourcecodetester — printable_staff_id_card_creator_system
 
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution. 2022-01-12 not yet calculated CVE-2021-45411
MISC
MISC
sourceforge — salonerp
 
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using ‘sql’ parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. 2022-01-14 not yet calculated CVE-2021-45406
MISC
MISC
MISC
spin — spin
 
Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c. 2022-01-14 not yet calculated CVE-2021-46168
MISC
strukturag — libde265
 
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. 2022-01-10 not yet calculated CVE-2021-36410
MISC
strukturag — libde265
 
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. 2022-01-10 not yet calculated CVE-2021-36411
MISC
strukturag — libde265
 
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. 2022-01-10 not yet calculated CVE-2021-35452
MISC
strukturag — libde265
 
There is an Assertion `scaling_list_pred_matrix_id_delta==1′ failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. 2022-01-10 not yet calculated CVE-2021-36409
MISC
strukturag — libde265
 
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. 2022-01-10 not yet calculated CVE-2021-36408
MISC
suitecrm — suitecrm
 
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. 2022-01-12 not yet calculated CVE-2021-41597
MISC
MISC
MISC
MISC
MISC
sysaid — itil
 
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. 2022-01-11 not yet calculated CVE-2021-43971
MISC
MISC
MISC
sysaid — itil
 
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body. 2022-01-11 not yet calculated CVE-2021-43972
MISC
MISC
MISC
sysaid — itil
 
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file. 2022-01-11 not yet calculated CVE-2021-43973
MISC
MISC
MISC
sysaid — itil
 
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication. 2022-01-11 not yet calculated CVE-2021-43974
MISC
MISC
MISC
teamviewer — teamviewer
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13606. 2022-01-13 not yet calculated CVE-2021-34858
MISC
MISC
tenable.sc — tenable.sc
 
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. 2022-01-14 not yet calculated CVE-2022-0130
MISC
tibco_software_inc — multiple products
 
The Data Virtualization Server component of TIBCO Software Inc.’s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user’s permissions on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below. 2022-01-12 not yet calculated CVE-2021-35500
CONFIRM
CONFIRM
tibco_software_inc — multiple_products
 
The eFTL Server component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.7.2 and below, TIBCO eFTL – Developer Edition: versions 6.7.2 and below, and TIBCO eFTL – Enterprise Edition: versions 6.7.2 and below. 2022-01-11 not yet calculated CVE-2021-43055
CONFIRM
CONFIRM
tibco_software_inc — multiple_products
 
The Realm Server component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.7.2 and below, TIBCO FTL – Developer Edition: versions 6.7.2 and below, and TIBCO FTL – Enterprise Edition: versions 6.7.2 and below. 2022-01-11 not yet calculated CVE-2021-43052
CONFIRM
CONFIRM
tibco_software_inc — multiple_products
 
The Realm Server component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.7.2 and below, TIBCO FTL – Developer Edition: versions 6.7.2 and below, and TIBCO FTL – Enterprise Edition: versions 6.7.2 and below. 2022-01-11 not yet calculated CVE-2021-43053
CONFIRM
CONFIRM
tibco_software_inc — multiple_products
 
The eFTL Server component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.7.2 and below, TIBCO eFTL – Developer Edition: versions 6.7.2 and below, and TIBCO eFTL – Enterprise Edition: versions 6.7.2 and below. 2022-01-11 not yet calculated CVE-2021-43054
CONFIRM
CONFIRM
trusted_firmware — trusted_firmware
 
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner. 2022-01-13 not yet calculated CVE-2021-40327
MISC
MISC
CONFIRM
ubiquiti — unifi_network
 
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. 2022-01-14 not yet calculated CVE-2021-44530
MISC
unisys — clearpath_mcp_tcp-icp_networking_services
 
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. 2022-01-12 not yet calculated CVE-2021-45445
MISC
MISC
useful_simple_open-source_cms — useful_simple_open-source_cms
 
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. 2022-01-10 not yet calculated CVE-2022-21666
MISC
MISC
CONFIRM
vim — vim
 
vim is vulnerable to Heap-based Buffer Overflow 2022-01-14 not yet calculated CVE-2022-0213
CONFIRM
MISC
MLIST
wecon — levistudiou
 
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. 2022-01-14 not yet calculated CVE-2021-23138
MISC
wecon — levistudiou
 
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. 2022-01-14 not yet calculated CVE-2021-23157
MISC
weseek — growi
 
growi is vulnerable to Authorization Bypass Through User-Controlled Key 2022-01-12 not yet calculated CVE-2021-3852
CONFIRM
MISC
z-wave — multiple_devices
 
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. 2022-01-10 not yet calculated CVE-2020-10137
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave — multiple_devices
 
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. 2022-01-10 not yet calculated CVE-2020-9061
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave — multiple_devices
 
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. 2022-01-10 not yet calculated CVE-2020-9059
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave — multiple_devices
 
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages. 2022-01-10 not yet calculated CVE-2020-9060
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave — multiple_devices
 
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. 2022-01-10 not yet calculated CVE-2020-9057
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave — multiple_devices
 
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. 2022-01-10 not yet calculated CVE-2020-9058
MISC
CERT-VN
MISC
MISC
CERT-VN
zabbix — zabbix
 
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). 2022-01-13 not yet calculated CVE-2022-23131
MISC
zabbix — zabbix
 
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level 2022-01-13 not yet calculated CVE-2022-23132
MISC
zabbix — zabbix
 
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. 2022-01-13 not yet calculated CVE-2022-23133
MISC
zabbix — zabbix
 
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. 2022-01-13 not yet calculated CVE-2022-23134
MISC
zoho — manageengine_0365_manager_plus
 
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. 2022-01-12 not yet calculated CVE-2021-44652
MISC
zoho — manageengine_applications_manager
 
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. 2022-01-10 not yet calculated CVE-2020-28679
MISC
zoho — manageengine_cloudsecurityplus
 
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. 2022-01-12 not yet calculated CVE-2021-44651
MISC
zoho — mangeengine_m365_manager_plus
 
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. 2022-01-12 not yet calculated CVE-2021-44650
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.